DEFCON 16: Advanced Physical Attacks: Going Beyond Social Engineering and Dumpster Diving

Christiaan008
Christiaan008
72,303
0
Published 2011-01-21
Speaker: Eric SchmiedlSecurity Researcher

Your stack is smash-proof. Your dumpster is fully alarmed. And your firewall is so secure that it has former Soviet officials green with envy. So why are the developers finding their undocumented features in competitors' products, or company executives on a constant hunt for leaks and traitors? There's a whole lot more to doing an end-run around network security than calling up and pretending to be the help desk or hoping someone chucks a service manual in the trash Professional attackers with specific targets have a whole rash of techniques -- from using targeted employees to hiding microphones -- adopted from the world of espionage, and this talk is all about how they do what they do.

For more information visit: bit.ly/defcon16_information
To download the video visit: bit.ly/defcon16_videos
All Comments (21)
  • @CazialsChannel
    I fell asleep on lock picking lawyer and woke up on this
  • @yaroslavtkl5513
    That's so god damn interesting! Thanks a lot to Eric Schmiedl. Recently, I've begun to notice that every person who uses computer and Internet starts to be more cybersecurity erudite comparing how it was in the past. All this obvious security measures that people use now, back in the past were condiered irrational.
  • @jack91x
    Quite a few. But that's part of the defcon experience- red team/blue team and everything between sharing their knowledge. He's not sharing anything that a professional (like a fed) wouldn't already be fully aware of. It's great for bringing in new crowds, intriguing the next generation.
  • @anqied
    What is this "RadioShack" you speak of?
  • @jamesmccallum1248
    Interesting. I was hanging out with a bunch of 'people of interest' a while back and was approached at work with a job offer by a person who stood out like a sore thumb. They offered me a traineeship in a foreign country, with certain activities related to my job (hospitality) and asked if I'd like to meet for a chat, to which I said yes, realising that all may not be as it seemed. And probably wasn't. We spent six hours chatting. The original offer changed thoroughly. I was taken to a second location; a very expensive apartment. I was asked all sorts of questions. A third party appeared. I was then told, via email, that my services would not be required, and no correspondence would be entered into. Interestingly, the person who approached me used their own name, and can be found online - the property they spoke about in another country can also be found. What's interesting is that that property, which they told me I would be living at for no less than three months, was adjacent to a well-kept-secret base, of sorts, which appeared just after WW2, and has been written about in fiction and non fiction, some of them very, VERY, well known. So, were they waiting for me to call them on their front? Or, did they decide I was not easily enough swayed? That I was too savvy to be used as a 'spy'. I'll probably never know. But I wish I could find out. The 'approacher's' initials - MV.
  • @GardenBoat
    I would love to hear a presentation on how to get into that white collar resort prison and the types of crimes that land you there/how to navigate your situation to present in a way that would put you there and not the pound me in the ass prison
  • it gets quieter as the vid goes on!
  • @chriskaprys
    wish i had a bug in his microphone ... so i could A) hear what he's saying; B) open the speech in an audio editor and slow it down to a setting more intelligible than Mumbled Mountain Dew Monologue. good/cool info, but i suspect the book was better.
  • @landonpowell6296
    Terrible audio and broken links? Yep, that's a defcon talk alright.
  • @blossemdegroat2575
    This is so dirty . Not only was I infiltrated but he robbed me and my kids on the way out
  • @Patricia-mn6ii
    lots of trolls on this site so guessing this is worth watching...otherwise there wouldn't be so many negative comments in a team format...
  • @indigoanon5483
    Maybe my brain works differently than others but this just seems like common sense, either way good talk thanks uploader for the video
  • @thevancouverguy
    Wish I was in the audience. Since I was there and all. I went to Vegas just for Blackhat and DEFCON that year only to spend most of the time in my nice hotel room (not at the Rviera, god no, The Signature). It was over 100 degrees and I am not a morning/day person so I ended up skipping out of Blackhat entirely and only went to a portion of DEFCON. It would be supercool if they had these things all scheduled in the evening/night. Then I would be alert and awake, and all over it. Instead, I have to force myself to get up for conferences, and to goto bed super earlier just that I can.
  • @grega7989
    Basically a watered down recitation of 'The Art of Exploitation'. Speaker prob has 0 experience with any of this beyond academic research.
  • @jayweber8333
    i didn't read any other opinions on this video. this has got to be the absolute worst defcon talk. none of it was current, relevant, or remotely useful, even in 2011. it added no value to any technical or social aspect of security, and it was a complete waste of my time.