0 00:00:00,000 --> 00:00:30,000 Dear viewer, these subtitles were generated by a machine via the service Trint and therefore are (very) buggy. If you are capable, please help us to create good quality subtitles: https://c3subtitles.de/talk/206 Thanks! 1 00:00:09,930 --> 00:00:12,689 Our next speakers, Eric, here. 2 00:00:12,690 --> 00:00:14,969 He founded Tool U.S., started 3 00:00:14,970 --> 00:00:17,159 many hackerspaces and worked 4 00:00:17,160 --> 00:00:18,989 in the U.S. Department of Energy, 5 00:00:18,990 --> 00:00:21,209 developing attacks and defenses 6 00:00:21,210 --> 00:00:23,429 for tamper evident seals. 7 00:00:23,430 --> 00:00:25,499 Now he runs a physical 8 00:00:25,500 --> 00:00:27,929 security company called Rift Recon. 9 00:00:28,980 --> 00:00:31,139 Ryan has launched the data 10 00:00:31,140 --> 00:00:33,239 Haven Haven Co 11 00:00:33,240 --> 00:00:35,309 built satellite wireless networks in 12 00:00:35,310 --> 00:00:37,439 Iraq and Afghanistan, 13 00:00:37,440 --> 00:00:39,569 and now he runs a trusted computing 14 00:00:39,570 --> 00:00:41,129 company, Crypto SEAL. 15 00:00:41,130 --> 00:00:43,589 Together, they've been developing novel 16 00:00:43,590 --> 00:00:46,349 seal and cryptographic technologies 17 00:00:46,350 --> 00:00:48,629 to thwart physical attacks on 18 00:00:48,630 --> 00:00:50,759 computing devices such as 19 00:00:50,760 --> 00:00:52,919 What You'd Find from an Evil 20 00:00:52,920 --> 00:00:54,269 Made. 21 00:00:54,270 --> 00:00:56,639 So I turn it over to you guys. 22 00:00:56,640 --> 00:00:57,640 Awesome. 23 00:01:02,800 --> 00:01:03,929 Oh, cool. 24 00:01:03,930 --> 00:01:04,958 Oh, it's on. 25 00:01:04,959 --> 00:01:06,309 Thank you very much. Thank you. 26 00:01:06,310 --> 00:01:07,359 Thank you. Christine Christie. 27 00:01:07,360 --> 00:01:08,949 Also, I look forward to when you pass the 28 00:01:08,950 --> 00:01:11,029 bar. We're real friends, so and when you 29 00:01:11,030 --> 00:01:12,040 do first drinks on me. 30 00:01:13,450 --> 00:01:15,069 All right. So let's get started. 31 00:01:15,070 --> 00:01:17,979 So this is thwarting evil made attacks 32 00:01:17,980 --> 00:01:19,449 physically in clinical functions for 33 00:01:19,450 --> 00:01:20,679 hardware tamper detection. 34 00:01:20,680 --> 00:01:22,509 My name's Eric Michaud and this is Ryan 35 00:01:22,510 --> 00:01:23,829 Lackey case hair. 36 00:01:23,830 --> 00:01:25,329 No hair. You can separate a strain of 37 00:01:25,330 --> 00:01:26,949 talked easy. 38 00:01:26,950 --> 00:01:30,039 Anyway, so let's get started. 39 00:01:30,040 --> 00:01:32,229 So what are we going over 40 00:01:32,230 --> 00:01:34,449 today? First off, what are evil made 41 00:01:34,450 --> 00:01:35,529 attacks? 42 00:01:35,530 --> 00:01:37,599 And then we're going to go over who is 43 00:01:37,600 --> 00:01:39,729 at risk. It turns out everyone 44 00:01:39,730 --> 00:01:41,379 in this room is probably at risk at some 45 00:01:41,380 --> 00:01:42,309 point. 46 00:01:42,310 --> 00:01:44,709 More so than they were a few years ago. 47 00:01:44,710 --> 00:01:45,609 How is it done? 48 00:01:45,610 --> 00:01:47,469 What are the methods of attack that are 49 00:01:47,470 --> 00:01:49,449 common and more esoteric? 50 00:01:49,450 --> 00:01:51,639 And then how can we be safer and 51 00:01:51,640 --> 00:01:53,289 more useful technologies are coming out 52 00:01:53,290 --> 00:01:54,520 that you can implement yourself? 53 00:01:55,560 --> 00:01:57,749 So, all right, 54 00:01:57,750 --> 00:01:59,999 so now here's a little 55 00:02:00,000 --> 00:02:02,099 bit of here's my CV, just a little bit of 56 00:02:02,100 --> 00:02:03,209 it. 57 00:02:03,210 --> 00:02:04,979 I was the co-founder of Tool Use. 58 00:02:04,980 --> 00:02:06,419 Some of you may know some you might not 59 00:02:06,420 --> 00:02:07,409 know. 60 00:02:07,410 --> 00:02:10,529 I started to use 2004 61 00:02:10,530 --> 00:02:12,569 and I co-founded a few hackerspaces and 62 00:02:12,570 --> 00:02:14,639 riffed. I'm really I mean, like, 63 00:02:14,640 --> 00:02:15,959 I don't really have any engineering 64 00:02:15,960 --> 00:02:17,789 degrees, but I am a self-taught engineer, 65 00:02:17,790 --> 00:02:19,979 a machinist hacker and now now an actual 66 00:02:19,980 --> 00:02:21,659 CEO. I have staff I have to look after 67 00:02:21,660 --> 00:02:23,519 and have great responsibilities. 68 00:02:23,520 --> 00:02:24,779 I've always been a breaker of physical 69 00:02:24,780 --> 00:02:26,489 systems. I love breaking things. 70 00:02:26,490 --> 00:02:28,739 I've figured out tax from multi 71 00:02:28,740 --> 00:02:29,939 locks. Some of you might be aware 72 00:02:29,940 --> 00:02:33,419 médicaux and will serve alarm sensors 73 00:02:33,420 --> 00:02:35,189 and many other high security systems, 74 00:02:35,190 --> 00:02:36,209 including voting machines. 75 00:02:36,210 --> 00:02:37,799 While I was at Argonne National Lab, we 76 00:02:37,800 --> 00:02:39,509 did the verification of the voting 77 00:02:39,510 --> 00:02:41,369 machine hacks from Princeton University, 78 00:02:41,370 --> 00:02:42,869 and we invented a lot of new stuff there 79 00:02:42,870 --> 00:02:44,999 too. And also now I'm 80 00:02:45,000 --> 00:02:47,099 currently through a partnership of Rift 81 00:02:47,100 --> 00:02:48,539 in Exploit Hub. 82 00:02:48,540 --> 00:02:50,849 Some of you don't know that, as I say, 83 00:02:50,850 --> 00:02:53,009 soft are nano design 84 00:02:53,010 --> 00:02:54,389 we built. We're building their whole 85 00:02:54,390 --> 00:02:55,529 hardware directory. 86 00:02:55,530 --> 00:02:56,639 So check it out. 87 00:02:57,650 --> 00:02:59,189 Well, I'm Ryan Lackey. 88 00:02:59,190 --> 00:03:00,419 I started Haven Co. 89 00:03:00,420 --> 00:03:01,919 with a couple other people back in around 90 00:03:01,920 --> 00:03:04,079 2000, the world's first offshore data 91 00:03:04,080 --> 00:03:05,879 haven in the North Sea nearby. 92 00:03:05,880 --> 00:03:07,559 I worked on anonymous electronic cash 93 00:03:07,560 --> 00:03:10,319 payment systems using blinded protocols. 94 00:03:10,320 --> 00:03:12,089 I'm a security consultant and payment 95 00:03:12,090 --> 00:03:14,339 technology and cryptographic hardware. 96 00:03:14,340 --> 00:03:16,499 And I founded a satellite and wireless 97 00:03:16,500 --> 00:03:18,149 networking company in Iraq and 98 00:03:18,150 --> 00:03:19,529 Afghanistan. So a pretty high threat 99 00:03:19,530 --> 00:03:21,779 environment back during the the 100 00:03:21,780 --> 00:03:24,239 conflict. And I also operated 101 00:03:24,240 --> 00:03:26,579 U.S. military medical imaging systems 102 00:03:26,580 --> 00:03:28,229 in Iraq, Afghanistan and Kuwait. 103 00:03:28,230 --> 00:03:30,059 And now I'm one of the co-founders of 104 00:03:30,060 --> 00:03:31,859 crypto. We do trusted computing 105 00:03:31,860 --> 00:03:33,509 technology development, and we actually 106 00:03:33,510 --> 00:03:35,579 ran a VPN provider for 107 00:03:35,580 --> 00:03:37,649 a while. It was a consumer VPN we were 108 00:03:37,650 --> 00:03:39,059 just using as a sort of a demo of some of 109 00:03:39,060 --> 00:03:41,009 our technology. And when this whole 110 00:03:41,010 --> 00:03:42,779 Lavabit fiasco happened, where they were 111 00:03:42,780 --> 00:03:44,669 compelled to disclose their keys, we 112 00:03:44,670 --> 00:03:46,349 preemptively shut it down because our 113 00:03:46,350 --> 00:03:47,849 current system wasn't resistant against 114 00:03:47,850 --> 00:03:49,469 it. But we're working on a system that 115 00:03:49,470 --> 00:03:50,999 actually will. So hopefully next year 116 00:03:51,000 --> 00:03:52,169 we'll have something great on that 117 00:03:52,170 --> 00:03:53,159 regard. 118 00:03:53,160 --> 00:03:54,629 So stick around. 119 00:03:54,630 --> 00:03:56,819 So what is an evil made attack 120 00:03:56,820 --> 00:03:58,979 and evil made attack is a attack 121 00:03:58,980 --> 00:04:01,499 performed by a trusted entity, 122 00:04:01,500 --> 00:04:03,899 specifically in the hotel industry. 123 00:04:03,900 --> 00:04:06,299 If you are, you suspect that the media 124 00:04:06,300 --> 00:04:07,979 comes to clean your room is someone who's 125 00:04:07,980 --> 00:04:10,679 benign, but in fact, often the used by 126 00:04:10,680 --> 00:04:12,389 nation states, intelligence agencies or 127 00:04:12,390 --> 00:04:14,189 corporations. In many cases where it's 128 00:04:14,190 --> 00:04:16,679 really their staff and they come in to 129 00:04:16,680 --> 00:04:19,259 really clean up, so to speak, 130 00:04:19,260 --> 00:04:21,208 the American idioms aside. 131 00:04:21,209 --> 00:04:23,519 But, you know, bug your laptops, steal 132 00:04:23,520 --> 00:04:25,379 intellectual property or any number of 133 00:04:25,380 --> 00:04:26,969 different, different things. 134 00:04:26,970 --> 00:04:29,039 And I would say these really came to 135 00:04:29,040 --> 00:04:31,379 Mass Knowledge and 136 00:04:31,380 --> 00:04:33,239 Security Committee back in 2009, when 137 00:04:33,240 --> 00:04:35,489 Johanna Rakowski from Invisible Things 138 00:04:35,490 --> 00:04:37,829 Lab published a paper about 139 00:04:37,830 --> 00:04:39,899 attacking TrueCrypt using invisible made 140 00:04:39,900 --> 00:04:42,449 attacks. And that sort of shows. 141 00:04:42,450 --> 00:04:43,889 One of the interesting things about these 142 00:04:43,890 --> 00:04:44,879 attacks is they have some unique 143 00:04:44,880 --> 00:04:46,649 characteristics their way to get 144 00:04:46,650 --> 00:04:48,359 persistent access and pivot to other 145 00:04:48,360 --> 00:04:50,429 systems, and they bypass a lot of 146 00:04:50,430 --> 00:04:51,659 conventional defenses. 147 00:04:51,660 --> 00:04:52,769 A lot of the things that you've already 148 00:04:52,770 --> 00:04:54,899 built for security make certain 149 00:04:54,900 --> 00:04:56,579 assumptions about the integrity of your 150 00:04:56,580 --> 00:04:58,319 physical hardware, and they just sort of 151 00:04:58,320 --> 00:04:59,999 like hand wave away, say, if somebody 152 00:05:00,000 --> 00:05:02,009 gets access to your physical hardware, 153 00:05:02,010 --> 00:05:03,089 all bets are off. 154 00:05:03,090 --> 00:05:04,709 But the problem is people get access to 155 00:05:04,710 --> 00:05:05,609 your hardware all the time. 156 00:05:05,610 --> 00:05:07,679 So it's really not very helpful to say if 157 00:05:07,680 --> 00:05:08,759 they get access to your physical 158 00:05:08,760 --> 00:05:10,139 security, we're not going to help you. 159 00:05:10,140 --> 00:05:12,029 So we had to come up with some stuff and 160 00:05:12,030 --> 00:05:13,559 security communities to cover things that 161 00:05:13,560 --> 00:05:14,609 will work in that environment. 162 00:05:15,910 --> 00:05:17,289 So who's at risk? 163 00:05:17,290 --> 00:05:19,389 Originally it was, you know, government 164 00:05:19,390 --> 00:05:21,609 entities, intelligence, 165 00:05:21,610 --> 00:05:24,039 community or major criminals. 166 00:05:24,040 --> 00:05:25,629 But nowadays, as travelers with business 167 00:05:25,630 --> 00:05:26,919 science and engineering intellectual 168 00:05:26,920 --> 00:05:28,509 property, how many of you how many of you 169 00:05:28,510 --> 00:05:29,739 in the room? 170 00:05:29,740 --> 00:05:30,969 I mean, some of you are young, so you 171 00:05:30,970 --> 00:05:32,679 might not be working at a large company 172 00:05:32,680 --> 00:05:34,479 or even not know that you want to. 173 00:05:34,480 --> 00:05:35,919 But working in an area where you're 174 00:05:35,920 --> 00:05:37,449 developing something that's unique, 175 00:05:37,450 --> 00:05:39,789 that's valuable. Raise your hand. 176 00:05:39,790 --> 00:05:42,069 Whether it's source code, you know, I 177 00:05:42,070 --> 00:05:43,909 knew actually pretty much all our hands 178 00:05:43,910 --> 00:05:45,039 up, I have to explain any further. 179 00:05:45,040 --> 00:05:46,839 So it doesn't even need to be a company. 180 00:05:46,840 --> 00:05:48,129 It could be your academic research. 181 00:05:48,130 --> 00:05:49,179 So people that are Ph.D. 182 00:05:49,180 --> 00:05:51,039 students or are working on anything or 183 00:05:51,040 --> 00:05:52,389 even a personal project if somebody wants 184 00:05:52,390 --> 00:05:53,390 access to you. 185 00:05:54,670 --> 00:05:55,749 You don't have to tell us. But how many 186 00:05:55,750 --> 00:05:57,249 of you are activists? 187 00:05:57,250 --> 00:05:59,109 Raise your hand. Some of you OK. 188 00:05:59,110 --> 00:06:01,599 This is stunningly relevant for you. 189 00:06:01,600 --> 00:06:03,160 How many of you play poker? 190 00:06:04,590 --> 00:06:06,249 I know some I've seen PokerStars bags 191 00:06:06,250 --> 00:06:09,189 going around, but but are online gamers 192 00:06:09,190 --> 00:06:10,929 in some way or deal with cash or some 193 00:06:10,930 --> 00:06:13,359 other value? Exchange cool and 194 00:06:13,360 --> 00:06:15,579 journalists, some journalists in here? 195 00:06:15,580 --> 00:06:17,949 Yeah, see a few hands and people 196 00:06:17,950 --> 00:06:20,079 who have lived or are living or 197 00:06:20,080 --> 00:06:21,429 have family members who live in war 198 00:06:21,430 --> 00:06:22,269 zones. 199 00:06:22,270 --> 00:06:23,729 So I mean, I see a few hands go up. 200 00:06:23,730 --> 00:06:25,959 OK, yeah, that you guys are actually at 201 00:06:25,960 --> 00:06:28,059 risk. It's no longer the people, the top 202 00:06:28,060 --> 00:06:29,469 of the food chain. 203 00:06:29,470 --> 00:06:31,539 So what changed? 204 00:06:31,540 --> 00:06:34,239 Yeah. So really, what's happened is 205 00:06:34,240 --> 00:06:35,949 it's a few things the government sort of 206 00:06:35,950 --> 00:06:36,969 has changed its focus. 207 00:06:36,970 --> 00:06:38,589 It used to be that intelligence agencies, 208 00:06:38,590 --> 00:06:40,509 primary adversaries were other major 209 00:06:40,510 --> 00:06:42,219 state intelligence agencies. 210 00:06:42,220 --> 00:06:44,259 Now, most of the big intel intelligence 211 00:06:44,260 --> 00:06:46,329 agencies are focused on small groups, 212 00:06:46,330 --> 00:06:48,729 terrorists, nones, non-state 213 00:06:48,730 --> 00:06:50,649 actors. So they've developed a lot of 214 00:06:50,650 --> 00:06:52,209 technology that sort of targeted on that 215 00:06:52,210 --> 00:06:53,290 kind of smaller threat. 216 00:06:54,580 --> 00:06:56,499 People travel in internationally a whole 217 00:06:56,500 --> 00:06:57,859 lot more. It's really cheap. 218 00:06:57,860 --> 00:06:59,379 It used to be expensive and difficult, 219 00:06:59,380 --> 00:07:01,179 but we flew here from the US for this 220 00:07:01,180 --> 00:07:02,769 conference. A lot of people fly across 221 00:07:02,770 --> 00:07:05,019 international borders all the time, and 222 00:07:05,020 --> 00:07:06,279 it's pretty frequent. 223 00:07:06,280 --> 00:07:07,899 They also carry a lot of vulnerable stuff 224 00:07:07,900 --> 00:07:09,219 with them. It used to be you travel with 225 00:07:09,220 --> 00:07:11,559 maybe a physical notebook and a pen 226 00:07:11,560 --> 00:07:12,759 and maybe a film camera. 227 00:07:12,760 --> 00:07:15,159 And now you travel with laptop, 228 00:07:15,160 --> 00:07:17,679 cell phone, tablet, e-reader, camera, 229 00:07:18,730 --> 00:07:21,039 fitness tracking, device, flash drive, 230 00:07:21,040 --> 00:07:22,659 all sorts of stuff and just in one bag. 231 00:07:22,660 --> 00:07:24,459 So people carry a lot of stuff around 232 00:07:24,460 --> 00:07:24,789 with them 233 00:07:24,790 --> 00:07:26,529 and items that actually carry a lot more 234 00:07:26,530 --> 00:07:28,959 information than just a notebook. 235 00:07:28,960 --> 00:07:30,459 So it's a lot easier for you to. 236 00:07:30,460 --> 00:07:30,879 Yeah. 237 00:07:30,880 --> 00:07:32,559 In addition to the nation state threat, 238 00:07:32,560 --> 00:07:33,819 there's a lot of ways that commercial 239 00:07:33,820 --> 00:07:35,709 entities can now make a lot of money by 240 00:07:35,710 --> 00:07:37,449 compromising accounts in the news. 241 00:07:37,450 --> 00:07:38,719 There's been there. 