View
5.767
Download
1
Tags:
Embed Size (px)
DESCRIPTION
nullcon 2010 - Corporate Security and Intelligence – the dark links by Raoul Chiesa
Citation preview
Intelligence Operations g p&
C t S itCorporate Security: the dark linksthe dark links
[Release 0.4]
An analysis of two weird case studiesAn analysis of two weird case studies
Raoul “Nobody” ChiesaRaoul Nobody Chiesa
Nullcon 2010, Goa, India
Talk’s RulesTalk s Rules
• NO Audio, no Video, no A/V recording.
• No pictures.No pictures.
• No disclose outside of the conference itself(“PH N l lik ” h)(“PH Neutral‐like” approach)
• Questions at the end, please. Q , p
Agenda
Disclaimer(s)Disclaimer(s)
IntroductionWh t C t S it h ld b d iWhat Corporate Security should be and is
What Intelligence should be and is
Management Models
Historical links between CS & IHistorical links between CS & I
Case StudiesCase I
Case II
Conclusions
Bibliography and LinksBibliography and Links
Who am I ?Who am I ?
• I’ b “b d ” f 1986 til 1995 Th th b t d• I’ve been a “bad guy” from 1986 until 1995. Then they busted me.• So I grow up, basically inventing a job I do love. • I run my own security consulting company, @Mediaservice.net, since
1997, and a sister company specialized in Digital Forensics (atpss.net) since 2005.
• I’m into Security R&D, I could say at 360°.y y• I’m an OSSTMM Key Contributor.• I’m a Board of Directorsmember for many associations (ISECOM,
CLUSIT TSTF net OWASP‐Italy) and I work with some others (ICANNCLUSIT, TSTF.net, OWASP Italy) and I work with some others (ICANN, APWG, GCSC, ENISA, etc.).
• I am the Worldwide Technical Contact Officer at the UNICRI (UnitedNations Interregional Crime & Justice Research Institute) on cybercrimeNations Interregional Crime & Justice Research Institute) on cybercrimeissues
• I travel the world giving out speeches and meeting nice folks as you !
Some stuff you asked me yesterday and this morning
• UNICRI Cybercrime Homepage:– http://www.unicri.it/wwd/cyber_crime/index.phpUNICRI C b i T i i F k• UNICRI Cybercrime Training Framework:– http://www.unicri.it/wwd/cyber_crime/links.php
• UNICRI Cybercrime links:– http://www.unicri.it/wwd/cyber_crime/links.php
• A cool hacking tools page from my Red Team:– http://oxdeadbeef.infohttp://oxdeadbeef.info
• On botnets, 0‐days and reverse engineering from a friend:– http://extraexploit.blogspot.comO M bil (h d t) S it f It li f i d• On Mobile (handset) Security, from Italian friends:– http://www.mseclab.com
• Hackers Profiling Questionnaire:– http://hpp.recursiva.org
Agenda
Disclaimer(s)Disclaimer(s)
IntroductionWh t C t S it h ld b d iWhat Corporate Security should be and is
What Intelligence should be and is
Management Models
Historical links between CS & IHistorical links between CS & I
Case StudiesCase I
Case II
Conclusions
Bibliography and LinksBibliography and Links
Disclaimer(s)Disclaimer(s)
Disclaimer
I don’t think if you will ever see this talk again in some othery gconference, maybe somebody will shot me before So, please payattention to what I will tell you. And, it took me 2 years to acquire allthe documents (public and not public ones) and correlate thei f i I ill d il i f iinformation I will detail you in a few minutes.
• There are (still)many rumors regarding what exactly happened;( ) y g g y pp ;• there are many unanswered questions regarding what happened
(and an on‐going court trial);• for this talk we assume that what is publicly known is what actually• for this talk we assume that what is publicly known is what actually
happened;• the ideas and opinions presented here are my own and do not
represent any views or opinions nor the United Nations but myrepresent any views or opinions, nor the United Nations, but mypersonal ones.
