Conferences: February 2007 Archives

Tap, Tap, Tap...we are waiting on the go ahead to release our presentation from RSA and in the course of it looking at some interesting China-based "mysteryware". Until then...

There is something about this picture that yells "viral". It has popped up in my own inbox more than once and I had to explain I was with said Paperghost while he was wearing the shirt. Actually I had to ask him to stand politely three meters to the left or right (his choice) at all times in case I was taken out by any stray fire. Actually the folks at Homeland Security had a good laugh...good sports...unless you are in a long line.


Because if you spin him him around it says "I Am Not A". I think they actually had him pose for a couple more.


Yes there is video of this one where I am talking in a rather animated fashion with someone from an "adware" company...this particular company sent me an e-mail touting their FTC Certification. I don't know about you, but I didn't know the FTC was in the business of making such certifications...must be a new division? I will find out.

RSA 2007: Botnet Live

| | Comments (0)

The dust has settled from RSA 2007, and it was standing room only as Wayne Porter and I explored the methods of shutting down Botnets by dealing with details outside of the Botnet itself - in other words, tackling the human angle as opposed server details to have a bigger impact on the bad guys.

Crowd at Botnet Live with Wayne Porter and Chris Boyd at RSA
Click to Enlarge

I believe the total audience was around four hundred people - thanks to all that came along, and also many thanks to the FaceTime research team who do an awful lot of work behind the scenes.

We provided a brief overview of the current Botnet hunting landscape, some top tips for getting stuff shut down when it's located in some far flung corner overseas and (most importantly), two case studies that illustrate the ways in which we use social media and storytelling to further the reach of our security tales, and spread the word on anything bad that happens to be going down at the time.

Wayne Porter handles this heavy quote- where you probably can't get a tee-shirt.
Click to Enlarge

Featured heavily were the Carder Botnet, and the Q8 Army Botnet.

In both cases, the Botnet itself was only the skeleton upon which we built an intricate weave of research and storytelling. We used all the borderline elements around the outskirts of each Botnet to build up an (almost) complete picture of the people behind it, and get something done about it. We also explored the idea that without even knowing it, one investigation can cause quite the fallout in completely unrelated areas and take down whole groups of people quite unintentionally.

There was a whole bunch of material here that wasn't published first time round - there were numerous reasons for this, but going into them would probably mean some guy would try and kill me with cheeswire, and it'd all go a bit Jason Bourne on you.

Of particular note was the custom built Q8 Army mIRC Tool. It had all sorts of crazy options built into it, and by and large they all did vaguely nasty things. We were also able to (finally) show many of the Q8 Army sites that we came across during the course of the original investigation. Many of these sites popped up on (or around) September 11th, 2001 - and yes, you can probably guess the kind of things they contained.

Dangerous botnet tools
Click to Enlarge

In addition, we tracked these guys back to 2001 (or thereabouts), where they were apparently stealing credit card information to purchase things like satellite equipment, radio / telecommunications gear and second hand PCs. What they intended to do with all that stuff, we can only speculate - but the implications are pretty disturbing, aren't they?

Once again, thanks to everyone who turned up, those who threw in some questions at the end and anyone who came up and said hello.

Wayne Porter and Chris Boyd aka Paperghost
Click to Enlarge

We had a blast and hopefully we'll be let loose on you all over again.

For further coverage, check out EWeek - Botnet Stalkers Share takedown Tactics, Affiliate Fair Play, RealTechNews and MCWResearch. From Finland and more to come.

With only hours to go until our presentation on all things Botnet, we present a small collection of images from our time in and around the conference area...
Click Image to Enlarge

....well, it's traditional to grab a snap of the entrance or something, right? Only problem is, I think this might actually be the back door. What can I say, my map was upside-down...
Click Image to Enlarge

One vendor had an artist fully decked out in Renaissance clothing, and he was pretty good with a pencil too. I know these things, I have an Art degree.
Click Image to Enlarge

This is Bong Su, location for a FaceTime sponsored event handily located right by the Conference building....
Click Image to Enlarge

......and the carnage within!

About this Archive

This page is a archive of entries in the Conferences category from February 2007.

Conferences: April 2007 is the next archive.

Find recent content on the main index or look in the archives to find all content.