242 00:07:38,720 --> 00:07:40,179 There've been a bunch of big attacks on 243 00:07:40,180 --> 00:07:42,429 major retailers where huge numbers 244 00:07:42,430 --> 00:07:43,839 of credit cards are compromised, all 245 00:07:43,840 --> 00:07:45,489 sorts of compromised. So it's very 246 00:07:45,490 --> 00:07:47,469 profitable now to have a commercial or 247 00:07:47,470 --> 00:07:48,789 criminal organization attack. 248 00:07:48,790 --> 00:07:50,259 Also, if you get first to market when a 249 00:07:50,260 --> 00:07:51,789 new technology is about to come out and 250 00:07:51,790 --> 00:07:53,559 you're beaten to it, you get first mover 251 00:07:53,560 --> 00:07:55,749 advantage. So the thing is, it's 252 00:07:55,750 --> 00:07:57,399 it's it really pays to not pay for 253 00:07:57,400 --> 00:07:58,459 research, it turns out. 254 00:07:58,460 --> 00:07:58,899 Yeah. 255 00:07:58,900 --> 00:07:59,949 So it's a pretty scary world. 256 00:07:59,950 --> 00:08:00,950 Yeah. 257 00:08:01,420 --> 00:08:02,709 So to illustrate this, we've come up with 258 00:08:02,710 --> 00:08:04,899 some scenarios on exactly 259 00:08:04,900 --> 00:08:06,999 how users can be 260 00:08:07,000 --> 00:08:08,829 attacked while they're in in various 261 00:08:08,830 --> 00:08:09,849 environments. 262 00:08:09,850 --> 00:08:11,289 So we've got business travelers that are 263 00:08:11,290 --> 00:08:12,339 doing international travel. 264 00:08:12,340 --> 00:08:13,839 We've got activist organizations, the 265 00:08:13,840 --> 00:08:16,239 gaming user, journalists 266 00:08:16,240 --> 00:08:18,159 and people that live in war zones. 267 00:08:18,160 --> 00:08:19,989 And we'll go through those and describe 268 00:08:19,990 --> 00:08:21,519 some security threats. 269 00:08:21,520 --> 00:08:23,049 They face some counter conventional 270 00:08:23,050 --> 00:08:24,699 countermeasures they have and how those 271 00:08:24,700 --> 00:08:25,959 countermeasures are defeated through 272 00:08:25,960 --> 00:08:26,960 physical attacks. 273 00:08:28,670 --> 00:08:30,469 So first up is the international business 274 00:08:30,470 --> 00:08:31,819 traveler, and it's not really an 275 00:08:31,820 --> 00:08:33,319 executive, it necessarily it could be 276 00:08:33,320 --> 00:08:34,849 anybody. It could be some could be a 277 00:08:34,850 --> 00:08:36,649 student, it could be an engineer. 278 00:08:36,650 --> 00:08:38,538 Actually, engineers and scientists are 279 00:08:38,539 --> 00:08:40,759 among the the main targets 280 00:08:40,760 --> 00:08:41,719 for this right now. 281 00:08:41,720 --> 00:08:43,939 And one of the things they do 282 00:08:43,940 --> 00:08:45,109 is they carry a lot of intellectual 283 00:08:45,110 --> 00:08:46,639 property on a device. They have source 284 00:08:46,640 --> 00:08:48,439 code, they have research findings over 285 00:08:48,440 --> 00:08:49,759 everything else. 286 00:08:49,760 --> 00:08:51,649 So there's information that the adversary 287 00:08:51,650 --> 00:08:53,269 wants to steal from their devices. 288 00:08:53,270 --> 00:08:55,369 There's also the access systems back at 289 00:08:55,370 --> 00:08:57,709 home. They keep online to keep working 290 00:08:57,710 --> 00:08:58,669 because it's kind of crazy to go on a 291 00:08:58,670 --> 00:09:00,379 vacation or a work trip and not have 292 00:09:00,380 --> 00:09:03,049 access to systems so they can attack your 293 00:09:03,050 --> 00:09:04,849 system while you're in a country and use 294 00:09:04,850 --> 00:09:06,559 that to attack the system back at home. 295 00:09:06,560 --> 00:09:08,269 And the scariest thing is they can 296 00:09:08,270 --> 00:09:10,459 actually attack your 297 00:09:10,460 --> 00:09:12,469 device while you're in a country and 298 00:09:12,470 --> 00:09:13,999 leave something on the machine. 299 00:09:14,000 --> 00:09:15,109 Take it, you take it back to your home 300 00:09:15,110 --> 00:09:16,189 network, plug it in and it keeps 301 00:09:16,190 --> 00:09:17,389 attacking your home network, which might 302 00:09:17,390 --> 00:09:19,159 be protected. So that's the pretty big 303 00:09:19,160 --> 00:09:20,160 threat. 304 00:09:20,570 --> 00:09:21,859 One of the unique threats that these 305 00:09:21,860 --> 00:09:23,599 people face is border checkpoints. 306 00:09:23,600 --> 00:09:25,519 So and a lot of countries, you have 307 00:09:25,520 --> 00:09:27,439 pretty good rights and personal personal 308 00:09:27,440 --> 00:09:30,349 liberties when you're inside the country 309 00:09:30,350 --> 00:09:31,939 in the U.S. and the EU, lots of other 310 00:09:31,940 --> 00:09:32,899 places UK. 311 00:09:32,900 --> 00:09:34,909 The problem is at borders, a lot of those 312 00:09:34,910 --> 00:09:37,369 rights are either limited or suspended. 313 00:09:37,370 --> 00:09:38,690 And as we've seen, 314 00:09:39,710 --> 00:09:42,139 it's pretty scary. So they can require 315 00:09:42,140 --> 00:09:44,239 that you turn 316 00:09:44,240 --> 00:09:45,499 over a machine to them for a certain 317 00:09:45,500 --> 00:09:46,609 period of time and they'll give it back 318 00:09:46,610 --> 00:09:48,949 to you. They can require that you type 319 00:09:48,950 --> 00:09:50,299 stuff into your computer and all sorts of 320 00:09:50,300 --> 00:09:51,409 other stuff. So you might think, Oh, I'm 321 00:09:51,410 --> 00:09:53,569 just going to encrypt all my drives. 322 00:09:53,570 --> 00:09:54,979 There's an obvious attack, too, that they 323 00:09:54,980 --> 00:09:56,359 just tell you you must decrypt it. 324 00:09:56,360 --> 00:09:57,799 And if they're pointing a gun at you or 325 00:09:57,800 --> 00:09:59,329 holding you at a checkpoint or something 326 00:09:59,330 --> 00:10:01,039 you can't really like, say, No, I'm not 327 00:10:01,040 --> 00:10:02,449 going to do it. I mean, you can, but it 328 00:10:02,450 --> 00:10:04,519 becomes a legal challenge. 329 00:10:04,520 --> 00:10:06,709 And once they even if they don't 330 00:10:06,710 --> 00:10:08,059 get your encryption key, they just image 331 00:10:08,060 --> 00:10:09,799 your drive. So they've got an encrypted 332 00:10:09,800 --> 00:10:11,239 image and then they can go out and get 333 00:10:11,240 --> 00:10:13,459 your key later and decrypt your your 334 00:10:13,460 --> 00:10:14,239 data there. 335 00:10:14,240 --> 00:10:15,379 And that can be done through any number 336 00:10:15,380 --> 00:10:16,819 of different methods, whether through 337 00:10:16,820 --> 00:10:19,039 video surveillance or other types 338 00:10:19,040 --> 00:10:20,869 of ways of driving the key or just 339 00:10:20,870 --> 00:10:22,339 brooding over time. 340 00:10:22,340 --> 00:10:24,379 Yeah, yeah, especially on something like 341 00:10:24,380 --> 00:10:25,789 a cell phone or something that you're 342 00:10:25,790 --> 00:10:26,929 accessing all the time you're going is a 343 00:10:26,930 --> 00:10:27,930 pretty short passphrase. 344 00:10:29,210 --> 00:10:32,059 Another threat is the hotel maid, 345 00:10:32,060 --> 00:10:33,889 sort of the the the origin of the term 346 00:10:33,890 --> 00:10:35,329 evil maid. 347 00:10:35,330 --> 00:10:36,949 You say you rent a hotel room, it's 348 00:10:36,950 --> 00:10:39,019 expensive and small, and 349 00:10:39,020 --> 00:10:40,069 you might want to have somebody clean it 350 00:10:40,070 --> 00:10:42,139 every couple of days. So the the maid 351 00:10:42,140 --> 00:10:43,399 or come in, they have access, they don't 352 00:10:43,400 --> 00:10:44,719 have to wait for you to give them access 353 00:10:44,720 --> 00:10:45,749 to their average time. 354 00:10:45,750 --> 00:10:47,089 There's a door lock and the maid has 355 00:10:47,090 --> 00:10:48,169 access to their master key. 356 00:10:48,170 --> 00:10:50,539 If it's a conventional system or another 357 00:10:50,540 --> 00:10:52,819 digital key and they can come in 358 00:10:52,820 --> 00:10:54,319 and you're gone and they know you're gone 359 00:10:54,320 --> 00:10:56,029 for a while. You keep a travel schedule. 360 00:10:56,030 --> 00:10:57,049 They know you're out at a restaurant or 361 00:10:57,050 --> 00:10:58,069 they know you're in a meeting or whatever 362 00:10:58,070 --> 00:10:59,299 else, so they know you're going to be out 363 00:10:59,300 --> 00:11:00,859 of the room for a certain period of time. 364 00:11:00,860 --> 00:11:03,079 And the threat is not so much that a maid 365 00:11:03,080 --> 00:11:05,209 becomes evil. It's an evil person becomes 366 00:11:05,210 --> 00:11:07,459 a maid, an intelligence agent or 367 00:11:07,460 --> 00:11:08,419 a true story. 368 00:11:08,420 --> 00:11:09,799 True story. Yeah. 369 00:11:09,800 --> 00:11:11,959 So, so, you know, in a 370 00:11:11,960 --> 00:11:14,749 country specific 371 00:11:14,750 --> 00:11:16,699 bordering country, actually, a couple of 372 00:11:16,700 --> 00:11:18,829 those the the nation 373 00:11:18,830 --> 00:11:20,779 states intelligence apparatus will send 374 00:11:20,780 --> 00:11:22,279 people into your room and image your 375 00:11:22,280 --> 00:11:23,179 drive while you're out. 376 00:11:23,180 --> 00:11:24,439 If you're there for meetings and it's 377 00:11:24,440 --> 00:11:25,440 pretty widely known, 378 00:11:26,810 --> 00:11:28,279 there is a lot of problems with that. 379 00:11:28,280 --> 00:11:29,239 They can attack your machine. 380 00:11:29,240 --> 00:11:30,589 They can also attack the room so they 381 00:11:30,590 --> 00:11:31,849 could bug your room and they could. 382 00:11:31,850 --> 00:11:33,559 They have some control over what room 383 00:11:33,560 --> 00:11:35,119 you're assigned to? So there's a pretty 384 00:11:35,120 --> 00:11:36,120 big vulnerability there. 385 00:11:37,160 --> 00:11:38,509 So you might think that you can use the 386 00:11:38,510 --> 00:11:40,069 safe, though it turns out there's a lot 387 00:11:40,070 --> 00:11:42,379 of problems with those like master codes, 388 00:11:42,380 --> 00:11:45,109 ways to bypass it and the it here, 389 00:11:45,110 --> 00:11:46,789 the bottom right of the panel. 390 00:11:46,790 --> 00:11:47,959 There's a little easy, a little off 391 00:11:47,960 --> 00:11:49,129 color, you know, circle. 392 00:11:49,130 --> 00:11:50,269 That's actually a bypass key. 393 00:11:50,270 --> 00:11:51,739 So you know, there's a lock out like the 394 00:11:51,740 --> 00:11:54,349 battery fails or some other mechanisms 395 00:11:54,350 --> 00:11:55,729 inside is not performing correctly. 396 00:11:55,730 --> 00:11:57,979 You can pick that, and all hotel 397 00:11:57,980 --> 00:11:59,809 steps are not rated for by any security 398 00:11:59,810 --> 00:12:01,729 center that I'm familiar with. 399 00:12:01,730 --> 00:12:04,159 They just say it's secure, so 400 00:12:04,160 --> 00:12:05,809 it doesn't have any time to attack, like 401 00:12:05,810 --> 00:12:07,579 takes 15 minutes of tools or just they're 402 00:12:07,580 --> 00:12:08,580 not really that good. 403 00:12:09,350 --> 00:12:10,909 And you can also take the panels off this 404 00:12:10,910 --> 00:12:12,829 thing called spiking, which is you pull 405 00:12:12,830 --> 00:12:14,429 the wires out solenoid because they're 406 00:12:14,430 --> 00:12:16,339 usually electronic, not mechanical 407 00:12:16,340 --> 00:12:18,379 anymore, and you just connect an battery 408 00:12:18,380 --> 00:12:20,029 and it pulls the solenoid back and you're 409 00:12:20,030 --> 00:12:21,679 in. And and there's a number of other 410 00:12:21,680 --> 00:12:22,680 ways to 411 00:12:23,870 --> 00:12:25,279 another threat, which was recently in the 412 00:12:25,280 --> 00:12:27,439 news is the implant. 413 00:12:27,440 --> 00:12:29,689 So as we said, you can image your device 414 00:12:29,690 --> 00:12:30,739 when you're through a checkpoint or 415 00:12:30,740 --> 00:12:31,939 whatever else, and they've got an 416 00:12:31,940 --> 00:12:32,959 encrypted image, but they need to get a 417 00:12:32,960 --> 00:12:34,819 passphrase or they need to get physical 418 00:12:34,820 --> 00:12:36,199 access. They need to get logical access 419 00:12:36,200 --> 00:12:37,249 to a machine and do it various other 420 00:12:37,250 --> 00:12:38,419 stuff. 421 00:12:38,420 --> 00:12:40,129 It's very difficult to detect hardware 422 00:12:40,130 --> 00:12:42,019 changes on physical hardware. 423 00:12:42,020 --> 00:12:43,249 There's a variety of them you can go 424 00:12:43,250 --> 00:12:43,729 over. 425 00:12:43,730 --> 00:12:45,469 Yeah, like I mean, to be honest, like, 426 00:12:45,470 --> 00:12:46,699 how are you going to run antivirus on 427 00:12:46,700 --> 00:12:48,949 that keylogger and the left side, 428 00:12:48,950 --> 00:12:50,329 honestly? 429 00:12:50,330 --> 00:12:52,159 What if you have a firmware updated for 430 00:12:52,160 --> 00:12:54,319 your Ethernet card? I mean, know there 431 00:12:54,320 --> 00:12:55,459 aren't really a lot of technologies 432 00:12:55,460 --> 00:12:57,409 available immediately today commercially 433 00:12:57,410 --> 00:12:58,999 to solve these problems. 434 00:12:59,000 --> 00:13:00,739 Also, what about what if someone removes 435 00:13:00,740 --> 00:13:02,389 the keyboard, puts a single layer PCB 436 00:13:02,390 --> 00:13:04,609 with a villa that logs or keystrokes 437 00:13:04,610 --> 00:13:07,069 and just transmits transmits that over RF 438 00:13:07,070 --> 00:13:08,989 as many different ways to do it, as as 439 00:13:08,990 --> 00:13:11,449 many different tools are available 440 00:13:11,450 --> 00:13:13,639 in your electronics catalog and stuff 441 00:13:13,640 --> 00:13:15,289 that you can come up independently if you 442 00:13:15,290 --> 00:13:17,329 have a lot more resources like coming up 443 00:13:17,330 --> 00:13:18,319 with a tool on the right called the 444 00:13:18,320 --> 00:13:18,979 Cottonmouth 445 00:13:18,980 --> 00:13:21,049 probably doesn't cost $20000 a year to do 446 00:13:21,050 --> 00:13:22,140 this commercially. Yeah. 447 00:13:23,810 --> 00:13:25,039 Another threat that you face is, of 448 00:13:25,040 --> 00:13:26,419 course, network monitoring. You're in a 449 00:13:26,420 --> 00:13:27,709 country where. 450 00:13:27,710 --> 00:13:30,349 The cell phone company is most likely 451 00:13:30,350 --> 00:13:32,269 either an organ of the state or is highly 452 00:13:32,270 --> 00:13:34,159 licensed by the state, so they can see a 453 00:13:34,160 --> 00:13:35,329 lot of traffic there. They can do over 454 00:13:35,330 --> 00:13:36,319 there upgrades, you can do all sorts of 455 00:13:36,320 --> 00:13:38,059 stuff, your cell phone, they control all 456 00:13:38,060 --> 00:13:39,949 the wide area network access they can 457 00:13:39,950 --> 00:13:41,089 monitor there or they can just have the 458 00:13:41,090 --> 00:13:42,619 firewall. So you might think like, Oh, a 459 00:13:42,620 --> 00:13:43,849 VPN is a great solution to that. 460 00:13:43,850 --> 00:13:46,429 And it is. I mean, I love VPNs, but 461 00:13:46,430 --> 00:13:48,589 they're they're not so great if your 462 00:13:48,590 --> 00:13:49,789 endpoints compromised. 463 00:13:49,790 --> 00:13:51,889 So the the 464 00:13:51,890 --> 00:13:53,029 countermeasure you put in place to 465 00:13:53,030 --> 00:13:54,889 protect you from network monitoring 466 00:13:54,890 --> 00:13:56,479 doesn't protect you if your endpoint gets 467 00:13:56,480 --> 00:13:57,480 compromised. 468 00:13:58,960 --> 00:14:00,399 So another organization that has a lot of 469 00:14:00,400 --> 00:14:01,659 things to fear would be an activist 470 00:14:01,660 --> 00:14:03,969 organization, say, a group that gets 471 00:14:03,970 --> 00:14:06,159 a lot of highly sensitive documents given 472 00:14:06,160 --> 00:14:08,229 to them or they acquire them 473 00:14:08,230 --> 00:14:10,359 somehow and they're controlling them, and 474 00:14:10,360 --> 00:14:11,349 a lot of people really would like those 475 00:14:11,350 --> 00:14:13,449 documents. So they need to 476 00:14:13,450 --> 00:14:14,860 do things with them, and they're 477 00:14:16,300 --> 00:14:17,199 it's pretty darn, pretty dangerous. 