Category Archives: Hacking

Pen Testing A City

by Greg Conti & Tom Cross & David Raymond

How would you take down a city? How would you prepare for and defend against such an attack? The information security community does a great job of identifying security vulnerabilities in individual technologies and penetration testing teams help secure companies. At the next level of scale, however, things tend to fall apart. The information security of cities, the backbone of modern civilization, often receives little to no holistic attention, unless you count the constant probing of nation state aggressors. The information technology infrastructure of cities is different from other entities. Cities feature complex interdependencies between agencies and infrastructure that is a combination of federal, state and local government organizations and private industry, all working closely together in an attempt to keep the city as a whole functioning properly. Preparedness varies widely. Some cities have their act together, but others are a snarl of individual fiefdoms built upon homegrown technological houses of cards. If you can untangle the policy and politics and overcome the bureaucratic infighting to create workable leadership, authorities, and funding, you are still faced with an astronomically complex system and an attack surface the size of, well, a city. Our talk identifies these necessary precursor steps and provide a broadly applicable set of tools to start taming and securing, such an attack surface.

In this talk, we first explore a notional city, deconstruct it layer by layer, and use these insights to suggest a comprehensive methodology for reverse engineering any city and deriving its attack surface. We complement these insights with a broad analysis of proven capabilities demonstrated by hacker and information security researchers as well as known capabilities of criminal and nation-state actors applicable to city-level attacks. Next, we develop a coherent strategy for penetration testing as an approach to highlight and then mitigate city-level vulnerabilities. Finally, we conclude with a wide-ranging set of approaches to complement pen testing efforts, including exercises and collective training, metrics and a maturity model for measuring progress, and specialized city-level attack/defend ranges. You’ll leave this talk fearing for the survival of your respective country, but also possessing a toolkit of techniques to help improve the situation. By better securing cities we have a glimmer of hope in securing nations.

The DarkNet with Jamie Bartlett

An insight into the underground world of the dark nets which overlay the public Internet, are not indexed by search engines and require specific software, configurations or authorisation to access and navigate them. Jamie Bartlett talked about his book The Dark Net and his immersion in the Internet’s most shocking and unexplored subcultures, from making purchases on the Amazon of drugs to hanging with Bitcoin anarchists to exploring the encrypted world of the Tor network. Jamie described meeting with the real people who are part of the net’s most hidden spaces and discussed the darker side of life online, and what online anonymity does to human behaviour and belief – both good and bad.

This talk was hosted by Laurence Mackin, arts editor of The Irish Times and editor of The Ticket and took place on Wednesday, September 30th.

JAMIE BARTLETT