Disclaimer (bis)Why did I take the decision to analyze these two cases?
• In the Telecom Italia affair, the mass media coverage has been huge, whilenone from the IT sector even wrote something about what happened (!) *
• In the Vodafone Greece scandal, international newspapers did not write somuch about what happened (language didn’t help), whilst on the technicalsite, some researches have been published (IEEE mainly).
• A terrific image related to “penetration testers” popped up: unethicalpeople, false, criminals; “Tiger Team” cannot even be used anymore as a
d i ti l k tword in some national markets…
• I think it is essential to speak about these scandals and clarity should bed ibldone as soon as possible.
* Books have been written by some of the arrested subjects; see bibliography at the endof this talkof this talk.
Last disclaimer(aka “I want to believe”)(aka I want to believe )
Raoul, why the hell did you take the decision to analyzethese two cases ? (a XXXXXX agent & friend, August 2008)
• I used to know some of the people involved (Telecom ItaliaI used to know some of the people involved (Telecom Italia affair).
• I use to have “some knowledge” of mobile operator’s g pMSCs (Vodafone Hellas affair)
• All the times I’m attending some Infosec event, friendsused to ask me “What the fuck happened out there ?!?”used to ask me “What the fuck happened out there ?!?”
• I love weird stories. I love to teach what I know.• I am a damned curious guy• I am a damned curious guy.• I want to believe – that IT Security and criminality will notmerge so easily. Not again.merge so easily. Not again.
“After 1989, Italtel used to have 150/200 employees in Soviet U i ki l l ith th t f thUnion, working closely with the governments of the republics from the former Soviet block.
At the same time, SISMI wasn’t even able to infiltrate a single agent into those countries.g g
Who ruled more? Who was the one able to obtain more information?”
July 28th, 2008
Giuliano TavaroliFormer Telecom Italia and Pirelli CISO
Agenda
Disclaimer(s)Disclaimer(s)
IntroductionWh t C t S it h ld b d iWhat Corporate Security should be and is
What Intelligence should be and is
Management Models
Historical links between CS & IHistorical links between CS & I
Case StudiesCase I
Case II
Conclusions
Bibliography and LinksBibliography and Links
PART IPART I
Introduction
What Corporate Security should beWhat Corporate Security should be
• From wikipedia:(http://en.wikipedia.org/wiki/Corporate_Security)
Corporate Security identifies and effectively mitigates or manages, at an early stage, any developments that may threaten the resilience and continued survivalf tiof a corporation.
It is a well organized corporate function that oversees and manages the close coordination of all functions within the company that are concerned with security, continuity and safety, and contributes to the fulfillment of good corporate governance, responsibility, observance or compliance of prevailing legal regulations, as well as the meeting of customers, suppliers, and other business partner’s requirements in accordance with corporate objectives.
What Corporate Security often isWhat Corporate Security often is
FPOL (Fi t P i t f Lif ) f S t I t t d• FPOL (First Point of Life) for System Integrators and Vendors.
• SPOL (Second Point of Salary) for retired LEOsSPOL (Second Point of Salary) for retired LEOs.• Breaking laws (in a hundreds of ways!).• Outsourcing “black jobs” (checks on people, PIsOutsourcing black jobs (checks on people, PIsactivities, IT attacks, D/DoS, etc..).