478 00:14:17,200 --> 00:14:19,089 So they have access to documents the 479 00:14:19,090 --> 00:14:20,259 adversary would like to get access to 480 00:14:20,260 --> 00:14:22,269 them. Also, knowing all the personnel 481 00:14:22,270 --> 00:14:23,589 that are involved in the organization is 482 00:14:23,590 --> 00:14:25,899 a big risk because some of those people 483 00:14:25,900 --> 00:14:26,919 might not be public about their 484 00:14:26,920 --> 00:14:28,809 involvement with the organization and if 485 00:14:28,810 --> 00:14:30,099 they're exposed, they might lose their 486 00:14:30,100 --> 00:14:31,269 privileged access. All sorts of stuff 487 00:14:31,270 --> 00:14:33,399 like that subversion of the systems of 488 00:14:33,400 --> 00:14:35,349 the organization and potentially 489 00:14:35,350 --> 00:14:36,639 prosecution and persecution. 490 00:14:36,640 --> 00:14:38,229 All sorts of bad stuff can happen to you. 491 00:14:38,230 --> 00:14:39,459 And it doesn't have to happen in your 492 00:14:39,460 --> 00:14:40,569 home country can happen a lot of other 493 00:14:40,570 --> 00:14:41,570 places. 494 00:14:42,340 --> 00:14:43,989 One of the unique problems that activist 495 00:14:43,990 --> 00:14:45,369 organizations have is they're usually 496 00:14:45,370 --> 00:14:46,839 pretty poorly resourced. 497 00:14:46,840 --> 00:14:48,159 They don't have a lot of money, they 498 00:14:48,160 --> 00:14:49,509 don't have a lot of dedicated hardware or 499 00:14:49,510 --> 00:14:50,949 anything else. There's a few that have 500 00:14:50,950 --> 00:14:53,379 been raising a lot of money recently, but 501 00:14:53,380 --> 00:14:55,089 in general, they're especially outside of 502 00:14:55,090 --> 00:14:56,889 it. They have very bad it. 503 00:14:56,890 --> 00:14:58,569 Your average like labor organization 504 00:14:58,570 --> 00:15:00,999 group or whatever has has very minimal 505 00:15:01,000 --> 00:15:03,069 computer security and resources for that. 506 00:15:03,070 --> 00:15:04,779 So they're using a lot of their personal 507 00:15:04,780 --> 00:15:07,479 machines with no real security policy, 508 00:15:07,480 --> 00:15:09,579 no real full time sysadmin, nothing 509 00:15:09,580 --> 00:15:10,599 like that. They're certainly not 510 00:15:10,600 --> 00:15:12,489 security, a full time security guy. 511 00:15:12,490 --> 00:15:14,829 So it's pretty easy to compromise 512 00:15:14,830 --> 00:15:15,939 an end user in one of these 513 00:15:15,940 --> 00:15:17,319 organizations. You just sort of put up a 514 00:15:17,320 --> 00:15:18,759 site that attracts the users from that 515 00:15:18,760 --> 00:15:20,679 site and compromise in there. 516 00:15:20,680 --> 00:15:22,539 And once they compromise their computer, 517 00:15:22,540 --> 00:15:23,949 then you can access the systems of their 518 00:15:23,950 --> 00:15:24,950 organization. 519 00:15:25,930 --> 00:15:27,969 They also face a fairly unique problem 520 00:15:27,970 --> 00:15:30,009 that you're familiar with at their 521 00:15:30,010 --> 00:15:31,509 physical premises, so 522 00:15:31,510 --> 00:15:33,639 yeah, so black bag operations are 523 00:15:33,640 --> 00:15:35,829 generally, you know, beanie breaking 524 00:15:35,830 --> 00:15:37,599 and entering operations. 525 00:15:37,600 --> 00:15:39,579 So you need to get physical access 526 00:15:39,580 --> 00:15:41,049 somewhere. And I can be either picking a 527 00:15:41,050 --> 00:15:43,419 lock by going through a window, 528 00:15:43,420 --> 00:15:45,369 bypassing alarms and sensors and switches 529 00:15:45,370 --> 00:15:46,779 like I'm uniquely familiar with. 530 00:15:46,780 --> 00:15:49,119 This is my company does 531 00:15:49,120 --> 00:15:50,889 teaches the defenses and offenses of it, 532 00:15:50,890 --> 00:15:53,049 so we know what to look for and 533 00:15:53,050 --> 00:15:54,609 there's many, many different ways you can 534 00:15:54,610 --> 00:15:56,919 do it. I mean, one of the 535 00:15:56,920 --> 00:15:58,089 one of the things I learned years ago is 536 00:15:58,090 --> 00:15:58,989 like, you know, it's great to have a 537 00:15:58,990 --> 00:16:00,459 carpenter on staff because you can cut 538 00:16:00,460 --> 00:16:01,929 through drywall and repaint it very 539 00:16:01,930 --> 00:16:03,639 quickly. And no one knows you didn't 540 00:16:03,640 --> 00:16:04,690 touch the RFID reader. 541 00:16:06,180 --> 00:16:07,529 How many of you have worked in data 542 00:16:07,530 --> 00:16:09,719 centers where there's no steel wall 543 00:16:09,720 --> 00:16:10,980 in between the drywall? 544 00:16:12,110 --> 00:16:13,379 Yeah, I see a few hands. I'm pretty sure 545 00:16:13,380 --> 00:16:15,539 a lot more than you think seemed quite 546 00:16:15,540 --> 00:16:17,459 a lot of data centers in my time. 547 00:16:17,460 --> 00:16:19,649 But yeah, there's a lot of ways to do it. 548 00:16:19,650 --> 00:16:22,109 I mean, even triggering a 549 00:16:22,110 --> 00:16:24,689 request to exit sensors, as an example 550 00:16:24,690 --> 00:16:26,879 turns out, you can put a little pocket 551 00:16:26,880 --> 00:16:28,229 warmer. You know, you go skiing or 552 00:16:28,230 --> 00:16:30,209 snowboarding. You open up a bag, it heats 553 00:16:30,210 --> 00:16:31,649 up. Keep your hands warm. 554 00:16:31,650 --> 00:16:33,299 Push that under the door. 555 00:16:33,300 --> 00:16:35,459 You'll trigger the inside sensor to 556 00:16:35,460 --> 00:16:37,319 release the door lock from the inside, as 557 00:16:37,320 --> 00:16:38,219 if your person leaving. 558 00:16:38,220 --> 00:16:40,019 So many ways to do this, and I just 559 00:16:40,020 --> 00:16:41,399 covered a very small percentage of them, 560 00:16:41,400 --> 00:16:43,559 but it's really it's a big 561 00:16:43,560 --> 00:16:44,249 and real threat, 562 00:16:44,250 --> 00:16:45,779 and I don't think your average activist 563 00:16:45,780 --> 00:16:47,699 organization is going to have a super 564 00:16:47,700 --> 00:16:49,109 high security physical office because 565 00:16:49,110 --> 00:16:50,699 they'd rather spend their money on on 566 00:16:50,700 --> 00:16:52,529 activism rather than physical facilities. 567 00:16:53,820 --> 00:16:55,139 Another class of users that are 568 00:16:55,140 --> 00:16:56,699 vulnerable are online gaming users, so 569 00:16:56,700 --> 00:16:57,719 this is really anybody who's got an 570 00:16:57,720 --> 00:16:58,739 important online account. 571 00:16:58,740 --> 00:17:01,049 It's not specific to gaming, but one 572 00:17:01,050 --> 00:17:02,459 really, really interesting example 573 00:17:02,460 --> 00:17:05,009 recently is F-Secure 574 00:17:05,010 --> 00:17:07,379 came out with a report that a poker 575 00:17:07,380 --> 00:17:08,879 player likes to play poker. 576 00:17:08,880 --> 00:17:10,838 A lot was in Barcelona, and this was in 577 00:17:10,839 --> 00:17:12,479 back in December, actually earlier this 578 00:17:12,480 --> 00:17:14,608 month, and he 579 00:17:14,609 --> 00:17:16,229 would play poker online. 580 00:17:16,230 --> 00:17:17,608 He also played physical, so he left his 581 00:17:17,609 --> 00:17:19,439 laptop up in the hotel room at sort of 582 00:17:19,440 --> 00:17:21,419 like a physical poker competition, went 583 00:17:21,420 --> 00:17:23,608 down, was playing poker and 584 00:17:23,609 --> 00:17:25,588 people were compromising his laptop and 585 00:17:25,589 --> 00:17:27,809 installing some subversion software on 586 00:17:27,810 --> 00:17:29,069 his laptop while hours away, so his 587 00:17:29,070 --> 00:17:30,869 online poker accounts got compromised. 588 00:17:30,870 --> 00:17:32,459 And the really scary thing about this is 589 00:17:32,460 --> 00:17:34,619 not that it's happened once it's that 590 00:17:34,620 --> 00:17:36,749 this, they say it was not the first time 591 00:17:36,750 --> 00:17:38,819 is not particularly unusual, has 592 00:17:38,820 --> 00:17:40,469 a purely commercial profit motive. 593 00:17:40,470 --> 00:17:41,879 So it's sort of like a self-financing 594 00:17:41,880 --> 00:17:43,619 operation. There's no reason to believe 595 00:17:43,620 --> 00:17:45,809 this doesn't happen frequently and 596 00:17:45,810 --> 00:17:46,890 on an increasing basis. 597 00:17:48,150 --> 00:17:50,249 So one of the things that people 598 00:17:50,250 --> 00:17:52,469 think about if you're, you know, 599 00:17:52,470 --> 00:17:54,209 an evil made you have the cards and keys 600 00:17:54,210 --> 00:17:56,789 to get in. What if you're not and maybe 601 00:17:56,790 --> 00:17:58,529 you maybe know, look, locksmith or you 602 00:17:58,530 --> 00:18:00,329 convince metal, you can do something like 603 00:18:00,330 --> 00:18:01,529 this with the under the door to over. 604 00:18:01,530 --> 00:18:03,089 You don't need to touch the locking 605 00:18:03,090 --> 00:18:04,049 systems at all. 606 00:18:04,050 --> 00:18:05,489 You just grab the door handle from the 607 00:18:05,490 --> 00:18:06,490 inside. 608 00:18:08,830 --> 00:18:09,789 It's about a minute. 609 00:18:09,790 --> 00:18:10,790 Yeah, it's. 610 00:18:12,290 --> 00:18:14,329 So you can talk to her. Yeah, so what I'm 611 00:18:14,330 --> 00:18:16,009 pulling out here actually is a little 612 00:18:16,010 --> 00:18:19,189 wrap of steel with the cable inside, 613 00:18:19,190 --> 00:18:20,659 and that's called the end of the door 614 00:18:20,660 --> 00:18:22,839 tool works on lever locks, 615 00:18:22,840 --> 00:18:25,039 so you know the handles with a lever so 616 00:18:25,040 --> 00:18:27,169 that one's all wound up with the 617 00:18:27,170 --> 00:18:28,869 velcro and then shoved under the door 618 00:18:28,870 --> 00:18:30,889 actually have it over there? 619 00:18:30,890 --> 00:18:33,199 Actually, Starbuck, who did the 620 00:18:33,200 --> 00:18:35,329 Touch ID hack? Actually, I have to give 621 00:18:35,330 --> 00:18:37,189 one to him so you guys can keep on here 622 00:18:37,190 --> 00:18:38,479 in the country. 623 00:18:38,480 --> 00:18:39,709 But yeah, if you want to see it later, 624 00:18:39,710 --> 00:18:41,929 come by the locksmith area and say Lock 625 00:18:41,930 --> 00:18:44,539 picking area and you can do some demos. 626 00:18:44,540 --> 00:18:46,699 Yeah, checking to see, you 627 00:18:46,700 --> 00:18:48,499 know that the door is open or locked 628 00:18:48,500 --> 00:18:49,609 because sometimes it's actually left 629 00:18:49,610 --> 00:18:50,749 open. 630 00:18:50,750 --> 00:18:51,750 Measure the distance. 631 00:18:53,120 --> 00:18:54,619 Slide under the door already seen the top 632 00:18:54,620 --> 00:18:55,790 left, the tool going in. 633 00:18:58,240 --> 00:19:00,729 Lifting up one to 634 00:19:00,730 --> 00:19:02,770 three on, I was on the handle. 635 00:19:04,960 --> 00:19:06,939 And sit, and once I know it's there. 636 00:19:06,940 --> 00:19:08,859 Pull the wire jiggle. 637 00:19:14,630 --> 00:19:15,630 And I mean. 638 00:19:22,710 --> 00:19:24,959 So another class of users that we 639 00:19:24,960 --> 00:19:26,429 care about that are here that are at risk 640 00:19:26,430 --> 00:19:28,019 are journalists, and there's a lot of 641 00:19:28,020 --> 00:19:29,729 definition of who's a journalist, but 642 00:19:29,730 --> 00:19:30,959 really anybody reporting on this kind of 643 00:19:30,960 --> 00:19:33,209 stuff at this point is doing 644 00:19:33,210 --> 00:19:35,579 journalism, and journalists have 645 00:19:35,580 --> 00:19:36,989 often are very public people. 646 00:19:36,990 --> 00:19:38,849 So they themselves are known, but they 647 00:19:38,850 --> 00:19:40,019 have confidential sources. 648 00:19:40,020 --> 00:19:41,819 And the reason why these sources are 649 00:19:41,820 --> 00:19:43,049 willing to give information to the 650 00:19:43,050 --> 00:19:44,249 journalist is that the journalist 651 00:19:44,250 --> 00:19:46,379 protects their anonymity very, 652 00:19:46,380 --> 00:19:47,489 very strongly. There have been 653 00:19:47,490 --> 00:19:49,199 journalists that have gone to prison for 654 00:19:49,200 --> 00:19:51,269 protecting to to protect 655 00:19:51,270 --> 00:19:53,039 people from from being compromised. 656 00:19:53,040 --> 00:19:54,899 And certainly and worse in other 657 00:19:54,900 --> 00:19:55,799 countries. 658 00:19:55,800 --> 00:19:57,839 So this is very important to journalists 659 00:19:57,840 --> 00:20:00,299 and there's some attacks that are 660 00:20:00,300 --> 00:20:01,529 that are pretty unique to journalists 661 00:20:01,530 --> 00:20:03,629 like, well, not terribly 662 00:20:03,630 --> 00:20:04,799 next journalists. 663 00:20:04,800 --> 00:20:07,469 You basically just arrest them and 664 00:20:07,470 --> 00:20:09,149 you have them. Do you see their equipment 665 00:20:09,150 --> 00:20:11,219 and you image it and you give it back to 666 00:20:11,220 --> 00:20:13,469 them, potentially with with malware 667 00:20:13,470 --> 00:20:14,969 installed or if they didn't bother to use 668 00:20:14,970 --> 00:20:16,109 crypto because the majority of them 669 00:20:16,110 --> 00:20:18,419 don't. They've got the data there, and 670 00:20:18,420 --> 00:20:20,399 they're they're usually not very rich. 671 00:20:20,400 --> 00:20:22,349 So they're if you seize their equipment 672 00:20:22,350 --> 00:20:23,909 for a couple of days, they're really 673 00:20:23,910 --> 00:20:24,869 worried that they're not going to be able 674 00:20:24,870 --> 00:20:25,859 to get any work done when they get it 675 00:20:25,860 --> 00:20:27,749 back. So they're not going to go out and 676 00:20:27,750 --> 00:20:29,069 throw it away and go out and buy new 677 00:20:29,070 --> 00:20:30,419 hardware. They're going to take that 678 00:20:30,420 --> 00:20:32,579 equipment and keep using it as if nothing 679 00:20:32,580 --> 00:20:34,979 had happened. And and 680 00:20:34,980 --> 00:20:35,339 you went. 681 00:20:35,340 --> 00:20:37,199 So yeah. 682 00:20:37,200 --> 00:20:38,939 And if there's no evidence that it's been 683 00:20:38,940 --> 00:20:40,259 tampered with, it's going to be really 684 00:20:40,260 --> 00:20:41,999 hard to pressure your boss to get you a 685 00:20:42,000 --> 00:20:43,139 new laptop 686 00:20:43,140 --> 00:20:44,189 if you're not independent, 687 00:20:44,190 --> 00:20:45,299 if you're not an independent 688 00:20:45,300 --> 00:20:46,300 stringer. 689 00:20:46,680 --> 00:20:48,179 And then the other category of people are 690 00:20:48,180 --> 00:20:49,439 people in war zones. And that's really 691 00:20:49,440 --> 00:20:51,539 the whole range of people that are 692 00:20:51,540 --> 00:20:52,799 just sort of like families that live 693 00:20:52,800 --> 00:20:54,029 there. If you've got a relative who 694 00:20:54,030 --> 00:20:55,529 happens to live in a country that becomes 695 00:20:55,530 --> 00:20:58,049 a war zone over time, they're at risk 696 00:20:58,050 --> 00:20:59,669 because both your personal physical 697 00:20:59,670 --> 00:21:00,689 safety is at risk. 698 00:21:00,690 --> 00:21:03,539 I mean, obviously it's a war zone and 699 00:21:03,540 --> 00:21:05,159 going after contacts and networks, you 700 00:21:05,160 --> 00:21:06,359 want to find out all the people that are 701 00:21:06,360 --> 00:21:08,759 members of certain organizations. 702 00:21:08,760 --> 00:21:10,259 You find one of them and you sort of like 703 00:21:10,260 --> 00:21:11,669 do a network analysis and find all the 704 00:21:11,670 --> 00:21:13,919 people they talk to and all that stuff. 705 00:21:13,920 --> 00:21:16,199 And there's a fairly unique 706 00:21:16,200 --> 00:21:18,779 problem for four people in these places 707 00:21:18,780 --> 00:21:20,879 where people on both sides are 708 00:21:20,880 --> 00:21:22,439 in Middle Eastern countries that are in 709 00:21:22,440 --> 00:21:24,599 war zones, they will find somebody 710 00:21:24,600 --> 00:21:27,239 who's in a network, they will 711 00:21:27,240 --> 00:21:28,439 compromise that person, they'll in 712 00:21:28,440 --> 00:21:30,419 prison, they'll kill them, whatever else, 713 00:21:30,420 --> 00:21:32,129 take their systems and continue 714 00:21:32,130 --> 00:21:34,529 impersonating them and 715 00:21:34,530 --> 00:21:35,969 find everybody else in their network, 716 00:21:35,970 --> 00:21:38,069 attract them and arrest 717 00:21:38,070 --> 00:21:40,109 or kill them. So it's a huge risk for 718 00:21:40,110 --> 00:21:41,609 them. It's pretty much the ultimate risk. 719 00:21:42,720 --> 00:21:45,509 So you'd think, as we said earlier, the 720 00:21:45,510 --> 00:21:47,339 governments were sort of the original 721 00:21:47,340 --> 00:21:49,469 people that that face 722 00:21:49,470 --> 00:21:50,669 these kind of risks and they have some 723 00:21:50,670 --> 00:21:52,859 solutions. But as we'll see, they have 724 00:21:52,860 --> 00:21:54,329 solutions, but they were really just for 725 00:21:54,330 --> 00:21:55,589 government. They're not really applicable 726 00:21:55,590 --> 00:21:56,699 to a lot of other people and a lot of 727 00:21:56,700 --> 00:21:58,829 cases, and they're not really foolproof 728 00:21:58,830 --> 00:22:00,939 either. So government security is 729 00:22:00,940 --> 00:22:02,670 certainly not a bulletproof thing. 