Thursday 3 October 16:00 - 16:30, Small talks
John Bambenek (University of Illinois at Urbana-Champaign)
Recent research by Google Project Zero and Volexity showed sophisticated attacks against both Android and iPhone devices that were targeted at Uighur Muslims. This talk will cover both sets of exploits that led to the installation of malware on the devices and the evolution of how the attacks adjusted their techniques to compromise iPhone devices.
The malware that was installed had a variety of functions but in particular its ability to extract decrypted messages from encrypted chat applications will be discussed and how this particular weakness (the messages being unencrypted on the device) will continue to be exploited in the future.
Finally, details of the campaign and its breadth will be examined. The operation targeted an ethnic and religious minority in China and abroad by compromising websites known to be viewed by that community. Details of both the attack and the targeting suggest it was backed by the government of China, which will continue to use such techniques in the future.
John Bambenek John Bambenek is a Ph.D. student at the University of Illinois, VP of Security Research and Intelligence at ThreatSTOP, and a handler with the SANS Internet Storm Center. He has over 20 years of experience in information security and leads several international investigative efforts tracking cybercriminals – some of which have led to high-profile arrests and legal action. He currently tracks neonazi fundraising via cryptocurrency and publishes his research online to Twitter and has other monitoring solutions for cryptocurrency activity. He specializes in disruptive activities designed to greatly diminish the effectiveness of online criminal operations. He has produced some of the largest bodies of open-source intelligence, used by thousands of entities across the world. |
Shusei Tomonaga (JPCERT/CC)
Tomoaki Tani (JPCERT/CC)
Hiroshi Soeda (JPCERT/CC)
Wataru Takahashi (JPCERT/CC)