Breaking the Bodyguards: Tech-Enabled Crime

hi guys hi guys so as I said I'm Chrissy Morgan and today I'm gonna be talking about breaking the body guard to take an able crime so firstly I'm going to be going into just a high-level overview because we've only got 15 minutes here and the investigation that I've been taking into the close protection industry and I'm going to be going about my background white is I do what I do and some of the people that are involved in the industry the tech that could actually be used against them the plan that I came up with to users take against them and always have a plan B right and then finally the results so my

background 2002 I've started off as I helped des analyst wiped many sectors somehow in 2010 got headhunted to be a close protection bodyguard I was working in that area for around a few years and then I was like okay this is getting slightly annoying now I was seen per sec and OPSEC failures on the daily basis and it got to the point myself I need to do something about this but I'm not educated enough so what I did I went to uni that worked out quite well just graduated with the Masters of won a couple of big CTF and black hat challenge coins so I think I'm on the right track and what I'm trying to do

today is kind of be in a position within the industry of actually making a difference and making a change so at the moment I'm a DPO and that kind of gives me a little bit of freedom to implement some changes so who needs our help you have the clothes protection officers the layer above that is the private security companies that employ them and the high net worth families that employ them so if we start with a close Protection officers on a regular basis like I said before I'd be seeing lots of different problems on the ground one of the problems we have today still persik the personal security mainly their online social media profiles I've got CPS on my Facebook and I see

and checking in and posting photos friend think they think that they were the client they live in this luxury life and that's not everyone that does that but obviously the people out there that do do this this is a threat to our clients because we have quite a lot of guys from a military Armed Forces background they've actually been working with people during the training for terrorism purposes just to make sure that the locking down their profiles and I've actually seen a difference and how people are actually improving now with this kind of thing routine so having worked from the ground upwards I've worked in national infrastructure sites all the way up to escorting royalty

there are routines within the day-to-day job of what you do there is a thing called the circuit which is the London circuit it's a comprised of around 200-250 guys that work and it's very much the client dictates what you do on a daily basis however there's going to always be the same places that they're going to go to similar times of the year and then when the guys were off-duty they have their only or hangouts I mean if anything the Michael McIntyre event that's just happened with him getting robbed that was basically down to routine school run they've seen him he was actually outside the car getting attacked and his is like what's taken off in and because I know the routines

you know someone else could do as well the bad guys isn't that hard to figure out lack of awareness so isn't that they don't know about cyber it's just they don't know how to practically apply it to their own personal devices I think some of them can have issues there so they need some help we have guards too how does it practically apply to them on the ground okay so we have the private security companies once again like a cyber awareness sometimes a little bit of ignorance as well because they actually do have the same threat models and the threat life so I caused us in a way so they can understand and realize the you know the problems that might

face in online as well as offline however sometimes for them they have no time for tech as well so when you have no time for take there's a lack of investment and a lack of knowledge you end up having a bit of a culture where there's a bit of a problem so the next one up the chain is the high-net-worth clients they're the guys who give us the work to put into perspective there's around 4000 high network out worth families in America alone you've also got the UK and Europe and Asia which is a growing market for these guys is a case of you have around 10 to 12 people working within these family offices there they have the net

worth of a big corporate organization but they don't have the same governance and structure therefore problems can arise with privileges because it's a small team a lot of people have access to stuff that they really shouldn't have when the people who are working for them the PAS on a daily basis they're also dealing with external vendors now these external vendors could be boutique businesses you've got your like tennis instructors Ryman instructors you know a very small boutique shops and they won't have the cyber security in place to help protect them so once again it's a risk to us anonymization issues so old school families they've done really well over the years protecting themselves keeping a very low profile a lot of high net

worth we'll try and veer back from the social media because they know it would be a problem however with Osen you know it's advancing the way it is there's also there's marketing platforms out there who identify high net worth individuals so for marketing person can go ahead and do that what's to say that organized crime units aren't using the same tech to be able to identify at these guys and also it's a fast-paced environment like literally every single day it's something different you can be in Paris one day and Australia the next you know that doesn't give you much time to to work with the devices work for the people and a lot of the time it's a case

of you weighing up the security with the efficiency of the service and how the family office run so the tech now I'm showing some tech here when I looked in things I wanted to be able to demonstrate to the guys some really quick and dirty methods are being able to get things done you know very basic stuff that you can pick up online you can learn in a matter of weeks and then actually use it to exploit them so we've got a hack or f1 here so with this we can intercept alarms we can play replay attacks on them like garages and stuff like that you know it can do a manner of things that's quite cheap to buy on top

of that you've also got jammers which can also affect 3g and 4g technologies imagine if you're on a job and all of a sudden your phones go down and then something else happens these guys are built to protect from the physical they're not built and trained to protect from the cyber so things like that can really mess them up on ops next thing proxmark in a hotel scenario we have a lot of clients that come over to certain times a year and they'll hire out who whole hotel suite the whole floor you'll have our si rst guys outside the doors or on the actual wing what can happen is that you can actually walk pass them or