730 00:22:03,930 --> 00:22:05,849 One of the things they've always built on 731 00:22:05,850 --> 00:22:08,009 is they have is physical security. 732 00:22:08,010 --> 00:22:09,749 Governments have have long way before 733 00:22:09,750 --> 00:22:11,639 computers relied on physical security to 734 00:22:11,640 --> 00:22:13,469 keep their records facilities safe. 735 00:22:13,470 --> 00:22:14,759 They have a bunch of standards. 736 00:22:14,760 --> 00:22:16,139 I'm familiar with the U.S. standards, but 737 00:22:16,140 --> 00:22:17,459 a lot of countries have these things 738 00:22:17,460 --> 00:22:19,679 where the if you're going 739 00:22:19,680 --> 00:22:21,209 to use a computer at a very high security 740 00:22:21,210 --> 00:22:22,679 level, you can only do it in a special 741 00:22:22,680 --> 00:22:23,609 kind of environment. 742 00:22:23,610 --> 00:22:24,839 You don't go to a coffee shop with your 743 00:22:24,840 --> 00:22:26,609 laptop, you don't go to a regular office 744 00:22:26,610 --> 00:22:28,349 environment with a laptop to process. 745 00:22:28,350 --> 00:22:30,059 You do it in a room called a skiff 746 00:22:30,060 --> 00:22:31,469 sensitive compartmentalized information 747 00:22:31,470 --> 00:22:33,659 facility. It's basically a bank vault 748 00:22:33,660 --> 00:22:35,879 that is lined with some metal 749 00:22:35,880 --> 00:22:38,039 to block. RF shielding has physical 750 00:22:38,040 --> 00:22:39,659 security, so it's got very high security 751 00:22:39,660 --> 00:22:41,819 locks monitoring 752 00:22:41,820 --> 00:22:43,859 alarming everything else. 753 00:22:43,860 --> 00:22:45,749 Super expensive, like the seals on the 754 00:22:45,750 --> 00:22:48,179 doors alone are like five 10 grand, so 755 00:22:48,180 --> 00:22:49,109 you're not really going to buy these 756 00:22:49,110 --> 00:22:50,129 commercially. 757 00:22:50,130 --> 00:22:51,479 They're restricted. A lot of the standards 758 00:22:51,480 --> 00:22:52,919 are actually themselves classified in 759 00:22:52,920 --> 00:22:54,869 order to build one of these things. 760 00:22:54,870 --> 00:22:56,309 They're required for defense contractors 761 00:22:56,310 --> 00:22:58,499 in America. It's it's a big, big 762 00:22:58,500 --> 00:22:59,500 deal. 763 00:23:00,000 --> 00:23:01,229 One of the things they have actually our 764 00:23:01,230 --> 00:23:03,329 embassy. So they actually were 765 00:23:03,330 --> 00:23:04,679 able to get all the other countries to 766 00:23:04,680 --> 00:23:06,119 come up and do some treaties. 767 00:23:06,120 --> 00:23:07,559 So there's Vienna and other places where 768 00:23:07,560 --> 00:23:10,079 they they decided 769 00:23:10,080 --> 00:23:11,549 that all countries embassies would be 770 00:23:11,550 --> 00:23:13,649 sort of inviolate territory of 771 00:23:13,650 --> 00:23:16,799 other of the country extraterritorial. 772 00:23:16,800 --> 00:23:18,959 So they will not be able to be 773 00:23:18,960 --> 00:23:20,459 subject to local search or anything else, 774 00:23:20,460 --> 00:23:22,019 which is great because a great way to 775 00:23:22,020 --> 00:23:24,119 defend against this search is to just 776 00:23:24,120 --> 00:23:26,159 not be allowed to be searched. 777 00:23:26,160 --> 00:23:27,749 Unfortunately, by private citizens can't 778 00:23:27,750 --> 00:23:29,009 really do that. 779 00:23:29,010 --> 00:23:30,659 They have special couriers that will 780 00:23:30,660 --> 00:23:33,089 transport material between sites. 781 00:23:33,090 --> 00:23:34,289 They'll have their run basically their 782 00:23:34,290 --> 00:23:35,609 own courier service. 783 00:23:35,610 --> 00:23:36,899 Sometimes they use commercial carrier. 784 00:23:36,900 --> 00:23:38,309 Sometimes they have armed security guys 785 00:23:38,310 --> 00:23:40,229 that travel with the item and keep it 786 00:23:40,230 --> 00:23:41,669 protected that way. 787 00:23:41,670 --> 00:23:42,719 They've got a lot of other stuff. 788 00:23:42,720 --> 00:23:44,519 But basically, the fundamental thing here 789 00:23:44,520 --> 00:23:46,319 is all this stuff is really, really 790 00:23:46,320 --> 00:23:47,789 expensive and one of the things they do, 791 00:23:47,790 --> 00:23:50,279 it's sort of like the least absurd 792 00:23:50,280 --> 00:23:52,379 thing they do is they have a dedicated 793 00:23:52,380 --> 00:23:54,449 travel pool of laptops that 794 00:23:54,450 --> 00:23:56,429 are the only machines that are allowed to 795 00:23:56,430 --> 00:23:58,319 be taken out of their facility. 796 00:23:58,320 --> 00:24:00,149 So if you're a government user that wants 797 00:24:00,150 --> 00:24:02,249 to go to a foreign country for a 798 00:24:02,250 --> 00:24:03,809 conference, you don't get to take your 799 00:24:03,810 --> 00:24:06,089 work laptop. You take a special laptop 800 00:24:06,090 --> 00:24:07,889 that only has access to very minimal 801 00:24:07,890 --> 00:24:09,449 things, doesn't have access to home 802 00:24:09,450 --> 00:24:11,399 systems. Everything else that works great 803 00:24:11,400 --> 00:24:13,619 if you've got like 500000 804 00:24:13,620 --> 00:24:15,209 employees and they don't really need to 805 00:24:15,210 --> 00:24:16,799 do a lot of work during that trip. 806 00:24:16,800 --> 00:24:18,479 But if you're a private person who 807 00:24:18,480 --> 00:24:20,729 travels to a country to do work, you 808 00:24:20,730 --> 00:24:22,059 have to. Take your stuff with you to do 809 00:24:22,060 --> 00:24:23,159 all your work while you're there. 810 00:24:23,160 --> 00:24:24,160 Good question. 811 00:24:26,290 --> 00:24:28,179 Quick test, quick question. 812 00:24:28,180 --> 00:24:29,770 Who travels for work with their laptop? 813 00:24:31,080 --> 00:24:32,609 Everyone should look around really quick. 814 00:24:33,820 --> 00:24:34,979 It's a lot of hands up. No, don't keep 815 00:24:34,980 --> 00:24:36,749 him up him up, so hide it. 816 00:24:36,750 --> 00:24:38,279 Now look around. 817 00:24:38,280 --> 00:24:40,319 A lot of you do that. Yeah, yeah, that 818 00:24:40,320 --> 00:24:41,999 wasn't happening in about 20 years ago. 819 00:24:42,000 --> 00:24:43,589 I just like that the landscape has 820 00:24:43,590 --> 00:24:45,299 completely changed. 821 00:24:45,300 --> 00:24:46,739 Yeah. And they do some cool stuff with 822 00:24:46,740 --> 00:24:48,569 those travel laptops. They actually, when 823 00:24:48,570 --> 00:24:50,909 they get them back, they do 824 00:24:50,910 --> 00:24:52,409 various forensic analysis on them. 825 00:24:52,410 --> 00:24:55,379 Sometimes they do physical inspection, 826 00:24:55,380 --> 00:24:57,389 sometimes they X-ray them to see if 827 00:24:57,390 --> 00:24:58,649 components have an attitude and they do 828 00:24:58,650 --> 00:25:00,839 all sorts of crazy stuff on these things. 829 00:25:00,840 --> 00:25:02,519 Depending on who they are like, certainly 830 00:25:02,520 --> 00:25:04,319 U.S. agencies usually have more money 831 00:25:04,320 --> 00:25:05,939 than a lot of countries do, so they're 832 00:25:05,940 --> 00:25:07,079 going to do more of this stuff. 833 00:25:07,080 --> 00:25:08,579 But. And if they're going to a high 834 00:25:08,580 --> 00:25:09,959 threat environment, they might do more 835 00:25:09,960 --> 00:25:10,859 than if they're going to a friendly 836 00:25:10,860 --> 00:25:12,629 country. But but they do a lot of stuff 837 00:25:12,630 --> 00:25:14,429 that's really difficult to do, and they 838 00:25:14,430 --> 00:25:15,899 have so much money they can build their 839 00:25:15,900 --> 00:25:17,969 own custom procedures, they can 840 00:25:17,970 --> 00:25:20,129 implement great policies, and government 841 00:25:20,130 --> 00:25:23,219 employees are really good at obeying 842 00:25:23,220 --> 00:25:25,469 directives and doing it 843 00:25:25,470 --> 00:25:27,599 persistently and consistently so 844 00:25:27,600 --> 00:25:28,859 they can have a policy where they have to 845 00:25:28,860 --> 00:25:30,269 go, do something every day and they'll 846 00:25:30,270 --> 00:25:31,270 actually stick to it. 847 00:25:32,250 --> 00:25:33,839 But yeah, custom hardware, detailed 848 00:25:33,840 --> 00:25:35,039 accounting procedures, everything like 849 00:25:35,040 --> 00:25:36,040 that. 850 00:25:38,300 --> 00:25:39,300 OK. 851 00:25:40,040 --> 00:25:41,269 Problem is, it's not completely 852 00:25:41,270 --> 00:25:43,159 effective. So it's super expensive and 853 00:25:43,160 --> 00:25:44,160 doesn't actually work. 854 00:25:45,140 --> 00:25:47,449 So it turns out 855 00:25:47,450 --> 00:25:48,699 certain organizations, when they come 856 00:25:48,700 --> 00:25:50,299 into problems like these, they develop 857 00:25:50,300 --> 00:25:51,409 specialized tools. 858 00:25:51,410 --> 00:25:53,059 So as I said at the very beginning in the 859 00:25:53,060 --> 00:25:55,219 co-founder of Tool USA and Sport 860 00:25:55,220 --> 00:25:56,689 Picker for a long time, then I worked for 861 00:25:56,690 --> 00:25:57,589 the United States government. 862 00:25:57,590 --> 00:25:59,779 Learning more stuff and how the mindset 863 00:25:59,780 --> 00:26:00,949 worked was like, You know, you need to 864 00:26:00,950 --> 00:26:02,329 get access in these hardened areas. 865 00:26:02,330 --> 00:26:03,439 I never worked on those particular 866 00:26:03,440 --> 00:26:05,539 problems, but I learned around that and I 867 00:26:05,540 --> 00:26:06,859 eventually started learning about other 868 00:26:06,860 --> 00:26:08,899 tools. And as a man by the name of John 869 00:26:08,900 --> 00:26:10,999 Faull, who makes tools not generally 870 00:26:11,000 --> 00:26:12,379 for the public market, he makes lock 871 00:26:12,380 --> 00:26:13,309 picks for the public market. 872 00:26:13,310 --> 00:26:16,009 But he came up with this particular tool 873 00:26:16,010 --> 00:26:18,409 about 20 or 20 years ago, I've been told, 874 00:26:18,410 --> 00:26:19,549 used to be a classified tool. 875 00:26:19,550 --> 00:26:21,469 I don't think anyone has seen this ever 876 00:26:21,470 --> 00:26:22,939 in public. 877 00:26:22,940 --> 00:26:24,259 And so this is basically we're dropping 878 00:26:24,260 --> 00:26:25,260 this right now. 879 00:26:26,450 --> 00:26:27,529 This tool right here is called the 880 00:26:27,530 --> 00:26:29,419 universal pin tumbler decoder. 881 00:26:29,420 --> 00:26:30,769 You can buy the lock, pick an area later 882 00:26:30,770 --> 00:26:32,329 and take a look at it. 883 00:26:32,330 --> 00:26:34,549 Basically, what it does is it is 884 00:26:34,550 --> 00:26:36,529 designed to not pick a lock, the decoder 885 00:26:36,530 --> 00:26:38,929 lock this tool. 886 00:26:38,930 --> 00:26:41,449 What it does is has a very thin wire 887 00:26:41,450 --> 00:26:43,249 shim. It doesn't lift the pin. 888 00:26:43,250 --> 00:26:45,739 It slides between the pin and the cavity 889 00:26:45,740 --> 00:26:48,169 and it curves back and you can see 890 00:26:48,170 --> 00:26:50,209 if you could see it very well because of 891 00:26:50,210 --> 00:26:51,979 the wires. So thin rdsap, I'd like to 892 00:26:51,980 --> 00:26:53,269 hear you. We'll have more videos online 893 00:26:53,270 --> 00:26:54,319 in a bit. 894 00:26:54,320 --> 00:26:55,759 This tool is no longer classified, so I'm 895 00:26:55,760 --> 00:26:56,869 not getting that kind of trouble. 896 00:26:58,190 --> 00:27:00,769 But the tool I turn up the hypodermic 897 00:27:00,770 --> 00:27:02,659 syringe, which carries a needle as like a 898 00:27:02,660 --> 00:27:04,309 little wire and slides up. 899 00:27:04,310 --> 00:27:06,049 And you can see at the top 10 you 900 00:27:06,050 --> 00:27:07,519 mentioned seal spins right there. 901 00:27:07,520 --> 00:27:09,589 That means I touch it 902 00:27:09,590 --> 00:27:11,899 and I'll feel that on the plunger. 903 00:27:11,900 --> 00:27:13,999 And when trained, 904 00:27:14,000 --> 00:27:15,169 when you trained enough with this tool, 905 00:27:15,170 --> 00:27:17,299 you can decode locks and down in as 906 00:27:17,300 --> 00:27:18,649 low as 30 seconds. 907 00:27:18,650 --> 00:27:20,689 And the other interesting thing is to the 908 00:27:20,690 --> 00:27:22,849 design of this tool is that you can 909 00:27:22,850 --> 00:27:24,709 come back years later as long as the lock 910 00:27:24,710 --> 00:27:26,119 has not been repaired. 911 00:27:26,120 --> 00:27:28,099 So if you only have time to lock in a 912 00:27:28,100 --> 00:27:30,349 dark corner, go by and try the first 913 00:27:30,350 --> 00:27:32,539 pin. You figure it out, 914 00:27:32,540 --> 00:27:34,909 go away till maybe one of your other 915 00:27:34,910 --> 00:27:36,859 backpack operators and say, OK, we got 916 00:27:36,860 --> 00:27:37,909 this one to do this one. 917 00:27:37,910 --> 00:27:39,079 And if you only have 10 seconds at a 918 00:27:39,080 --> 00:27:39,979 time, you can do that. 919 00:27:39,980 --> 00:27:40,939 And then eventually you will have 920 00:27:40,940 --> 00:27:42,859 persistent access because you will be 921 00:27:42,860 --> 00:27:45,019 able to cut the key to code after 922 00:27:45,020 --> 00:27:46,009 the fact. 923 00:27:46,010 --> 00:27:48,049 So these are tools that are, I guess, I 924 00:27:48,050 --> 00:27:50,179 said, not available to the public 925 00:27:50,180 --> 00:27:51,440 market, all heavily restricted. 926 00:27:52,790 --> 00:27:54,469 I can't even really buy them, but I do 927 00:27:54,470 --> 00:27:56,239 have one from a friend. 928 00:27:56,240 --> 00:27:57,979 And so I thought it would be interesting 929 00:27:57,980 --> 00:28:00,079 to show the public what kind of 930 00:28:00,080 --> 00:28:01,519 tools are available now. I said, this is 931 00:28:01,520 --> 00:28:03,079 20 years old on their way, more 932 00:28:03,080 --> 00:28:05,419 sophisticated tools today 933 00:28:05,420 --> 00:28:06,889 to give you some perspective as to what 934 00:28:06,890 --> 00:28:08,509 is available, as you can also see through 935 00:28:08,510 --> 00:28:09,979 the other talks or other tools that most 936 00:28:09,980 --> 00:28:11,699 people didn't think existed. 937 00:28:11,700 --> 00:28:13,009 Yeah, and there's other tools. 938 00:28:13,010 --> 00:28:14,299 The other thing that's unique about 939 00:28:14,300 --> 00:28:16,489 government is they are willing to spend 940 00:28:16,490 --> 00:28:17,809 a lot of money to go after a single 941 00:28:17,810 --> 00:28:19,039 target. 942 00:28:19,040 --> 00:28:20,419 In the case of the U.S. 943 00:28:20,420 --> 00:28:22,339 and the Soviet Union, back from, I think, 944 00:28:22,340 --> 00:28:24,619 the 50s or 60s US built this great 945 00:28:24,620 --> 00:28:27,109 embassy in Moscow and 946 00:28:27,110 --> 00:28:29,719 they got a gift from the the Soviets 947 00:28:29,720 --> 00:28:31,309 of a seal. A great seal of the United 948 00:28:31,310 --> 00:28:32,659 States is really, really pretty. 949 00:28:32,660 --> 00:28:34,379 And they did. 950 00:28:34,380 --> 00:28:35,569 They thought, Oh, just have a microphone 951 00:28:35,570 --> 00:28:37,969 inside it. It had no active components 952 00:28:37,970 --> 00:28:39,139 or anything else inside. It was just this 953 00:28:39,140 --> 00:28:40,819 nice seal. So they hung it up in one of 954 00:28:40,820 --> 00:28:42,199 their sensitive meeting rooms. 955 00:28:42,200 --> 00:28:44,599 And it turns out 956 00:28:44,600 --> 00:28:46,129 it actually had a piece of metal inside 957 00:28:46,130 --> 00:28:48,409 it that when you irradiated 958 00:28:48,410 --> 00:28:50,719 it with RF from outside, the thing 959 00:28:50,720 --> 00:28:52,669 from one of the Soviets facilities turned 960 00:28:52,670 --> 00:28:54,679 it into a microphone that would remotely 961 00:28:54,680 --> 00:28:56,059 transmit a thing. 