• A BU playing “internal, political wars” with other BUs.• A personal “IT Army” for the management.• A facility from where help out some collegues at LEAs.• A link to Secret Services (Intelligence Agencies).• A place where IT Security is the last thing :(
What Intelligence (agencies) should beg ( g )• From wikipedia:(http://en.wikipedia.org/wiki/Intelligence agency)
An intelligence agency is a governmental agency that is devoted to the information gathering(known in the context as "intelligence") for purposes of national security and defense. Means of information gathering may include espionage, communication interception, cryptanalysis,of information gathering may include espionage, communication interception, cryptanalysis, cooperation with other institutions, and evaluation of public sources. The assembly and propagation of this information is known as intelligence analysis.Intelligence agencies can provide the following services for their national governments:provide analysis in areas relevant to national security;provide analysis in areas relevant to national security;give early warning of impending crises;serve national and international crisis management by helping to discern the intentions of current or potential opponents;inform national defense planning and military operations;protect secrets, both of their own sources and activities, and those of other state agencies; and may act covertly to influence the outcome of events in favor of national interests.
Intelligence agencies are also involved in defensive activities such as counter‐espionage or counter‐terrorism.Some agencies are accused of being involved in assassination, arms sales, coups d'état, and th l t f i i f ti ( d ) ll th t ti i d tthe placement of misinformation (propaganda) as well as other covert operations, in order to support their own or their governments' interests.
What “Intelligence” often isWhat Intelligence often is
• Buying 0‐day exploits from the underground and/or Infosec companies.p
• Hacking into suspects’boxes.
R i di i• Running extraordinary retention programs, thus unauthorized by the Country where the operation is running.
• other nasty things we could really not say• ……..other nasty things we could really not sayhere!
A look at the managements structures
The structureThe structure
• No matter if we are speaking about the Corporate Security of a multinational rather thanthe Internal Secret Service of a State. They do runmodels and do have defined structures.
It i ll i t ti t t d th i h• It is really interesting to study their approaches, since it helps out in better understanding theiri f i fl l l d d i iinformation flows, peoples roles and decision‐makers. (AKA Human’s Reverse Engineering ;)
Intelligence Agencies: l d lgeneral model
Intelligence Agencies: th USA d l *the USA model *
* ex Intelligence Reformgand Terrorism PreventionAct_2004
Intelligence Agencies: th It l d l *the Italy model *
* ex law 801_1977
Intelligence Agencies: th It l d l *the Italy model *
* ex law 124_2007
Intelligence Agencies: th G d l *the Greece model *
* ex law february 2008
IS Management –Evolution of the modelsEvolution of the models
N dOriginalapproach
Evolvedapproach
Nowadaysapproach
IS Management models –today’s standardtoday’s standard
AD CEO
General Department Financial Planning & Business Control
HR & OrganizationalProcedures
InformationRisk Management
Department
Legal & Corporate Affair Administration Department
BU BU BU BU BU
IS Management models –Tavaroli’s approachTavaroli’s approach
CEO
FinanceHuman Resources
&OrganizationOrganization
P bli S it S f t &Public & Legal Affairs
Security, Safety &Facilities
Strategy Technology Commercial Operations
Supply ChainManagement
Media Relations&
Corporate CommunicationCommunication
IS Management models –A good “security dept ” approachA good “security dept.” approach
Security
Risk Analysis Security Compliance
Crisis ManagementSecurity Awareness Crisis Management & Business Continuity
Physical SecurityInformation Security,
Data Privacy e (Fraud) Management
InternationalSecurity Operatione (Fraud) Management
Historical links• There are very‐well known historical links between telcos and
governments:– AT&T & NSA– Telecom Italia & Italtel with SISMI and SISDE– Deutsche Telecom and SiemensDeutsche Telecom and Siemens– OTE Hellas & EYP
• Why ?Why ?– Because LEAs and IAs know that information is power. They have always
known this. – That’s why they always want to be able to eavesdrop, intercept, andThat s why they always want to be able to eavesdrop, intercept, and
collect data.– Also political scandals are a part of history; whenever “communication”
begins, then IAs begin to monitor politicians, both locally and abroad.
• …What about hackers & telcos then ??
Agenda
Disclaimer(s)Disclaimer(s)
IntroductionWh t C t S it h ld b d iWhat Corporate Security should be and is
What Intelligence should be and is
Management Models
Historical links between CS & IHistorical links between CS & I
Case StudiesCase I
Case II
Conclusions
Bibliography and LinksBibliography and Links
PART IIPART II
Case studies
The Case Studies
• So I said “hackers & telcos”So, I said hackers & telcos .