come near them catch them in the lift they will have a number of cards on them four different doors for the wing that's easily done unfortunately if we were to get into a room we could always use like a Bosch bunny which you know standard we can get the creds we might not even need to go that far you know cell Wi-Fi pineapple get the team to join the network it's game over if we've got the itinerary and the agenda unfortunately for these people it's going to be game over like index so one of ones I found what was quite interesting was the yell great to consumer device so there's a grading system with some of the home

alarm systems and such great one being the lowest grade four being the highest in the UK it's normally around twos being the highest now with this with the RF cat what you can do is you can intercept the signals and block them however it doesn't always have the securing mechanism built in to actually prevent well to let us know that - happened which is a massive problem on top of that you can use stuff like hack RF that can actually do the replay attack so we could get part of the same sort frequencies for the key fob and also one of the gaol alarm systems you can actually malformed the packets the problem is when you do that and you send

it to the system itself it just hangs and that's it it doesn't do anything the sensors don't work in what you have to physically reset the machine in order to do you know anything to put back on okay so myself in sharks we went to a hotel one weekend to get a bit hands-on I wanted to understand the background technologies with some of this stuff so I went into a hotel pretty much ripped it apart had a little look at some of the tech we had some good down time looking at the hardware I wanted to find out more about RFID so what I did pretty much I made my little RFID reader I didn't have a proxmark at the time so

this was the best way of learning the technology myself there's some really good stuff online major malfunction does some really good stuff and blogs and everything one of the things I wanted to do though is make it a little bit different from just understanding the technology I wanted to improve it or use in a different way so what I did is I came up with a person poor niche so so guys on the ground we're taught to look for people who have like messenger style bags you know big clothing bulky stuff and with the buzz mark I don't know if anyone knows about that and you have the reader and it's about this big and they

fits into a messenger cell bag that's this little brother right there it hasn't got the same sort of range but in a sense it does exactly the same job I can fit that into a purse so if I walk up to one of the guys whether it be on duty off-duty RSC they're not going to expect some chick with the purse to be doing something unfortunately so what I've actually done with the reader itself so now we've I've put the RFID tool that's by Corey harden really nicely it'll pick it it can actually send the data wirelessly to my own access point and so I don't actually need to be anywhere near them I can just put this somewhere it will send

everything to me and you know we've got their their cards and whatever so the plan okay so so--but in my talk had a great plan of action in my head it was like a Nicolas Cage movie we were going to be hacking cars getting into buildings suffer in everyone you know it was gonna be great and we you know we got there however I had to do things within legal remix so I had to set up in such a way so the plan was to do it with a training company they would probably have about 12 guys who are fresh out of the army or wherever going into a training situation they learn all the drills of how to be a

close Protection Officer it was an ideal opportunity to get them before they were operation or when teaching them about cyber unfortunately training got cancelled so okay what we're gonna do however a couple of Google's later and I found out there was a bodyguard conference so all this home can be right it came with its own set of problems unfortunately for me it was actually hosted in a military hotel at the front there's four Gurkhas you don't mess around with Gurkhas okay and how do you how do you work in that sort of environment it's a conference you've got the most suspicious people in the world in this one room and basically I was walking into the Lions Den so I

had to get my thinking hat on and think about what I was gonna do and how is still gonna get some data for today to be able to show you and actually continue my investigation and research so what I do set up a website got so many recipes made some nice t-shirts so I look totally legit so we ended up actually managing get in the stand four days before the con started they said yeah you can understand that's fine because I've been hammering them trying to find out if I could get one we had a really nice setup we actually had the Wi-Fi pineapples set up and working with an Access Point showing people we had bat bunny on the table and an

iPad so we would just stood there talking to them and you know in a sense it was a phony company it was we could have been bad guys you know we're just they didn't know me so it's a case of what can we do so what I did set up a website it collected their personal information contact details I actually even asked on the website form what's your biggest fear with cyber security a lot of the guys actually said about Wi-Fi attacks once we showed them and I had never seen this before a lot of them they were like yeah that's the one and so we got the details got some USBs um once again I had to be quite legal with

things so I could have been nasty but it's a proof of concept if these guys are taking the USBs off me and they're actually using them at home or wherever in the workplace it's showing that they haven't got that that mindset so I put a PDF on and also some link trackers as well so I could see what the data was on the day absolutely fine it's quite good that was our view from our table so the response we had 10% actually plug in the USB s so I'm not sure that's a good or bad thing yet 21% or actually giving me their details and and then what I've done is I've actually looked into them

so this is a small sample set of what I did so I did some posting on them some of the worst parts the guess was we had some guys who were and have I been pawned obviously you know yourself we go on there you can get to the data dumps it might be passwords available we can get into their accounts and they've got phone numbers on LinkedIn and most of the guys have got good upset they haven't actually you know put too much online but there were traits that could be used that were publicly available you could then social engineer them in in either an email because I've got all their details and go from there so

what's next I'm actually going to read team a some guys in September on a training course which would be fun to actually gonna be using the technology and showing the guys as well we're setting up a cyber awareness program specifically for CPS so they know what they're doing I just want to drive awareness to these guys because there are a front line at the end of the day when it comes to anything like nefarious terrorism all the rest of it these boys need to know what they're doing and also going to do some further research within the tech and go from there really so any questions