962 00:28:56,060 --> 00:28:58,279 So they spent, I don't know how much time 963 00:28:58,280 --> 00:29:00,259 coming up with a thing for a single room 964 00:29:00,260 --> 00:29:02,389 single attack, but pretty effective. 965 00:29:02,390 --> 00:29:03,919 And there's no reason to think they 966 00:29:03,920 --> 00:29:05,599 haven't continued doing that over time, 967 00:29:05,600 --> 00:29:07,849 given the $50 billion budget 968 00:29:07,850 --> 00:29:08,899 for this kind of stuff every year. 969 00:29:08,900 --> 00:29:10,519 So it's it's pretty crazy. 970 00:29:12,830 --> 00:29:15,019 But and the other reason why there's 971 00:29:15,020 --> 00:29:16,549 this weird technical thing, so those are 972 00:29:16,550 --> 00:29:17,779 the advantages government has, but they 973 00:29:17,780 --> 00:29:18,979 also have some disadvantages. 974 00:29:18,980 --> 00:29:20,179 One of their big disadvantages is 975 00:29:20,180 --> 00:29:21,749 actually there. Their other strength is 976 00:29:21,750 --> 00:29:22,969 that they're so big and they have so much 977 00:29:22,970 --> 00:29:24,409 money and so much staff. 978 00:29:24,410 --> 00:29:26,299 That means they've got a lot of insiders. 979 00:29:26,300 --> 00:29:28,489 And one of the biggest risks to them 980 00:29:28,490 --> 00:29:29,839 is that they have insiders that are going 981 00:29:29,840 --> 00:29:31,909 to either accidentally not comply 982 00:29:31,910 --> 00:29:33,859 with security policy or willfully not 983 00:29:33,860 --> 00:29:36,019 comply with security policy and pretty 984 00:29:36,020 --> 00:29:37,009 much over. 985 00:29:37,010 --> 00:29:38,389 Recently, we've seen some of the 986 00:29:38,390 --> 00:29:39,619 consequences of that. 987 00:29:39,620 --> 00:29:41,869 So they have that threat, whereas 988 00:29:41,870 --> 00:29:43,579 a small an individual certainly doesn't 989 00:29:43,580 --> 00:29:45,619 have that threat. And a small 990 00:29:45,620 --> 00:29:47,179 organization generally doesn't have that 991 00:29:47,180 --> 00:29:48,180 threat as frequently. 992 00:29:49,270 --> 00:29:51,069 And sometimes they just screw up like 993 00:29:51,070 --> 00:29:53,469 they went to the US commerce 994 00:29:53,470 --> 00:29:54,909 secretary, went to China on a big 995 00:29:54,910 --> 00:29:56,499 meeting. They did everything right. 996 00:29:56,500 --> 00:29:58,239 Most of the time and they just sort of 997 00:29:58,240 --> 00:29:59,919 like left a laptop containing the 998 00:29:59,920 --> 00:30:01,929 commerce secretary's left a bag 999 00:30:01,930 --> 00:30:03,669 containing his laptop like somewhere. 1000 00:30:03,670 --> 00:30:04,959 And yeah. 1001 00:30:04,960 --> 00:30:06,909 So if the problem is, they have to be 1002 00:30:06,910 --> 00:30:08,559 right all the time, and if you screw up 1003 00:30:08,560 --> 00:30:10,780 once, that's so great. 1004 00:30:11,800 --> 00:30:12,939 So where do we go from here? 1005 00:30:14,260 --> 00:30:15,909 We have all these types of attacks and we 1006 00:30:15,910 --> 00:30:17,439 think we have all these defenses. 1007 00:30:17,440 --> 00:30:19,659 And it turns out they're really 1008 00:30:19,660 --> 00:30:21,309 not that good, especially when you don't 1009 00:30:21,310 --> 00:30:23,469 have a well-resourced entity to 1010 00:30:23,470 --> 00:30:25,239 take care of having a dedicated security 1011 00:30:25,240 --> 00:30:26,649 staff to train employees and everything 1012 00:30:26,650 --> 00:30:28,749 else. Well, the seals aren't the seal. 1013 00:30:29,860 --> 00:30:32,289 These kinds of seals, so 1014 00:30:32,290 --> 00:30:35,649 seals kind of in many shapes and sizes. 1015 00:30:35,650 --> 00:30:37,719 I actually I have 1016 00:30:37,720 --> 00:30:39,579 a particular way of describing them, but 1017 00:30:39,580 --> 00:30:40,839 where I used to work at the vulnerability 1018 00:30:40,840 --> 00:30:42,039 assessment team in Argonne, they have a 1019 00:30:42,040 --> 00:30:44,199 great description of tamper 1020 00:30:44,200 --> 00:30:46,359 evident devices, and I'm 1021 00:30:46,360 --> 00:30:47,919 going to read it right here. 1022 00:30:47,920 --> 00:30:48,920 So 1023 00:30:50,230 --> 00:30:52,299 tamper evident devices are used 1024 00:30:52,300 --> 00:30:54,279 to detect and report no unauthorized 1025 00:30:54,280 --> 00:30:56,349 entry. Let's take an idea of what it is 1026 00:30:56,350 --> 00:30:58,119 and perhaps discouraging. 1027 00:30:58,120 --> 00:31:00,549 Unlike intrusion or burglar alarms, seals 1028 00:31:00,550 --> 00:31:03,219 report unauthorized entry after the fact. 1029 00:31:03,220 --> 00:31:05,019 They must be inspected either manually or 1030 00:31:05,020 --> 00:31:06,879 electronically so they can be, you know, 1031 00:31:06,880 --> 00:31:08,049 tamper evident tapes. 1032 00:31:08,050 --> 00:31:09,789 Stickers, seals like the pull of an 1033 00:31:09,790 --> 00:31:11,319 orange is actually a temporary indicating 1034 00:31:11,320 --> 00:31:12,549 device. 1035 00:31:12,550 --> 00:31:14,109 If it looks like that the wrong color and 1036 00:31:14,110 --> 00:31:16,119 you don't eat it, that's his job, 1037 00:31:17,290 --> 00:31:18,820 but didn't help you prevent that. 1038 00:31:19,990 --> 00:31:22,099 And they also so 1039 00:31:22,100 --> 00:31:24,279 a seal does not need to resist a physical 1040 00:31:24,280 --> 00:31:25,809 entry. Actually, it's supposed to be 1041 00:31:25,810 --> 00:31:27,879 broken, but it's supposed to indicate to 1042 00:31:27,880 --> 00:31:30,129 the person that it has 1043 00:31:30,130 --> 00:31:31,389 been opened. 1044 00:31:31,390 --> 00:31:33,699 In other words, a seal is not a lock. 1045 00:31:33,700 --> 00:31:35,919 Indeed, some seals are made of paper 1046 00:31:35,920 --> 00:31:38,049 or plastic and can 1047 00:31:38,050 --> 00:31:40,269 be easily removed or cut off 1048 00:31:40,270 --> 00:31:41,589 certain security products and this 1049 00:31:41,590 --> 00:31:42,590 barrier seals. 1050 00:31:43,750 --> 00:31:45,339 They do provide a physical barrier to 1051 00:31:45,340 --> 00:31:46,299 entry. 1052 00:31:46,300 --> 00:31:47,739 But again, they're not also very often 1053 00:31:47,740 --> 00:31:49,869 reusable. These are hybrid devices. 1054 00:31:49,870 --> 00:31:51,430 Part lock and part seal. 1055 00:31:52,480 --> 00:31:54,969 Barrier seals should be used with care 1056 00:31:54,970 --> 00:31:57,549 barrier seals, often a compromise of 1057 00:31:57,550 --> 00:31:59,229 compromise of a product. 1058 00:31:59,230 --> 00:32:02,319 Neither optimum has a lock or as a seal. 1059 00:32:02,320 --> 00:32:04,029 It's a dual function tends to complicate 1060 00:32:04,030 --> 00:32:05,569 issues about how to best use the product. 1061 00:32:05,570 --> 00:32:07,359 So whether you use it on a laptop or in 1062 00:32:07,360 --> 00:32:09,219 your car, on a shipping container, et 1063 00:32:09,220 --> 00:32:10,220 cetera, et cetera. 1064 00:32:11,050 --> 00:32:13,179 SEALs also require a very strong 1065 00:32:13,180 --> 00:32:14,379 procedures to be put in place to be 1066 00:32:14,380 --> 00:32:16,539 effective. If you don't have a 1067 00:32:16,540 --> 00:32:18,369 policy of having someone check and 1068 00:32:18,370 --> 00:32:19,479 actually checking things, not just 1069 00:32:19,480 --> 00:32:20,839 looking at it, but seeing its serial 1070 00:32:20,840 --> 00:32:23,139 numbers line up does that. 1071 00:32:23,140 --> 00:32:24,669 It does the device look like it's been 1072 00:32:24,670 --> 00:32:26,679 messed with to peel back the change 1073 00:32:26,680 --> 00:32:28,359 color? Any of these different factors, if 1074 00:32:28,360 --> 00:32:29,409 you're not checking for those things 1075 00:32:29,410 --> 00:32:31,869 which can take it and require 1076 00:32:31,870 --> 00:32:33,189 a trained eye. 1077 00:32:33,190 --> 00:32:34,419 They're not effective. 1078 00:32:34,420 --> 00:32:36,489 And so you need to have procurement and 1079 00:32:36,490 --> 00:32:39,189 storage and recordkeeping procedures to, 1080 00:32:39,190 --> 00:32:40,749 you know, make these things work. 1081 00:32:40,750 --> 00:32:42,879 So anyway, turns out, 1082 00:32:42,880 --> 00:32:44,349 physical seals also really suck. 1083 00:32:45,640 --> 00:32:46,929 Aside from having what you think are a 1084 00:32:46,930 --> 00:32:48,459 good thing, good seals like you see on 1085 00:32:48,460 --> 00:32:50,799 the market, it turns out that 1086 00:32:50,800 --> 00:32:52,449 there's an event at DEFCON called the 1087 00:32:52,450 --> 00:32:54,769 Tampa Village, and they've been people 1088 00:32:54,770 --> 00:32:55,749 been taught last year. 1089 00:32:55,750 --> 00:32:57,849 And now this competition's about how fast 1090 00:32:57,850 --> 00:32:59,409 people can develop these seals. 1091 00:32:59,410 --> 00:33:01,029 As you see on the table over here in the 1092 00:33:01,030 --> 00:33:03,129 picture, you see a lot of plastic rafts 1093 00:33:03,130 --> 00:33:04,809 and beads, and those often are defeated 1094 00:33:04,810 --> 00:33:06,909 by, you know, shims made out of coke cans 1095 00:33:06,910 --> 00:33:08,559 of beer cans. 1096 00:33:08,560 --> 00:33:10,719 People also use solvents for 1097 00:33:10,720 --> 00:33:12,819 the paper materials and plastics 1098 00:33:12,820 --> 00:33:14,499 like hep tin acetone. 1099 00:33:14,500 --> 00:33:17,229 All of these things are over-the-counter. 1100 00:33:17,230 --> 00:33:19,419 And it turns out that it doesn't 1101 00:33:19,420 --> 00:33:21,689 take a very long time to defeat 1102 00:33:21,690 --> 00:33:24,759 seals that did a study 1103 00:33:24,760 --> 00:33:26,499 over the years, and they keep adding to 1104 00:33:26,500 --> 00:33:27,729 it as they do more seals that they 1105 00:33:27,730 --> 00:33:30,069 haven't seen. But as you can see here, 1106 00:33:30,070 --> 00:33:32,889 the average time to defeat average 1107 00:33:32,890 --> 00:33:34,809 seals, even high end ones, is around a 1108 00:33:34,810 --> 00:33:37,029 minute and a half, and 1109 00:33:37,030 --> 00:33:38,199 the median is even less than that. 1110 00:33:38,200 --> 00:33:40,209 Like I, I a lot of them I can defeat 1111 00:33:40,210 --> 00:33:42,189 around that time frame myself and I teach 1112 00:33:42,190 --> 00:33:43,539 that too. 1113 00:33:43,540 --> 00:33:45,189 And now I know the defenses for these. 1114 00:33:45,190 --> 00:33:46,329 And it turns out that's not really 1115 00:33:46,330 --> 00:33:48,249 expensive to do so. 1116 00:33:48,250 --> 00:33:50,469 Some some of them are really expensive. 1117 00:33:50,470 --> 00:33:52,249 But yeah, so. 1118 00:33:52,250 --> 00:33:53,619 So there's another problem is that users 1119 00:33:53,620 --> 00:33:54,759 are lazy. 1120 00:33:54,760 --> 00:33:56,469 This this requirement that seals be 1121 00:33:56,470 --> 00:33:58,569 verified by by the user 1122 00:33:58,570 --> 00:33:59,889 and have a big security policy and 1123 00:33:59,890 --> 00:34:01,719 everything else. We've we've got some 1124 00:34:01,720 --> 00:34:03,579 sort of analogs in the regular computer 1125 00:34:03,580 --> 00:34:05,199 security world. Things like SSL 1126 00:34:05,200 --> 00:34:06,999 certificate checking and SSA games and 1127 00:34:07,000 --> 00:34:08,649 everything else. People just click 1128 00:34:08,650 --> 00:34:09,968 through. They don't, they don't really 1129 00:34:09,969 --> 00:34:10,899 put any effort into it. 1130 00:34:10,900 --> 00:34:12,428 So when they've got a choice, they're 1131 00:34:12,429 --> 00:34:14,529 going to skip ahead. 1132 00:34:14,530 --> 00:34:16,599 So it's really unlikely 1133 00:34:16,600 --> 00:34:17,799 we're going to build a great system that 1134 00:34:17,800 --> 00:34:20,019 depends on users making correct 1135 00:34:20,020 --> 00:34:21,339 security decisions all the time. 1136 00:34:23,139 --> 00:34:24,099 There's another feature that be really 1137 00:34:24,100 --> 00:34:25,928 nice remote attestation. 1138 00:34:25,929 --> 00:34:28,029 It'd be nice like this whole cloud thing 1139 00:34:28,030 --> 00:34:29,468 with like remote services and all these 1140 00:34:29,469 --> 00:34:30,939 other things. Be nice of the cloud 1141 00:34:30,940 --> 00:34:32,799 service that actually had your data knew 1142 00:34:32,800 --> 00:34:34,388 that your laptop was secure before you 1143 00:34:34,389 --> 00:34:36,069 connected to it and did all this stuff. 1144 00:34:36,070 --> 00:34:38,169 So you need a way that 1145 00:34:38,170 --> 00:34:40,329 your computing device can prove 1146 00:34:40,330 --> 00:34:42,729 to the remote server in your organization 1147 00:34:42,730 --> 00:34:44,169 server or a commercial service or 1148 00:34:44,170 --> 00:34:47,019 whatever that it's actually intact. 1149 00:34:47,020 --> 00:34:48,428 There are devices that do this. 1150 00:34:48,429 --> 00:34:50,919 The problem is they're not really ideal. 1151 00:34:50,920 --> 00:34:52,569 One of the classes of devices is 1152 00:34:52,570 --> 00:34:54,309 something called a hardware security 1153 00:34:54,310 --> 00:34:56,529 module. They are basically 1154 00:34:56,530 --> 00:34:58,419 computers inside little safes. 1155 00:34:58,420 --> 00:35:00,549 They've got tamper evidence all over them 1156 00:35:00,550 --> 00:35:01,659 and tamper response. 1157 00:35:01,660 --> 00:35:02,769 So if you try to mess with them 1158 00:35:02,770 --> 00:35:05,169 physically or logically or anything else, 1159 00:35:05,170 --> 00:35:06,609 they erase the contents before you can 1160 00:35:06,610 --> 00:35:07,599 get to them. 1161 00:35:07,600 --> 00:35:10,119 The problem is they're like $20000 each, 1162 00:35:10,120 --> 00:35:11,799 and there's maybe two or three big 1163 00:35:11,800 --> 00:35:13,479 manufacturers of them, and they're big 1164 00:35:13,480 --> 00:35:15,609 defense contractors, slash government 1165 00:35:15,610 --> 00:35:17,979 vendors. So if an activist 1166 00:35:17,980 --> 00:35:20,469 organization were to try to buy one on 1167 00:35:20,470 --> 00:35:22,089 the website, one, they probably didn't 1168 00:35:22,090 --> 00:35:23,959 get one because their expert control, 1169 00:35:23,960 --> 00:35:26,019 too. If they were having one shipped 1170 00:35:26,020 --> 00:35:27,219 to them, it would be one of those 1171 00:35:27,220 --> 00:35:28,719 packages that would get sort of like 1172 00:35:28,720 --> 00:35:30,429 mysteriously delayed for a couple of 1173 00:35:30,430 --> 00:35:31,659 hours and replaced with one that's 1174 00:35:31,660 --> 00:35:32,889 actually evil. 1175 00:35:32,890 --> 00:35:33,890 So they couldn't trust it. 1176 00:35:35,350 --> 00:35:37,029 And they're so expensive that no one's 1177 00:35:37,030 --> 00:35:38,169 really going to do like a tear down 1178 00:35:38,170 --> 00:35:40,269 analysis of a $20000 device where 1179 00:35:40,270 --> 00:35:42,129 you got a burn like five or six of these 1180 00:35:42,130 --> 00:35:43,659 devices and everything else, like no 1181 00:35:43,660 --> 00:35:44,949 private organization is you. 1182 00:35:44,950 --> 00:35:46,209 No private individual is going to do 1183 00:35:46,210 --> 00:35:47,919 that. And you can't really trust like a 1184 00:35:47,920 --> 00:35:49,489 standards agency to do this for you. 1185 00:35:49,490 --> 00:35:51,549 Yeah. So there's also 1186 00:35:51,550 --> 00:35:53,049 smart cards, which are great. 1187 00:35:53,050 --> 00:35:54,429 They're cheap, they're in all your cell 1188 00:35:54,430 --> 00:35:55,419 phones or SIM cards. 1189 00:35:55,420 --> 00:35:56,859 They're in I.D. cards or in payment 1190 00:35:56,860 --> 00:35:58,149 cards, everything else from us, they 1191 00:35:58,150 --> 00:35:59,439 don't actually provide enough physical 1192 00:35:59,440 --> 00:36:01,389 protection for this threat model. 1193 00:36:01,390 --> 00:36:03,009 They provide protection for individual 1194 00:36:03,010 --> 00:36:04,779 credentials. But in this case, if you 1195 00:36:04,780 --> 00:36:06,549 compromise any of the systems, you're 1196 00:36:06,550 --> 00:36:07,479 going to compromise all of them. 1197 00:36:07,480 --> 00:36:09,249 So it's not so great. 