• This may mean as well “telcos & hacking”…(not“hacking telcos”: that’s another point ;)
• This concept leads us to the two case studies we• This concept leads us to the two case studies weare going to analyze:
h d f d l– the Vodafone Greece Scandal
– the Telecom Italia Affair
In one shot ‐ Greece• Basically, what the heck happened ?
• Vodafone Hellas:+One hundreds “VIP” mobile subscribers have been eavesdropped: Government members, Defense officials mainly, including the Greek Prime Mi i t F i D f P bli O d ffi i l tMinister, Foreign, Defence, Public Order officials, etc.Calls from and to +100 SIMs were diverted to 14 “pay‐as‐you‐go” mobile phones. Four BTS were “interested” by the area where these receiving SIMs whereFour BTS were interested by the area where these receiving SIMs wherelocated. “Incidentally”, Athens US Embassy is right in the middle of them☺This has been done via a high‐level hack to the Ericsson AXE GSM MSC; building
ki “ k d” h b l ha rootkit “parked” in the RAM area, since obviously the MSC was in “production” (!!!).“The Hack” was discovered on March 7th, 2005, by Ericsson technical staff. Oneyear later at least. Maybe longer….nobody knowsyear later at least. Maybe longer….nobody knowsOn March 9th, a Vodafone “top technician” (KT) commited suicide. (KostasTsalikidis, 39 y.o., Head of Network Design).EYP (Hellas National Intelligence Agency) began investigating at once.
× Right now, no‐one has no idea about who did it and why.
Case Study I: Actors involved
• Some elite hacker.– Retired Ericsson technical guy(s) ? g y( )
• Some seriously‐intentioned IA (CIA?).
• Some historical and geo‐political situation (Carpe Diem).
• Local politicians and National Secret Service
Th Ol i G ?• The Olympic Games ?
• The “best hack of 2005” prize. For sure.p
Targeted people (Vodafone Hellas/1)Targeted people (Vodafone Hellas/1)
• GOVERNMENT TARGETS:• GOVERNMENT TARGETS:Karamanlis, Kostas Prime Minister of Greece (two phones of 20) Elef. 3Feb Molyviatis, Petros then Foreign Minister, a private phone Elef. 3Feb Spiliotopoulos Spilios thenMinister of Defense Elef 3Feb VoulgarakisSpiliotopoulos, Spilios thenMinister of Defense Elef. 3Feb Voulgarakis, Giorgos then Minister of Public Order Elef. 3Feb Papaligouras, AnastasiosMinister of Justice Elef. 3Feb Valinakis, Giannis Alternate Foreign MinisterElef. 3Feb Dimas, Stavros EU Commissioner Elef. 3Feb Bakoyianni, Dora h f h l f b ll d b d ithenMayor of Athens Elef. 3Feb Vallindas, Giorgos Ambassador, ForeignMinistry Mideast Division Director Elef. 3Feb Choreftaki, Glykeria ForeignMinistry employee Elef. 3Feb Papantoniou, Giannis PASOK MP, ex Minister of Defense Elef Apostolidis Pavlos then Head of GreekMinister of Defense Elef Apostolidis, Pavlos then Head of GreekIntelligence Service (EYP), his car phone Nea Karamanli, Natasha wife ofPrime Minister Nea eight unidentified foreign ministry officials Neaunnamed intelligence officials EYP operations officers Nea Korandis, Gi i EYP di h A b d T k hi iGiannis current EYP director, then Ambassador to Turkey, his private carphone Nea 3‐16 Molyviati, Lora daughter of former Foreign Minister Nea3‐16