1198 00:36:09,250 --> 00:36:11,199 There's also trusted computing, so it's 1199 00:36:11,200 --> 00:36:13,929 the the tag 20:00 1200 00:36:13,930 --> 00:36:16,059 text all these acronyms from people 1201 00:36:16,060 --> 00:36:17,259 that have been really around since, like 1202 00:36:17,260 --> 00:36:18,260 the mid late 90s. 1203 00:36:19,720 --> 00:36:20,919 It's inadequate. 1204 00:36:20,920 --> 00:36:22,449 It's inadequate for a few reasons. 1205 00:36:22,450 --> 00:36:24,339 One not really widely deployed doesn't 1206 00:36:24,340 --> 00:36:26,109 really work, but maybe we can fix that. 1207 00:36:26,110 --> 00:36:28,479 But second, it doesn't protect 1208 00:36:28,480 --> 00:36:30,189 the whole thing that you need to protect. 1209 00:36:30,190 --> 00:36:32,979 It was designed to do basically DRM 1210 00:36:32,980 --> 00:36:34,749 digital rights management to keep people 1211 00:36:34,750 --> 00:36:36,759 from pirating movie content. 1212 00:36:36,760 --> 00:36:38,049 We can see how well that's worked. 1213 00:36:38,050 --> 00:36:40,209 And it it's not 1214 00:36:40,210 --> 00:36:41,409 really designed to protect a single 1215 00:36:41,410 --> 00:36:43,419 machine, a single computer from a focused 1216 00:36:43,420 --> 00:36:45,519 attack. You can still attack the memory. 1217 00:36:45,520 --> 00:36:46,479 You can attack all sorts of stuff. 1218 00:36:46,480 --> 00:36:48,879 So it's insufficient and it's a pain. 1219 00:36:48,880 --> 00:36:50,379 So it's not really a great solution, 1220 00:36:50,380 --> 00:36:52,179 either. And certainly, it's not a great 1221 00:36:52,180 --> 00:36:53,469 solution if somebody has physical access 1222 00:36:53,470 --> 00:36:55,449 to your machine to do stuff with it. 1223 00:36:55,450 --> 00:36:56,679 So where do we go from here? 1224 00:36:58,690 --> 00:37:00,129 You know, people think it's a good idea 1225 00:37:00,130 --> 00:37:01,299 to, you know, take a notebook, write down 1226 00:37:01,300 --> 00:37:02,679 things and check it. But it's not really 1227 00:37:02,680 --> 00:37:03,639 objective. 1228 00:37:03,640 --> 00:37:05,589 You need machine verifiable and 1229 00:37:05,590 --> 00:37:06,939 repeatable tests. 1230 00:37:06,940 --> 00:37:09,069 So quick quiz for the 1231 00:37:09,070 --> 00:37:11,139 audience who can tell 1232 00:37:11,140 --> 00:37:13,509 me what is different about 1233 00:37:13,510 --> 00:37:14,979 these two pictures. 1234 00:37:14,980 --> 00:37:16,899 Raise your hand and I'll put you out and 1235 00:37:16,900 --> 00:37:18,670 you can yell at anybody. 1236 00:37:19,840 --> 00:37:20,840 Audience participation? 1237 00:37:22,980 --> 00:37:25,260 Anyone just shouted out what's different. 1238 00:37:28,300 --> 00:37:30,379 No one, I know it's kind of hard 1239 00:37:30,380 --> 00:37:32,349 up here. OK, maybe this will be a little 1240 00:37:32,350 --> 00:37:33,369 easier. 1241 00:37:33,370 --> 00:37:36,129 It's a technique called blink comparison. 1242 00:37:36,130 --> 00:37:37,510 What's changing now? Can you see it? 1243 00:37:40,530 --> 00:37:41,530 Right. 1244 00:37:43,790 --> 00:37:45,289 Yes, that's true. 1245 00:37:45,290 --> 00:37:46,819 This is a simple technique you can use 1246 00:37:46,820 --> 00:37:48,499 developed by astronomers many, many, 1247 00:37:48,500 --> 00:37:50,359 many, many moons ago. 1248 00:37:50,360 --> 00:37:51,829 And it makes it a lot easier for you to 1249 00:37:51,830 --> 00:37:53,239 tell it something's changed. 1250 00:37:53,240 --> 00:37:55,489 You can't just say I turn the screw 38 1251 00:37:55,490 --> 00:37:57,109 degrees. It's just not going to really 1252 00:37:57,110 --> 00:37:59,179 cut it unless you have, like, you 1253 00:37:59,180 --> 00:38:01,429 know, method photography, like 1254 00:38:01,430 --> 00:38:04,159 a mobile phone or some other device. 1255 00:38:04,160 --> 00:38:05,839 It's just you won't know if something's 1256 00:38:05,840 --> 00:38:07,159 been tampered with or just you're 1257 00:38:07,160 --> 00:38:09,439 paranoid, even if it's true. 1258 00:38:09,440 --> 00:38:11,509 So where do 1259 00:38:11,510 --> 00:38:12,799 we go from here? 1260 00:38:12,800 --> 00:38:15,109 Yeah. So the problem is 1261 00:38:15,110 --> 00:38:16,219 so this is a great check. 1262 00:38:16,220 --> 00:38:17,479 And if you use a cell phone to do this 1263 00:38:17,480 --> 00:38:19,429 check, it's easy to do. 1264 00:38:19,430 --> 00:38:20,339 Cheaper to do everything. 1265 00:38:20,340 --> 00:38:22,499 But someone shouted, 1266 00:38:22,500 --> 00:38:23,500 OK, 1267 00:38:23,960 --> 00:38:25,309 so it's easy to do. 1268 00:38:25,310 --> 00:38:27,409 But the problem is it doesn't really 1269 00:38:27,410 --> 00:38:29,479 address the problem of users are pretty 1270 00:38:29,480 --> 00:38:30,799 lazy. 1271 00:38:30,800 --> 00:38:32,659 What you do is you'd ask a user to say 1272 00:38:32,660 --> 00:38:34,069 are the seals and tack on your machine. 1273 00:38:34,070 --> 00:38:35,569 Before you log into this website, please 1274 00:38:35,570 --> 00:38:38,059 check. Check this box if it's secure. 1275 00:38:38,060 --> 00:38:39,109 Yeah. You know how well it's going to 1276 00:38:39,110 --> 00:38:41,239 work. So what we did is 1277 00:38:41,240 --> 00:38:43,279 we came up with a way that we could make 1278 00:38:43,280 --> 00:38:45,409 the seal verification 1279 00:38:45,410 --> 00:38:46,639 basically like a two factor 1280 00:38:46,640 --> 00:38:47,599 authentication. 1281 00:38:47,600 --> 00:38:49,819 So if the machine check that 1282 00:38:49,820 --> 00:38:51,889 then sends something to a remote 1283 00:38:51,890 --> 00:38:53,629 server that's located in your in your 1284 00:38:53,630 --> 00:38:55,909 home data center verifies 1285 00:38:55,910 --> 00:38:57,289 the integrity of the seal and then sends 1286 00:38:57,290 --> 00:38:58,409 you back a short lived credential. 1287 00:38:58,410 --> 00:38:59,689 Right now, it's a Kerberos ticket, but we 1288 00:38:59,690 --> 00:39:01,369 could do SSL, sir. 1289 00:39:01,370 --> 00:39:02,509 We could do all sorts of stuff or just 1290 00:39:02,510 --> 00:39:03,650 allow you access the resource. 1291 00:39:04,910 --> 00:39:07,129 And this basically makes it non skip over 1292 00:39:07,130 --> 00:39:09,289 by the user. If the user doesn't 1293 00:39:09,290 --> 00:39:10,729 do the check, they don't get access. 1294 00:39:10,730 --> 00:39:13,009 Pretty fair and it works great. 1295 00:39:13,010 --> 00:39:15,079 It's cheap, uses cheap seals, uses 1296 00:39:15,080 --> 00:39:16,249 cell phones that everyone's got with 1297 00:39:16,250 --> 00:39:17,449 them. 1298 00:39:17,450 --> 00:39:18,979 The cell phone is considered to be secure 1299 00:39:18,980 --> 00:39:20,869 because you have it with you at all times 1300 00:39:20,870 --> 00:39:22,099 and it can protect. 1301 00:39:22,100 --> 00:39:23,359 And a lot of these scenarios that we've 1302 00:39:23,360 --> 00:39:25,459 outlined can go through the 1303 00:39:25,460 --> 00:39:26,699 business traveler. All these people. 1304 00:39:26,700 --> 00:39:28,879 Yeah. So how would you apply these 1305 00:39:28,880 --> 00:39:30,289 things to your own devices? 1306 00:39:30,290 --> 00:39:32,809 So first off of the business traveler, 1307 00:39:32,810 --> 00:39:34,609 nowadays people are starting to make USB 1308 00:39:34,610 --> 00:39:36,799 port plugs like ultra port plugs 1309 00:39:36,800 --> 00:39:38,539 like in your ThinkPads. 1310 00:39:38,540 --> 00:39:40,189 What you want to do is put them in to 1311 00:39:40,190 --> 00:39:41,629 disable the port. Physically, you'll have 1312 00:39:41,630 --> 00:39:43,159 to disassembled machine. 1313 00:39:43,160 --> 00:39:45,019 So if you're putting tamper evidence 1314 00:39:45,020 --> 00:39:46,699 stickers over all the control surfaces, 1315 00:39:46,700 --> 00:39:48,019 which are areas that you can open to get 1316 00:39:48,020 --> 00:39:50,689 internal access, it's a good start. 1317 00:39:50,690 --> 00:39:51,769 Then again, you've got to make sure you 1318 00:39:51,770 --> 00:39:54,079 have a tamper indicating device that 1319 00:39:54,080 --> 00:39:55,219 is very fragile. 1320 00:39:55,220 --> 00:39:56,539 You don't want something that could be 1321 00:39:56,540 --> 00:39:58,699 peeled back and put back very 1322 00:39:58,700 --> 00:40:00,349 quickly unless someone doesn't know that 1323 00:40:00,350 --> 00:40:02,299 that actually is a tampering to conceal. 1324 00:40:02,300 --> 00:40:03,829 Maybe you just have your EFI sticker as 1325 00:40:03,830 --> 00:40:04,999 an example and anything. 1326 00:40:05,000 --> 00:40:07,189 It's just decoration, but really, it's 1327 00:40:07,190 --> 00:40:09,019 you. It's to tell you that something has 1328 00:40:09,020 --> 00:40:11,179 happened and then activist 1329 00:40:11,180 --> 00:40:13,189 organizations at their headquarters. 1330 00:40:13,190 --> 00:40:15,259 Maybe just putting, you know, a pen 1331 00:40:15,260 --> 00:40:16,819 on a table in a particular way and then 1332 00:40:16,820 --> 00:40:18,499 you photograph it. You have to do like a 1333 00:40:18,500 --> 00:40:20,089 photograph. You can't just say, I placed 1334 00:40:20,090 --> 00:40:21,799 it there. It's you're really going to 1335 00:40:21,800 --> 00:40:23,869 miss stuff. And so what you do is to get 1336 00:40:23,870 --> 00:40:25,339 access to, let's say, a filing cabinet. 1337 00:40:25,340 --> 00:40:26,839 You maybe have to move something. 1338 00:40:26,840 --> 00:40:28,189 And if they don't play spec directly, 1339 00:40:28,190 --> 00:40:29,449 you'll know something has happened. 1340 00:40:29,450 --> 00:40:30,799 Someone has been there. 1341 00:40:30,800 --> 00:40:31,849 Just make sure if it's something light 1342 00:40:31,850 --> 00:40:33,979 like paper, you don't have a fan blowing 1343 00:40:33,980 --> 00:40:35,179 around and just knock things over it. 1344 00:40:35,180 --> 00:40:37,339 Be useless online gaming. 1345 00:40:37,340 --> 00:40:39,289 Or you can use the safe, but you should, 1346 00:40:39,290 --> 00:40:41,839 you know, use seals in the safe. 1347 00:40:41,840 --> 00:40:43,459 I didn't really cover covert traps, but 1348 00:40:43,460 --> 00:40:45,949 covert traps are, are, 1349 00:40:45,950 --> 00:40:47,839 you know, your secret tamper indicating 1350 00:40:47,840 --> 00:40:49,639 devices like a piece of hair like you put 1351 00:40:49,640 --> 00:40:51,379 it on doorjamb, like at place it. 1352 00:40:51,380 --> 00:40:52,819 It's very hard to see, very hard to 1353 00:40:52,820 --> 00:40:54,349 detect unless someone knows to look for 1354 00:40:54,350 --> 00:40:56,569 it. But then you have other seals around 1355 00:40:56,570 --> 00:40:57,589 just as distraction. 1356 00:40:57,590 --> 00:40:58,999 But they also are covering important 1357 00:40:59,000 --> 00:41:00,229 parts. 1358 00:41:00,230 --> 00:41:01,459 Journalists operating in dangerous 1359 00:41:01,460 --> 00:41:02,899 environments, they're kind of the same 1360 00:41:02,900 --> 00:41:04,219 thing. 1361 00:41:04,220 --> 00:41:05,389 But also, if you're going to go meet 1362 00:41:05,390 --> 00:41:07,459 somebody in a particular area, 1363 00:41:07,460 --> 00:41:08,959 you know, you clear it ahead of time. 1364 00:41:08,960 --> 00:41:10,309 You go check out. I mean, you're going to 1365 00:41:10,310 --> 00:41:11,929 be in a room where you know, no one will 1366 00:41:11,930 --> 00:41:14,209 be. But you want to make sure that after 1367 00:41:14,210 --> 00:41:15,859 the time between you clean it clear, 1368 00:41:15,860 --> 00:41:17,449 check it and you come back. 1369 00:41:17,450 --> 00:41:19,489 No one's been there. So you put seals on 1370 00:41:19,490 --> 00:41:20,779 doors. Maybe you move a chair in a 1371 00:41:20,780 --> 00:41:23,149 particular way so that you can check 1372 00:41:23,150 --> 00:41:24,979 again with a photograph. 1373 00:41:24,980 --> 00:41:26,659 And for people living in war zones, one 1374 00:41:26,660 --> 00:41:27,799 of the ways you could use this would be 1375 00:41:27,800 --> 00:41:29,209 when you're sending information or 1376 00:41:29,210 --> 00:41:31,459 sending physical items to people, you put 1377 00:41:31,460 --> 00:41:33,859 them in a sealed container that has seals 1378 00:41:33,860 --> 00:41:35,299 and you send them out of band through 1379 00:41:35,300 --> 00:41:37,219 email or through some other means. 1380 00:41:37,220 --> 00:41:38,839 The integrity information for that seals 1381 00:41:38,840 --> 00:41:40,219 they can verify the package hasn't been 1382 00:41:40,220 --> 00:41:41,659 tampered with and they receive it, so 1383 00:41:41,660 --> 00:41:42,709 they know it's actually from you. 1384 00:41:42,710 --> 00:41:44,029 It's basically a way to cryptographically 1385 00:41:44,030 --> 00:41:45,469 sign a physical item, which is kind of 1386 00:41:45,470 --> 00:41:47,149 cool. Yeah. 1387 00:41:47,150 --> 00:41:48,919 The problem with all these seals, we 1388 00:41:48,920 --> 00:41:50,419 think, are a great solution to this, but 1389 00:41:50,420 --> 00:41:51,619 they've got some definite problems. 1390 00:41:51,620 --> 00:41:53,239 The biggest problem is they can't go back 1391 00:41:53,240 --> 00:41:54,139 in time. 1392 00:41:54,140 --> 00:41:55,340 You know, you need to 1393 00:41:56,720 --> 00:41:58,549 if you've got a device and you just show 1394 00:41:58,550 --> 00:41:59,779 up with a new device and you ask me, 1395 00:41:59,780 --> 00:42:01,619 like, is this device tampered with? 1396 00:42:01,620 --> 00:42:02,599 There's no way I'm going to be able to 1397 00:42:02,600 --> 00:42:04,369 give you a good answer because the 1398 00:42:04,370 --> 00:42:05,659 there's so many ways you can tamper with 1399 00:42:05,660 --> 00:42:06,859 something. If you don't have a good 1400 00:42:06,860 --> 00:42:08,509 baseline measurement on that device, you 1401 00:42:08,510 --> 00:42:10,399 won't be able to compare it to anything. 1402 00:42:10,400 --> 00:42:12,049 So you'll be trying to find like vendor 1403 00:42:12,050 --> 00:42:13,969 specs for it. But there's Arata that 1404 00:42:13,970 --> 00:42:15,049 basically is going to work. I would just 1405 00:42:15,050 --> 00:42:17,929 tell you, buying a device the 1406 00:42:17,930 --> 00:42:19,309 and most of the devices, they're not 1407 00:42:19,310 --> 00:42:21,199 designed to be very tamper evident at all 1408 00:42:21,200 --> 00:42:23,119 because tamper evidence is like the enemy 1409 00:42:23,120 --> 00:42:24,499 of easy manufacturing and cheap 1410 00:42:24,500 --> 00:42:25,519 manufacturing. 1411 00:42:25,520 --> 00:42:27,559 So people want cheap stuff. 1412 00:42:28,610 --> 00:42:30,499 So the problem is we need to convince 1413 00:42:30,500 --> 00:42:32,239 people that they should be worried about 1414 00:42:32,240 --> 00:42:34,999 this in advance of having a problem and 1415 00:42:35,000 --> 00:42:36,649 sort of implement these policies earlier 1416 00:42:36,650 --> 00:42:37,549 on. 1417 00:42:37,550 --> 00:42:39,259 Operational security is not retroactive. 1418 00:42:39,260 --> 00:42:40,669 You've got to be doing it at the beginning 1419 00:42:40,670 --> 00:42:41,909 or something bad is going to happen. 1420 00:42:41,910 --> 00:42:43,169 On the line. 1421 00:42:43,170 --> 00:42:44,459 So and so we've got some areas for 1422 00:42:44,460 --> 00:42:46,349 research by other people or us or 1423 00:42:46,350 --> 00:42:47,350 whatever. 1424 00:42:47,790 --> 00:42:49,619 So a major area is this is actually 1425 00:42:49,620 --> 00:42:51,689 policy. Knowing that you need to do this 1426 00:42:51,690 --> 00:42:53,429 or that isn't is a threat, that physical 1427 00:42:53,430 --> 00:42:55,109 attacks are a threat and you need to do 1428 00:42:55,110 --> 00:42:57,449 countermeasures computing devices 1429 00:42:57,450 --> 00:42:58,739 that are designed for better tamper 1430 00:42:58,740 --> 00:43:00,899 evidence in response, maybe a 1431 00:43:00,900 --> 00:43:02,009 computer that doesn't have a bunch of 1432 00:43:02,010 --> 00:43:03,989 ports on it and a bunch of direct dmaa 1433 00:43:03,990 --> 00:43:05,729 access memory ports external to the 1434 00:43:05,730 --> 00:43:06,719 system and things like that would be 1435 00:43:06,720 --> 00:43:07,720 nice. 1436 00:43:08,340 --> 00:43:10,559 Better ties between the SEAL technology 1437 00:43:10,560 --> 00:43:12,059 and trust computer technology. 