Targeted people (Vodafone Hellas/2)Targeted people (Vodafone Hellas/2)
• POLICE/SECURITY TARGETS:• POLICE/SECURITY TARGETS:Maravelis, Dimitris Police officer in Olympic Security Elef. 3Feb Maris, Giorgos lawyer, legal advisor to Public Order Ministry Elef. 3Feb Angelakis Dimitris Police in Olympic Security or EYP unionist Elef 3FebAngelakis, Dimitris Police in Olympic Security or EYP unionist Elef. 3Feb Sontis, Theodore U.S. Embassy Greek‐American, gave to security detailElef Kyriakakis, Evstratios Former Director, Criminological Service, GreekPolice Ta Nea Galiatsos, G. Director of Exercises, Athens Olympic Security
l hi f f ff i i f bli dTa Nea Mitropoulos, G. Chief of Staff, Ministry of Public Order Ta NeaKonstantinidis, V Olympic Games Security Director Ta Nea Nasiakos, FotisFormer Chief, Greek Police (phone given to another) Ta Nea Dimoschakis, An Chief of Staff Greek Police Ta Nea Syrros St Former director ofAn. Chief of Staff, Greek Police Ta Nea Syrros, St. Former director ofCounterterrorism division, Greek Police Ta Nea Galikas, D. Director ofCounterterrorism Division, Greek Police Ta Nea Angelakos, Giorgos Chiefof Greek Police Ta Nea seven senior military Senior officers in general
ff T N G l S ff C i i Di C i i Distaff Ta Nea General Staff Communications Dir Communications Director, chief of General Staff Defense Ministry staffer Defense Ministry staff company Eleft 2/5
Targeted people (Vodafone Hellas/3)Targeted people (Vodafone Hellas/3)
FOREIGNER CITIZIENS TARGETS• FOREIGNER CITIZIENS TARGETS:Meim, Mohamad Pakistani Elef Moktar, RamziSudanese Elef Maloum Udin Elef Jamal AbdullahSudanese Elef Maloum, Udin Elef Jamal, Abdullah Lebanon radio reporter or Syrian journalist, now fast food operator Elef Sadik, Hussein Moh. Pakistani store
El f T k Ib hi Ah t I i El f K di A iowner Elef Tarek, Ibrahim Ahmet Iraqi Elef Kadir, Aris Kurd Elef Thair, Hermiz Iraqi Elef Ayoubi, ChadiLebanese al Jazeera reporter, Gr resident Elef Basari, p , ,Mohamed Iraqi immigrant Igoumenitsa, 3 years, furniture factory worker Nea 3‐16 Unnamed SyrianUnnamed Syrian 3 years Nea 3 16 Unnamed IraqiUnnamed Syrian, 3 years Nea 3‐16 Unnamed IraqiUnnamed Iraqi, 2 years Nea 3‐16
Targeted people (Vodafone Hellas/4)Targeted people (Vodafone Hellas/4)
UNEXPLAINED TARGETS• UNEXPLAINED TARGETS:Fergadis, Theodoros businessman Elef. 3Feb Kakotaritis, Giorgos blanket factory? Elef. 3Feb Linardos, Nikolaosg y ,Pegasus financial co, underwear firm Nea 3‐16 Cretanbusinessman shipper of remote control airplanes, including Souda Bay Vima 3/25 Cretan refrigeration techincluding Souda Bay Vima 3/25 Cretan refrigeration techRefrigeration tech from Ag. Nikolaos Crete Vima 3/25 Koika, Katerina journalist Elef. 3Feb Psychogios, Giorgoscriminal lawyer Thebes mayor candidate Elef 3Febcriminal lawyer, Thebes mayor candidate Elef. 3Feb Makris, Kostas Elef. 3Feb Barbarousi, Dimitra Elef. 3Feb Notas, Anastasios Elef Pavlidis, Pavlos Elef Pnevmatikakis, A l El f k d h 6942 5447 A ti t dAngelos Elef unknown card phone 6942 5447.. Activated2/28/05 Vima 2/25
In one shot ‐ Italy
SANITIZEDSANITIZED
YOU SHOULD HAVE ATTENDED NULLCON 2010 IN ORDER TO ATTEND THIS NICE TALK…SORRY FOLKS !