1438 00:43:12,060 --> 00:43:14,789 So I sort of wrote off the TCG 1439 00:43:14,790 --> 00:43:16,109 trusted computing stuff from a physical 1440 00:43:16,110 --> 00:43:18,299 perspective, but it turns out 1441 00:43:18,300 --> 00:43:20,039 if you combine that with seals, you can 1442 00:43:20,040 --> 00:43:21,299 actually get some pretty good protection 1443 00:43:21,300 --> 00:43:23,039 that you wouldn't get with either alone. 1444 00:43:23,040 --> 00:43:25,289 And integration in an organizational 1445 00:43:25,290 --> 00:43:27,299 environment into things like your VPN 1446 00:43:27,300 --> 00:43:28,799 system, your mobile device management 1447 00:43:28,800 --> 00:43:30,119 network, access control. 1448 00:43:30,120 --> 00:43:31,559 Because if this is like a little separate 1449 00:43:31,560 --> 00:43:33,059 system that doesn't really touch the rest 1450 00:43:33,060 --> 00:43:34,689 of your systems, you'll ignore it and it. 1451 00:43:34,690 --> 00:43:36,119 What actually is it? But if you tie it 1452 00:43:36,120 --> 00:43:37,709 into your VPNs, you only get access to 1453 00:43:37,710 --> 00:43:39,149 your VPN. When the seal check is 1454 00:43:39,150 --> 00:43:41,609 verified, only get access to 1455 00:43:41,610 --> 00:43:42,509 other resources. 1456 00:43:42,510 --> 00:43:44,759 That way, it'll work really well, and 1457 00:43:44,760 --> 00:43:46,259 the seals we're using are not really 1458 00:43:46,260 --> 00:43:47,699 designed for this. They're sort of where 1459 00:43:47,700 --> 00:43:49,889 we were reusing seals, the the 1460 00:43:49,890 --> 00:43:51,539 sensor platform we have as a cell phone 1461 00:43:51,540 --> 00:43:53,339 that has a it's a decent camera, but not 1462 00:43:53,340 --> 00:43:54,899 a great camera, especially for macro type 1463 00:43:54,900 --> 00:43:57,179 stuff. And a lot of the seals 1464 00:43:57,180 --> 00:43:58,769 are designed to be inspected by humans 1465 00:43:58,770 --> 00:44:01,139 visually, like a very forensic level. 1466 00:44:01,140 --> 00:44:03,389 So nice to have seals that are designed 1467 00:44:03,390 --> 00:44:05,699 and optimized to be better, 1468 00:44:05,700 --> 00:44:08,219 sensible by the verifiable by phone 1469 00:44:08,220 --> 00:44:10,139 and maybe other kinds of thing rather 1470 00:44:10,140 --> 00:44:11,639 than visual. 1471 00:44:11,640 --> 00:44:13,019 So it's a bunch of stuff like that, and 1472 00:44:13,020 --> 00:44:14,159 I'm sure there's other areas of research 1473 00:44:14,160 --> 00:44:15,749 that are that are appealing as well. 1474 00:44:17,200 --> 00:44:19,359 So in conclusion, we're now realizing 1475 00:44:19,360 --> 00:44:20,769 that there's a much wider variety of 1476 00:44:20,770 --> 00:44:22,359 users at risk, it's not just government 1477 00:44:22,360 --> 00:44:24,399 entities and intelligence communities, 1478 00:44:24,400 --> 00:44:26,529 but it's basically everyone in this room. 1479 00:44:26,530 --> 00:44:28,719 New technical solutions are needed. 1480 00:44:28,720 --> 00:44:29,919 Most of this stuff and most of the 1481 00:44:29,920 --> 00:44:31,269 knowledge base is kept up in those 1482 00:44:31,270 --> 00:44:32,769 organizations, and there's not a lot of 1483 00:44:32,770 --> 00:44:34,329 that publicly available just yet. 1484 00:44:34,330 --> 00:44:36,189 There's a lot of people that are amateurs 1485 00:44:36,190 --> 00:44:37,959 playing this game, and some professionals 1486 00:44:37,960 --> 00:44:39,849 and I understand where I'm from. 1487 00:44:39,850 --> 00:44:41,409 I know most of them. 1488 00:44:41,410 --> 00:44:43,179 And there's not enough to go around to 1489 00:44:43,180 --> 00:44:44,379 start teaching everybody. 1490 00:44:44,380 --> 00:44:46,209 And also, remote verified seals are a 1491 00:44:46,210 --> 00:44:48,549 great solution because then you have 1492 00:44:48,550 --> 00:44:50,169 like, you know, our networked resource 1493 00:44:50,170 --> 00:44:51,789 that can do a little more verification 1494 00:44:51,790 --> 00:44:53,829 than the person locally can do and also 1495 00:44:53,830 --> 00:44:56,439 can cut them off from access. 1496 00:44:56,440 --> 00:44:58,539 And then also, it's slightly 1497 00:44:58,540 --> 00:44:59,829 complex enough that you may need a little 1498 00:44:59,830 --> 00:45:01,149 help just to get started. 1499 00:45:01,150 --> 00:45:02,529 And so there's other than just putting 1500 00:45:02,530 --> 00:45:03,939 seals on there, but having a good 1501 00:45:03,940 --> 00:45:06,099 baseline of policies and procedures. 1502 00:45:06,100 --> 00:45:07,989 So anyway, that's our talk. 1503 00:45:16,280 --> 00:45:18,589 So we'll open up the floor for a few 1504 00:45:18,590 --> 00:45:19,339 minutes. 1505 00:45:19,340 --> 00:45:21,409 Christine, yeah, hi. 1506 00:45:21,410 --> 00:45:22,999 OK. Yeah, we have. 1507 00:45:23,000 --> 00:45:24,889 We have time for questions. 1508 00:45:24,890 --> 00:45:27,079 Please line up at the microphones we have 1509 00:45:27,080 --> 00:45:28,969 for microphones. 1510 00:45:28,970 --> 00:45:31,069 I can't tell, are there microphones up 1511 00:45:31,070 --> 00:45:32,119 top? 1512 00:45:32,120 --> 00:45:34,159 And we're also taking questions from the 1513 00:45:34,160 --> 00:45:36,109 internet. So if you're watching our live 1514 00:45:36,110 --> 00:45:38,059 stream, haven't made it to the Congress 1515 00:45:38,060 --> 00:45:40,249 hall yet, please. 1516 00:45:40,250 --> 00:45:42,499 We are taking from Twitter and 1517 00:45:42,500 --> 00:45:43,500 IAC. 1518 00:45:44,660 --> 00:45:46,849 So let's get 1519 00:45:46,850 --> 00:45:48,679 started. How about Microphone two? 1520 00:45:49,750 --> 00:45:52,069 Hi, less a question 1521 00:45:52,070 --> 00:45:54,859 and more a very brief story 1522 00:45:54,860 --> 00:45:57,529 about physical access 1523 00:45:57,530 --> 00:45:59,869 that I'm pretty sure even you probably 1524 00:45:59,870 --> 00:46:01,219 haven't heard of. 1525 00:46:01,220 --> 00:46:03,799 I work at a robotics company. 1526 00:46:03,800 --> 00:46:05,689 We exist. 1527 00:46:05,690 --> 00:46:07,819 The company runs mostly on interns 1528 00:46:07,820 --> 00:46:09,499 and visiting researchers that come and 1529 00:46:09,500 --> 00:46:10,500 go. 1530 00:46:11,090 --> 00:46:13,699 And this actually happens. 1531 00:46:15,680 --> 00:46:18,140 One of the one of our interns, 1532 00:46:20,150 --> 00:46:22,699 we had him over for a semester 1533 00:46:22,700 --> 00:46:24,619 and first semester. 1534 00:46:24,620 --> 00:46:26,859 Great break did some great work, 1535 00:46:26,860 --> 00:46:29,299 decided to have him back, pulled 1536 00:46:29,300 --> 00:46:30,559 his physical access. 1537 00:46:30,560 --> 00:46:32,809 His hit key pulled his other 1538 00:46:32,810 --> 00:46:35,599 access. But because 1539 00:46:35,600 --> 00:46:37,189 this is an academic environment, you want 1540 00:46:37,190 --> 00:46:38,959 to encourage collaboration while they're 1541 00:46:38,960 --> 00:46:40,549 back at their home university didn't pull 1542 00:46:40,550 --> 00:46:41,839 the VPN keys. 1543 00:46:41,840 --> 00:46:44,389 Oops! Have him back for a second 1544 00:46:44,390 --> 00:46:46,489 term and he gets there. 1545 00:46:46,490 --> 00:46:48,139 All right. And he's very young, 1546 00:46:48,140 --> 00:46:49,249 industrious intern. 1547 00:46:49,250 --> 00:46:51,409 He gets back for his first day of 1548 00:46:51,410 --> 00:46:53,359 his second term, all bright eyed and 1549 00:46:53,360 --> 00:46:55,339 bushy tailed and realizes, hey, he 1550 00:46:55,340 --> 00:46:56,749 doesn't have door access yet, 1551 00:46:57,830 --> 00:47:00,469 but he does have his VPN keys 1552 00:47:00,470 --> 00:47:02,179 and he's sitting outside the office. 1553 00:47:02,180 --> 00:47:03,889 He's sitting outside the building. 1554 00:47:03,890 --> 00:47:06,559 And so he pops open his laptop 1555 00:47:06,560 --> 00:47:09,199 VPNs into the internal network 1556 00:47:09,200 --> 00:47:11,419 associates is into a robot, 1557 00:47:11,420 --> 00:47:13,729 drives the robot over the door, 1558 00:47:13,730 --> 00:47:15,529 over to the door and runs the door 1559 00:47:15,530 --> 00:47:17,629 opening program from the 1560 00:47:17,630 --> 00:47:18,630 inside. 1561 00:47:23,700 --> 00:47:25,009 OK. 1562 00:47:25,010 --> 00:47:26,599 Yeah, sounds like I want to hire him. 1563 00:47:26,600 --> 00:47:28,219 And and as. 1564 00:47:28,220 --> 00:47:29,629 And actually, we checked this. 1565 00:47:29,630 --> 00:47:30,630 There was 1566 00:47:31,700 --> 00:47:33,669 there was because it was from the inside. 1567 00:47:33,670 --> 00:47:35,659 There was no record in the hidden logs. 1568 00:47:35,660 --> 00:47:37,769 Yeah, yeah. And the FDA 1569 00:47:37,770 --> 00:47:40,609 doesn't do only a an SS each. 1570 00:47:40,610 --> 00:47:42,079 You can only tell he started a VPN 1571 00:47:42,080 --> 00:47:43,669 session. There's no logging of like what 1572 00:47:43,670 --> 00:47:46,099 machine he web VPN into because 1573 00:47:46,100 --> 00:47:48,289 the robot is basically a little Linux 1574 00:47:48,290 --> 00:47:49,429 box on wheels. 1575 00:47:49,430 --> 00:47:49,789 Yeah. 1576 00:47:49,790 --> 00:47:51,469 Interesting follow up to that, and that's 1577 00:47:51,470 --> 00:47:52,679 great story. Thank you. 1578 00:47:52,680 --> 00:47:53,960 That's very entertaining. 1579 00:47:55,460 --> 00:47:57,379 Yeah, a lot of companies, they don't link 1580 00:47:57,380 --> 00:47:59,869 their VPN with their 1581 00:47:59,870 --> 00:48:01,639 their, you know, other credentials and 1582 00:48:01,640 --> 00:48:03,289 systems like if someone's desktop fires 1583 00:48:03,290 --> 00:48:04,519 up, but they didn't walk into the 1584 00:48:04,520 --> 00:48:06,319 building and this they're supposedly 1585 00:48:06,320 --> 00:48:08,539 there, but they're not, you know, 1586 00:48:08,540 --> 00:48:10,699 the CTO and the CSO 1587 00:48:10,700 --> 00:48:12,289 don't actually talk to each other often. 1588 00:48:12,290 --> 00:48:14,569 So there's a lot of problems with that. 1589 00:48:14,570 --> 00:48:17,119 So as an example, right there, you 1590 00:48:17,120 --> 00:48:19,189 don't have, you know, exit control, 1591 00:48:19,190 --> 00:48:21,319 access logs and also you're not 1592 00:48:21,320 --> 00:48:22,759 logging the robots. 1593 00:48:22,760 --> 00:48:24,709 So interesting use case. 1594 00:48:24,710 --> 00:48:27,169 But but yeah, that is a big problem. 1595 00:48:27,170 --> 00:48:29,149 OK, I understand we have a number of 1596 00:48:29,150 --> 00:48:30,350 questions from the internet. 1597 00:48:31,920 --> 00:48:33,709 That's just one really at the moment. 1598 00:48:33,710 --> 00:48:35,489 Oh, voice from above. 1599 00:48:38,070 --> 00:48:40,529 Christian Christian from Mercy. 1600 00:48:40,530 --> 00:48:42,720 Are you aware of any Open-Source 1601 00:48:44,160 --> 00:48:46,679 hardware security module or something 1602 00:48:46,680 --> 00:48:48,419 that you could build? 1603 00:48:48,420 --> 00:48:49,619 Ryan, you can take that schmuck 1604 00:48:49,620 --> 00:48:50,729 on in about a month. 1605 00:48:50,730 --> 00:48:52,559 I'm doing a presentation on that. 1606 00:48:52,560 --> 00:48:53,969 There are actually our four or five 1607 00:48:53,970 --> 00:48:56,099 projects to do something like 1608 00:48:56,100 --> 00:48:57,649 that one from a 1609 00:48:58,950 --> 00:49:01,169 DNA seq one. 1610 00:49:01,170 --> 00:49:03,359 There's a few people who use 1611 00:49:03,360 --> 00:49:04,709 like Raspberry Pi as they've used various 1612 00:49:04,710 --> 00:49:05,639 other devices. 1613 00:49:05,640 --> 00:49:07,599 They generally focus on separating out 1614 00:49:07,600 --> 00:49:09,899 the the focus on the logical 1615 00:49:09,900 --> 00:49:11,129 protection as opposed to high end 1616 00:49:11,130 --> 00:49:12,149 physical protection. 1617 00:49:12,150 --> 00:49:14,249 But ultimately, I think the best way to 1618 00:49:14,250 --> 00:49:16,769 do a and open source HSM 1619 00:49:16,770 --> 00:49:18,719 is to publish a great design that can use 1620 00:49:18,720 --> 00:49:20,789 commodity components because it's really 1621 00:49:20,790 --> 00:49:22,949 hard to tell if I have a I 1622 00:49:22,950 --> 00:49:24,299 see has been compromised. 1623 00:49:24,300 --> 00:49:26,219 But if you can use a variety of cheap 1624 00:49:26,220 --> 00:49:27,389 commodity components, you can. 1625 00:49:27,390 --> 00:49:28,819 You can put them together, you buy the 1626 00:49:28,820 --> 00:49:30,239 various sources and do stuff like that. 1627 00:49:30,240 --> 00:49:32,189 So yeah, there's there's some interesting 1628 00:49:32,190 --> 00:49:34,259 work in that area that that will be open 1629 00:49:34,260 --> 00:49:35,260 source and public. 1630 00:49:36,360 --> 00:49:37,739 OK. Microphone for 1631 00:49:38,820 --> 00:49:40,229 hello. 1632 00:49:40,230 --> 00:49:42,359 I have more 1633 00:49:42,360 --> 00:49:45,209 request. Not exactly a question. 1634 00:49:45,210 --> 00:49:47,729 Could you please show again the slide 1635 00:49:47,730 --> 00:49:50,339 where you compared those two photographs 1636 00:49:50,340 --> 00:49:51,809 because I didn't see anything? 1637 00:49:51,810 --> 00:49:53,369 Oh, sure. 1638 00:49:53,370 --> 00:49:55,049 Yeah, it's it's hard on the screen 1639 00:49:55,050 --> 00:49:56,069 because I don't think it is. 1640 00:49:56,070 --> 00:49:58,169 It's an app and it's not very 1641 00:49:58,170 --> 00:50:00,479 bright. So I'll 1642 00:50:00,480 --> 00:50:02,699 stand right over here and I don't have a 1643 00:50:02,700 --> 00:50:04,809 laser pointer, but it's that screw. 1644 00:50:04,810 --> 00:50:06,630 Sorry. And I'm going have a seizure 1645 00:50:07,860 --> 00:50:09,090 that screw right there. Can you see it? 1646 00:50:10,170 --> 00:50:11,189 You might need to get closer. 1647 00:50:11,190 --> 00:50:13,049 That's the thing. Like when blown up with 1648 00:50:13,050 --> 00:50:14,549 this contrast is really hard, but when 1649 00:50:14,550 --> 00:50:15,689 you actually look at your laptop screen, 1650 00:50:15,690 --> 00:50:17,879 it's very easy to tell. 1651 00:50:17,880 --> 00:50:19,719 So again, walk closer to the screen, 1652 00:50:19,720 --> 00:50:20,759 you'll definitely see it. But that's the 1653 00:50:20,760 --> 00:50:23,159 thing. The point was, it's a very minor 1654 00:50:23,160 --> 00:50:24,179 detail. 1655 00:50:24,180 --> 00:50:26,309 And if you aren't vigilant and if you're 1656 00:50:26,310 --> 00:50:27,869 just taking notes for something that's 1657 00:50:27,870 --> 00:50:29,909 practically useless, I mean, you're just 1658 00:50:29,910 --> 00:50:31,229 really going to go on the side of error 1659 00:50:31,230 --> 00:50:32,519 that something happened sort of actually 1660 00:50:32,520 --> 00:50:33,520 having proof. 1661 00:50:34,170 --> 00:50:36,179 OK, thank you. You're welcome. 1662 00:50:36,180 --> 00:50:38,459 OK. Microphone two, 1663 00:50:38,460 --> 00:50:39,479 the 1664 00:50:39,480 --> 00:50:41,769 description said something that you 1665 00:50:41,770 --> 00:50:43,889 will present something about physically 1666 00:50:43,890 --> 00:50:46,049 unclothed little functions for hardware 1667 00:50:46,050 --> 00:50:47,499 tempo detection if I understood you 1668 00:50:47,500 --> 00:50:49,559 correctly. Would you mind elaborate on 1669 00:50:49,560 --> 00:50:51,629 that? What what results you got there 1670 00:50:51,630 --> 00:50:53,939 and what kind of protection 1671 00:50:53,940 --> 00:50:55,919 you can achieve using that? 1672 00:50:55,920 --> 00:50:57,749 Yeah, so we did because of the time 1673 00:50:57,750 --> 00:50:59,639 constraint of the time we pulled out two 1674 00:50:59,640 --> 00:51:01,859 slides and one of them aside from 1675 00:51:01,860 --> 00:51:03,209 physical, physical and clinical 1676 00:51:03,210 --> 00:51:05,519 functions, which are in our context, 1677 00:51:05,520 --> 00:51:08,069 my context for work is, you know, devices 1678 00:51:08,070 --> 00:51:09,779 with unique characteristics of 1679 00:51:09,780 --> 00:51:10,780 manufacturing. 1680 00:51:11,700 --> 00:51:12,989 You know, we'll actually put it up in the 1681 00:51:12,990 --> 00:51:14,909 slides on the way out when we upload 1682 00:51:14,910 --> 00:51:17,609 them. We had to to change batteries. 1683 00:51:17,610 --> 00:51:19,829 So we had the same laptops 1684 00:51:19,830 --> 00:51:21,089 and the identical batteries. 1685 00:51:21,090 --> 00:51:22,319 But when you swap them and they're from 1686 00:51:22,320 --> 00:51:24,449 the same line, you could easily tell 1687 00:51:24,450 --> 00:51:26,579 back and forth which things are changed. 1688 00:51:26,580 --> 00:51:28,439 So if someone swaps out a component, it 1689 00:51:28,440 --> 00:51:30,119 turns out through, you know, plastic 1690 00:51:30,120 --> 00:51:32,309 manufacturing, you and milling, they'll 1691 00:51:32,310 --> 00:51:33,359 look slightly different. 1692 00:51:33,360 --> 00:51:34,979 But it's hard to tell visually side by 1693 00:51:34,980 --> 00:51:36,689 side. But if you do a quick blink 1694 00:51:36,690 --> 00:51:38,759 comparison, you can tell and it 1695 00:51:38,760 --> 00:51:40,499 seemed like, you know, the stickers the 1696 00:51:40,500 --> 00:51:43,409 stickers themselves are, you know, puffs. 1697 00:51:43,410 --> 00:51:44,759 You might be thinking more of the ones on 1698 00:51:44,760 --> 00:51:46,859 a chip level, but this is 1699 00:51:46,860 --> 00:51:47,909 more macro. 1700 00:51:47,910 --> 00:51:50,609 So we've also done non sticker 1701 00:51:50,610 --> 00:51:53,399 seals, basically paint special paint, 1702 00:51:53,400 --> 00:51:55,139 dynamic things like a metallic paint, 1703 00:51:55,140 --> 00:51:56,429 glitter, things like that. 1704 00:51:56,430 --> 00:51:57,689 Those are also a form of physical and 1705 00:51:57,690 --> 00:51:59,879 clinical function. There's also the array 1706 00:51:59,880 --> 00:52:02,119 of fiber optic cable where 1707 00:52:02,120 --> 00:52:04,469 it's sort of randomize 1708 00:52:04,470 --> 00:52:05,939 it really anything where it's you 1709 00:52:05,940 --> 00:52:07,439 physically can't copy it in the 1710 00:52:07,440 --> 00:52:08,729 manufacturing market. So there's 1711 00:52:08,730 --> 00:52:10,199 randomness in the physical manufacturing 1712 00:52:10,200 --> 00:52:11,200 process. 1713 00:52:11,760 --> 00:52:13,619 The technique of verifying and doing 1714 00:52:13,620 --> 00:52:15,689 remote verification works just the same 1715 00:52:15,690 --> 00:52:18,509 with us. We can't do this with 1716 00:52:18,510 --> 00:52:20,039 like chips because we don't have an 1717 00:52:20,040 --> 00:52:21,299 electron microscope on our cell phone 1718 00:52:21,300 --> 00:52:23,169 right now. But we could we could do this 1719 00:52:23,170 --> 00:52:25,139 soon where the goal is to be able to do 1720 00:52:25,140 --> 00:52:26,279 the sensors that will work with the 1721 00:52:26,280 --> 00:52:27,959 phone. So we have to do macro level type 1722 00:52:27,960 --> 00:52:28,199 stuff. 1723 00:52:28,200 --> 00:52:30,089 OK, so it's not about smart cards with 1724 00:52:30,090 --> 00:52:32,369 physical functions, it's just physical 1725 00:52:32,370 --> 00:52:33,959 changes with virtual photograph 1726 00:52:33,960 --> 00:52:36,209 of the device level things 1727 00:52:36,210 --> 00:52:37,979 not not a notch 1728 00:52:37,980 --> 00:52:38,939 further up the chain. They're both 1729 00:52:38,940 --> 00:52:40,739 physical and clinical functions. 1730 00:52:40,740 --> 00:52:41,969 They're just at different scales. 1731 00:52:41,970 --> 00:52:44,069 OK, then I have a follow up question 1732 00:52:44,070 --> 00:52:46,229 if I can. How 1733 00:52:46,230 --> 00:52:47,729 does it actually work in practice? 1734 00:52:47,730 --> 00:52:49,769 Because you leave your hotel room in the 1735 00:52:49,770 --> 00:52:51,719 morning, you come back in the evening, 1736 00:52:51,720 --> 00:52:53,219 you have different lighting conditions. 1737 00:52:53,220 --> 00:52:54,899 You cannot put the cell phone into 1738 00:52:54,900 --> 00:52:56,519 exactly the same position. 1739 00:52:56,520 --> 00:52:57,929 How does it work in this scenario? 1740 00:52:57,930 --> 00:52:59,309 I'll take that. That's actually really 1741 00:52:59,310 --> 00:53:01,349 easy to do. You close the shades, turn 1742 00:53:01,350 --> 00:53:02,819 the lights on so you have a consistent 1743 00:53:02,820 --> 00:53:04,499 lighting condition and that you put your 1744 00:53:04,500 --> 00:53:06,689 mobile device or camera device in in a 1745 00:53:06,690 --> 00:53:09,389 big format. So you find a surface 1746 00:53:09,390 --> 00:53:11,309 that you can but your camera up to and 1747 00:53:11,310 --> 00:53:13,649 lock it so you have like a shelf. 1748 00:53:13,650 --> 00:53:15,179 Push it against the wall, stand on the 1749 00:53:15,180 --> 00:53:17,219 side, take a photo and it almost every 1750 00:53:17,220 --> 00:53:19,439 single time. It'll be identical. 1751 00:53:19,440 --> 00:53:21,499 And then then you can correct it on your 1752 00:53:21,500 --> 00:53:23,759 on your laptop or other other devices. 1753 00:53:23,760 --> 00:53:25,709 And just over line, overlay them and then 1754 00:53:25,710 --> 00:53:26,999 flip them back and forth that you can 1755 00:53:27,000 --> 00:53:28,829 use, like for Macintosh preview. 1756 00:53:29,880 --> 00:53:30,829 And actually don't. 1757 00:53:30,830 --> 00:53:31,779 These windows, so 1758 00:53:31,780 --> 00:53:33,159 there's also registration marks that you 1759 00:53:33,160 --> 00:53:34,809 can put in the image to the system. 1760 00:53:34,810 --> 00:53:36,939 We have some not very great open 1761 00:53:36,940 --> 00:53:39,129 CVV code right now that try to do this. 1762 00:53:39,130 --> 00:53:41,409 Yeah, that 1763 00:53:41,410 --> 00:53:44,229 which shall be open and released the 1764 00:53:44,230 --> 00:53:45,729 you can put registration marks in to make 1765 00:53:45,730 --> 00:53:46,659 this process a lot easier. 1766 00:53:46,660 --> 00:53:48,039 The problem is you have SKU and stuff on 1767 00:53:48,040 --> 00:53:49,059 the camera, so it's actually a fairly 1768 00:53:49,060 --> 00:53:50,589 complicated problem. 1769 00:53:50,590 --> 00:53:52,479 But it mostly 1770 00:53:52,480 --> 00:53:54,339 works and there is a product in the 1771 00:53:54,340 --> 00:53:57,069 iPhone store that does blink comparison. 1772 00:53:57,070 --> 00:53:59,349 The problem is it's it's 1773 00:53:59,350 --> 00:54:00,519 very inaccurate because it wants you to 1774 00:54:00,520 --> 00:54:02,559 hold it, and a human is not going to be 1775 00:54:02,560 --> 00:54:04,629 able to replicate the same, you know, 1776 00:54:04,630 --> 00:54:06,639 you know, parallax for your shot every 1777 00:54:06,640 --> 00:54:08,379 time it's going to be slightly off and 1778 00:54:08,380 --> 00:54:10,059 it's going to be very I've used it. 1779 00:54:10,060 --> 00:54:11,079 It's not very great. 1780 00:54:11,080 --> 00:54:13,119 And so as I said, like basic things like 1781 00:54:13,120 --> 00:54:14,379 find something in the room that's a 1782 00:54:14,380 --> 00:54:16,059 movable that probably hasn't moved. 1783 00:54:16,060 --> 00:54:17,949 The desk may have moved, but find 1784 00:54:17,950 --> 00:54:20,019 something is nailed down like a a shelf. 1785 00:54:20,020 --> 00:54:21,639 And then you can just do that shot and 1786 00:54:21,640 --> 00:54:23,349 you get a very reproducible 1787 00:54:23,350 --> 00:54:25,629 and yeah, and certain kinds of seals 1788 00:54:25,630 --> 00:54:27,309 are going to be much, much easier to 1789 00:54:27,310 --> 00:54:28,919 verify than other kinds of seals. 1790 00:54:28,920 --> 00:54:29,669 Large. 1791 00:54:29,670 --> 00:54:31,149 Thank you for the question. 1792 00:54:31,150 --> 00:54:32,979 OK, do we have a question from the 1793 00:54:32,980 --> 00:54:34,209 internet? 1794 00:54:34,210 --> 00:54:35,949 Another question from the internet is 1795 00:54:37,510 --> 00:54:39,129 how would you make your own seal? 1796 00:54:39,130 --> 00:54:41,260 And if you were to get to see 1797 00:54:42,550 --> 00:54:44,619 what? What would you be looking for 1798 00:54:44,620 --> 00:54:45,910 into a good seal? 1799 00:54:47,110 --> 00:54:49,599 So a good seal, you want something that's 1800 00:54:49,600 --> 00:54:51,129 easily for tangible, but it's not going 1801 00:54:51,130 --> 00:54:52,959 to break by accidentally use. 1802 00:54:52,960 --> 00:54:55,089 Like, I don't want 1803 00:54:55,090 --> 00:54:56,529 to give away all the traps because then 1804 00:54:56,530 --> 00:54:58,149 that gives my adversaries an advantage, 1805 00:54:58,150 --> 00:55:00,309 but a good one, which is easy to use as 1806 00:55:00,310 --> 00:55:02,409 a pearlescent paint or nail polish. 1807 00:55:02,410 --> 00:55:03,879 Put it on all your screws. 1808 00:55:03,880 --> 00:55:06,069 Take a photograph, specifically 1809 00:55:06,070 --> 00:55:07,389 ones that have a lot of glitter in it 1810 00:55:07,390 --> 00:55:09,159 because it's going to be very difficult 1811 00:55:09,160 --> 00:55:10,179 to replicate that. 1812 00:55:10,180 --> 00:55:11,829 Yeah, there's really two classes of big 1813 00:55:11,830 --> 00:55:12,939 classes of attacks. 1814 00:55:12,940 --> 00:55:15,219 There is taking an intact seal, removing 1815 00:55:15,220 --> 00:55:16,749 it from a device, tampering with the 1816 00:55:16,750 --> 00:55:18,369 device or tampering device without 1817 00:55:18,370 --> 00:55:19,509 breaking the seal. And there's 1818 00:55:19,510 --> 00:55:21,489 counterfeiting the seal itself. 1819 00:55:21,490 --> 00:55:23,559 Conventional seals A lot of cases depend 1820 00:55:23,560 --> 00:55:25,239 on like mass manufacturing being really 1821 00:55:25,240 --> 00:55:27,399 hard and unit one quantity one 1822 00:55:27,400 --> 00:55:29,589 costing the same as a quantity 10000000. 1823 00:55:29,590 --> 00:55:31,059 That's not so much true anymore. 1824 00:55:31,060 --> 00:55:32,499 With a lot of manufacturing technologies, 1825 00:55:32,500 --> 00:55:34,089 I can copy something pretty easily. 1826 00:55:34,090 --> 00:55:36,219 So I take your device protected 1827 00:55:36,220 --> 00:55:37,359 by a seal. 1828 00:55:37,360 --> 00:55:38,859 Cut the seal off, destroy your seal and 1829 00:55:38,860 --> 00:55:40,139 just make a new one and put it back on 1830 00:55:40,140 --> 00:55:42,399 and you can be able to tell that's 1831 00:55:42,400 --> 00:55:43,929 that's a threat. But certain kinds of 1832 00:55:43,930 --> 00:55:45,069 things like the glitter are going to be 1833 00:55:45,070 --> 00:55:46,479 very difficult to do that with, 1834 00:55:46,480 --> 00:55:48,699 and it's incredibly cheap, too. 1835 00:55:48,700 --> 00:55:50,199 And it looks pretty good and cheap is a 1836 00:55:50,200 --> 00:55:51,819 major, major problem. 1837 00:55:51,820 --> 00:55:53,439 Also, it used to be fairly durable 1838 00:55:53,440 --> 00:55:54,459 because you don't want it to break 1839 00:55:54,460 --> 00:55:55,959 incidental use. There's some tricks you 1840 00:55:55,960 --> 00:55:58,209 can do to help against 1841 00:55:58,210 --> 00:55:58,419 that. 1842 00:55:58,420 --> 00:55:59,649 But yeah, yeah. 1843 00:55:59,650 --> 00:56:02,529 So stickers like cheap, crappy stickers. 1844 00:56:02,530 --> 00:56:03,729 One of the things we've been coming up 1845 00:56:03,730 --> 00:56:06,219 with is actually time decay stickers, 1846 00:56:06,220 --> 00:56:08,379 where if when you think it with 1847 00:56:08,380 --> 00:56:10,509 a VPN service, these 1848 00:56:10,510 --> 00:56:12,669 you apply the seal and it will the 1849 00:56:12,670 --> 00:56:14,829 color will fade away and when you 1850 00:56:14,830 --> 00:56:16,629 take it, the system, of course, will know 1851 00:56:16,630 --> 00:56:18,609 what the general decay should have been. 1852 00:56:18,610 --> 00:56:19,929 So someone will have to have like a 1853 00:56:19,930 --> 00:56:21,609 hundred or a thousand seals prepped over 1854 00:56:21,610 --> 00:56:23,839 time, consistently fading to 1855 00:56:23,840 --> 00:56:25,299 to know to get it at the right time. 1856 00:56:25,300 --> 00:56:26,979 But also, if they, you know, they could 1857 00:56:26,980 --> 00:56:29,169 time out or not get the right one after 1858 00:56:29,170 --> 00:56:30,939 three tries and then you'd know that you 1859 00:56:30,940 --> 00:56:32,079 won't be able get back in the system. 1860 00:56:32,080 --> 00:56:33,219 And that's that's a good thing. 1861 00:56:34,570 --> 00:56:34,989 OK. 1862 00:56:34,990 --> 00:56:36,010 Microphone for 1863 00:56:37,840 --> 00:56:39,579 the discussion, you just had reminded me 1864 00:56:39,580 --> 00:56:41,709 of a paper from Princeton University, I 1865 00:56:41,710 --> 00:56:43,929 think from last year about pieces 1866 00:56:43,930 --> 00:56:46,119 of paper, and they found 1867 00:56:46,120 --> 00:56:48,519 that pieces of ordinary paper 1868 00:56:48,520 --> 00:56:50,919 were actually more at the microscopic 1869 00:56:50,920 --> 00:56:52,539 level, quite physically distinct from 1870 00:56:52,540 --> 00:56:54,639 each other. Yeah, I think an ordinary 1871 00:56:54,640 --> 00:56:56,709 scanner was able to reveal patterns 1872 00:56:56,710 --> 00:56:58,839 of wood fibers in the paper that 1873 00:56:58,840 --> 00:57:00,219 were distinct from a piece of paper or a 1874 00:57:00,220 --> 00:57:01,419 piece of paper or a piece of paper. 1875 00:57:01,420 --> 00:57:02,769 I believe that. 1876 00:57:02,770 --> 00:57:04,359 And that was quite scary from a privacy 1877 00:57:04,360 --> 00:57:06,009 point of view because, for example, the 1878 00:57:06,010 --> 00:57:08,349 company that the paper could actually 1879 00:57:08,350 --> 00:57:09,999 have internal serial numbers of the 1880 00:57:10,000 --> 00:57:10,719 sheets of paper 1881 00:57:10,720 --> 00:57:12,759 that it's like banknotes are your printer 1882 00:57:12,760 --> 00:57:13,929 cartridges. 1883 00:57:13,930 --> 00:57:14,869 Huh? 1884 00:57:14,870 --> 00:57:15,870 Yeah. 1885 00:57:16,630 --> 00:57:18,339 So I guess from a seal's point of view, I 1886 00:57:18,340 --> 00:57:20,529 wonder if with a sensor that 1887 00:57:20,530 --> 00:57:22,689 people might have, if you could 1888 00:57:22,690 --> 00:57:24,789 actually use maybe sheets of paper and 1889 00:57:24,790 --> 00:57:26,509 the wood fiber patterns in them? 1890 00:57:26,510 --> 00:57:27,969 Yeah, that is physically on clinical 1891 00:57:27,970 --> 00:57:28,329 function. 1892 00:57:28,330 --> 00:57:30,349 There's definitely a legitimate method. 1893 00:57:30,350 --> 00:57:32,169 Yeah, I would guess that is a legitimate 1894 00:57:32,170 --> 00:57:34,179 method, though having a flatbed scanner 1895 00:57:34,180 --> 00:57:35,799 with you on your trip seemed a little 1896 00:57:35,800 --> 00:57:37,929 more unlikely. So we do our best to find 1897 00:57:37,930 --> 00:57:39,429 ways to use the tools available to you 1898 00:57:39,430 --> 00:57:42,069 currently so that you can do that. 1899 00:57:42,070 --> 00:57:43,749 Do you think there's a prospect? 1900 00:57:43,750 --> 00:57:45,279 I don't know what level of magnification 1901 00:57:45,280 --> 00:57:47,379 you need that the cameras in phones 1902 00:57:47,380 --> 00:57:49,059 at some point soon might actually be able 1903 00:57:49,060 --> 00:57:50,829 to get some of that pattern. 1904 00:57:50,830 --> 00:57:51,879 You could do the conditions. 1905 00:57:51,880 --> 00:57:53,139 Yeah, definitely. If you had one of those 1906 00:57:53,140 --> 00:57:55,029 external little like 30 dollar macro 1907 00:57:55,030 --> 00:57:56,559 lenses on your camera, you'd be you'd be 1908 00:57:56,560 --> 00:57:58,359 pretty well served there. 1909 00:57:58,360 --> 00:57:59,379 We can look and look at this. 1910 00:57:59,380 --> 00:58:00,519 It actually looks like an interesting 1911 00:58:00,520 --> 00:58:01,419 thing. Yeah, actually. 1912 00:58:01,420 --> 00:58:01,779 Send us an 1913 00:58:01,780 --> 00:58:03,609 e-mail. We'd love to chat more about 1914 00:58:03,610 --> 00:58:04,539 that, too. 1915 00:58:04,540 --> 00:58:05,540 Yeah. 1916 00:58:06,350 --> 00:58:08,449 OK. Do we have one more question from 1917 00:58:08,450 --> 00:58:09,450 the internet? 1918 00:58:10,560 --> 00:58:11,549 Oh, OK. 1919 00:58:11,550 --> 00:58:13,169 Sounds like real good. 1920 00:58:13,170 --> 00:58:14,759 All right, well, you guys, thank you 1921 00:58:14,760 --> 00:58:16,739 again for having us.