Case Study II: Actors involved
SANITIZEDSANITIZED
YOU SHOULD HAVE ATTENDED NULLCON 2010 IN ORDER TO ATTEND THIS NICE TALK…SORRY FOLKS !
Googling
Case Study II: Actors involvedy
SANITIZEDSANITIZED
YOU SHOULD HAVE ATTENDED NULLCON 2010 IN ORDER TO ATTEND THIS NICE TALK…SORRY FOLKS !
Case Study II – Actions: Build the infrastructure
SANITIZEDSANITIZED
YOU SHOULD HAVE ATTENDED NULLCON 2010 IN ORDER TO ATTEND THIS NICE TALK…SORRY FOLKS !
Please gimme a Timeline!!!Please, gimme a Timeline!!!
• Yep, I know. This scandal is huge.
• This affair would need something like an 8This affair would need something like an 8 hour talk, to let you really understandWTF happenedhappened.
• That’s why I skipped the lunch and spent some time to build an event timeline☺
What happened: Timeline (2000‐2002)
SANITIZEDSANITIZED
YOU SHOULD HAVE ATTENDED NULLCON 2010 IN ORDER TO ATTEND THIS NICE TALK…SORRY FOLKS !
What happened: Timeline (2003‐2004)
SANITIZEDSANITIZED
YOU SHOULD HAVE ATTENDED NULLCON 2010 IN ORDER TO ATTEND THIS NICE TALK…SORRY FOLKS !
What happened: Timeline (2004‐2005)
SANITIZEDSANITIZED
YOU SHOULD HAVE ATTENDED NULLCON 2010 IN ORDER TO ATTEND THIS NICE TALK…SORRY FOLKS !
What happened: Timeline (2006‐2007)
SANITIZEDSANITIZED
YOU SHOULD HAVE ATTENDED NULLCON 2010 IN ORDER TO ATTEND THIS NICE TALK…SORRY FOLKS !
Agenda
Disclaimer(s)Disclaimer(s)
IntroductionWh t C t S it h ld b d iWhat Corporate Security should be and is
What Intelligence should be and is
Management Models
Historical links between CS & IHistorical links between CS & I
Case StudiesCase I
Case II
Conclusions
Bibliography and LinksBibliography and Links
Conclusions
Conclusions/Telecom Italia/• An innocent man has been induced to commit suicide.
Wh t th t f t h ’ d dWhatever the true facts are, he’s dead.• A 5 years period of very negative image for Telecom Italia
Group.p• Even if all the facts must be proven in Law Court, those
ordered attacks and the TV images showing thousands ofdossiers of private citiziens STASI like impressed a lot ofdossiers of private citiziens – STASI like – impressed a lot ofnormal people.
• The world discovered the existence of RADAR (CounterFraud System, that can be abused just like a LawfulInterception System) at Telecom Italia Mobile.
• Tiger Team = very bad word (!)• Tiger Team = very bad word (!) • IMHO, a strong damage happened also to the worldwide
underground scene (HITB, Bluehat, etc..).
Conclusions/Vodafone HellasConclusions/Vodafone Hellas
• A dead man here too…
• A very light negative image of VodafoneA very light negative image of Vodafone Hellas: media didn’t hit that much the subjecton the news coverageon the news coverage.
• Obscure CIA links ?
• Rootkit Ericsson AXE MSC.
General ConclusionsGeneral Conclusions
• These two cases are just the top of the iceberg.
• These “incidents” happen everyday in IAs and pp y ytelco companies. They just don’t say it.
• Avoiding this shit to happen again it’s up to us• Avoiding this shit to happen again it s up to us, the infosec guys.
• ALL of you should contribute to this.
• I want to believe. Still.
• Hackers are clean people, not criminals.
AcknowledgementsAcknowledgements, References and LinksReferences and Links
LinksITALIAN:• http://it.wikipedia.org/wiki/Scandalo_Telecom‐Sismi• http://it.wikipedia.org/wiki/Giuliano_Tavaroli• http://it.wikipedia.org/wiki/Tiger_team• http://it.wikipedia.org/wiki/Laziogate
ENGLISH:• Who is Telecom Italia: http://en.wikipedia.org/wiki/Telecom_Italia• Italy’s byzantine Telecom Italia scandal shakes the Republic:
http://www.zmag.org/znet/viewArticle/3086p // g g/ / /• Telecom Italia scandal in the news again:• http://kindlingman.wordpress.com/2006/10/26/telecom‐italia‐scandal‐in‐the‐news‐again/• Very good resumes of the facts: • http://kindlingman wordpress com/2006/10/26/telecom‐italia‐scandal‐in‐the‐news‐again/http://kindlingman.wordpress.com/2006/10/26/telecom italia scandal in the news again/• http://www.theregister.co.uk/2008/04/14/telecom_italia_spying_probe_update/• http://www.guardian.co.uk/commentisfree/2007/apr/18/itsirritatingforitaliansto?gusrc=rss&feed=glob
al
• Wiretapping: the Tsalikidis’ case: http://www.rainews24.rai.it/ran24/inchieste/27102006_intercettazioni‐eng.asp
• Diplomacy Lessons: Vodafone Eavesdropping Scandal: http://www.bradykiesling.com/vodafone scandal.htmhttp://www.bradykiesling.com/vodafone_scandal.htm
• The Athens Affair: http://www.spectrum.ieee.org/jul07/5280
BooksBooks
• 2007 M i M h tti Il B d l C i Mil F lt i lli• 2007 ‐Massimo Mucchetti. Il Baco del Corriere. Milano, Feltrinelli, 2007. (ISBN 88‐07‐17132‐5)
• 2008 ‐ Giorgio Boatti, Giuliano Tavaroli: Spie, 241 pp, Mondadori, C ll F ISBN 9788804580720Collana Frecce, ISBN 9788804580720
• 2008 ‐ Sandro Orlando: La repubblica del ricatto ‐ Dossier segreti e depistaggi nell'Italia di oggi (prefazione di Furio Colombo, 299 pp, Chi l tt dit l Mil ISBN 9788861900042Chiarelettere editore srl, Milano, ISBN 9788861900042
• 2008 ‐ Emilio Randacio: Una vita da spia ‐ 007 si nasce o si diventa?, 182 pp, Rizzoli, Collana Futuropassato, ISBN 9788817020572
• 2008 ‐ Giorgio Boatti: Spie, 241 pp, Mondadori, Collana Frecce, ISBN 9788804580720
• 2009 ‐ Andrea Pompili. Le Tigri di Telecom. Roma, 2009. ISBN p g ,9788862220682.
AcknowledgementsAcknowledgements
h li d kh f i i• Hemanshu Asolia and Aseem Jakhar for givingme blind trust with this Final Key Note talk, about which he didn’t know anything at all…Thank you guys!
• All of the nullcon staff.• All of YOU for attending this wonderfulAll of YOU, for attending this wonderfulInternational Security & Hacking Event☺Th d d t t it• The underground: pentesters, security researchers, hackers….that’s us!
&A
Q&
ts,
act
onta
Co
Contacts, Q&A
QUESTIONS ?QUESTIONS ?Raoul Chiesa(the crazy guy that decided to tell you what he knows abouta couple of real shitty incidents)
mailto: [email protected]: nullcon 2010, Intelligence Operations
GPG Key: http://raoul EU org/RaoulChiesa ascGPG Key: http://raoul.EU.org/RaoulChiesa.asc