Vikram Dhillon - Wrecking the ultimate defense: Human Body

all right uh good morning ladies and gentlemen my name is vicam I'm going to talk to you guys about a lot of things actually uh well primarily uh I want to thank John and Jeff John just left and Jeff was outside uh for having me here it's actually great conferences make me excited because there's a lot of enthusiasm uh towards especially towards tracks that are radical and uh the way I understand this uh wrecking ball track that here we have and so the the wrecking B track is you know he meant to generate a lot of enthusiasm into the radical side of computer security uh that's one of the things I'm going to talk about I'm a

former kind Colonel hacker I maintained the uh C Governor States for suspend and resum on Del ex XS laptops um I left because they removed the my chunk of Coach so they had no need for me I was a volunteer anyway generally people who do this kind of stuff are hired by Intel who knows what um I got interested in security um had a job worked as a network security architect did a lot of stuff you know the usual um stuff but uh stuff does it's not it's not uh too too much the main focus of the talk today uh what can you and what can you not expect from The Talk this talk will not be on

how to use a software it won't be on how to hack and how to break into places this talk I'm going to keep a lot of things generalized uh I probably wouldn't move as as much either as our honorable uh keynote speaker did maybe a little bit but I'll try to keep up his energy and Pace um I today I want to talk a lot about Crossroads I stand at at a at a very interesting position where uh m training is an undergraduate I'm an undergraduate student right now I study computational biology um and before as I mentioned my job and so on um they put me in an interesting position where I can talk about both of

them at least with some confidence um my main focus today will be to inspire uh people here the the young folks who are either in the industry or hoping to get in to um to take take what's what's as a very old old field you know biolog well established for who knows how long um and if you can get inspired by some things that happen in biology and how do they apply to to um really the the core of computer security to me computer security is an art because there are people who clearly do it better than others um and there are those who don't but they learn like Sony um but anyway uh so the the focus of my talk and the

way the talk is organized you can see I start with with uh General overview of security systems you know this thing that everyone in this room knows uh then I start to talk about the things that you guys may not know as well uh which is life systems uh Stu net one of my personal favorites and by far one of the most important models that I think personally uh that corresponds to life system in a computer wires step Hawkins is known to say that um it's interesting that our first creation which is you know he thinks wires is our own own creations and I agree with them to some extent are are incredibly destructive force that only cause damage if they are

created in our image supposedly how we are created in God's image only thing we do is destroy uh which is kind of a interesting thing um after after that I'm going to talk about what is it what are some of the factors that you can you can Inspire from from where I stand and where what can you guys take out of this talk and lastly Network resence and evolution which is obviously a very common uh thing for any security network right you want you want the network to be resilient you want it to be powerful enough to respond to adapting threats adaptation is actually an interesting interesting thing and at the end I hope maybe when I have 10 15 minutes or

something uh we can have a have a chat um I like chats and they're good um so let's move on I use the mic yeah you can I think I'll go without the mic you all can hear me in the back right okay good U so uh what are def defensible uh strategies defensible systems it's a common big word and term used in business management where they they say that you lower your risk right obviously everyone wants to lower the risk and um and maximize the the good stuff that you do uh defensible systems are systems you can secure using your tools if they're if they're orchestrated in in a methodology that allows you to do what's

called minimum uh minimum repair threshold repair threshold is something I'm defining a lot of new terms some of them you're familiar with some you're not I hope we stay on the same page after I Define them repair threshold is is something if I find a vulnerability that's reported I can patch it really quick if I can patch it fairly quick that that system that whatever component of my network remains and stays in my repair threshold um this term I might use a lot often uh afterwards but generally of course we want to lower the U the risk that we we attain every security architect wants to do that uh so how how do we how do we do some of

these things and a a flowchart I created everyone's very familiar with it you protect by making a defensible network the defensible network has all sorts of things um our keynot speaker mentioned some of the tools we use you know IDs and so on um and then and that's you know part of our defensive architecture pervasive Network awareness this is do you know what the hell is going on in your network and you should if you don't then well uh you know that raises other issues U then then after that is a is by far I think one of the most important parts of this and the part that most people fail at is network security

monitoring this is why I got a job people should keep failing at this so I have you know people like me keep getting jobs if people stop failing with those that's bad because Less jobs and stuff uh respond so what happens when a breach does happen uh you have a certain set of protocols you comply to those protocols it's nice because you have something to fall back on to and using that you can go on and and do uh even U you know contain the breach faster analyze what happened fix it report and you're back on track to you know to doing the good stuff again um that that is all the network incident response and

the last part of well actually which should be the first part I think uh is the planning right no one plans I I think uh to do a lot of these things no one plans to get hacked uh everyone you know a lot of people in their mindset think that they're secure um soon I'll mention some books uh by Richard Bel and and they he talks about how when he started going into the uh the Navy he was working in the Navy intelligence they thought they were the most secure people turns out they were were so Fubar that it was not even funny you know um they realized soon afterwards that they were were overconfident in what they do

and I think a lot of the industry today actually has that same mindset I think we should get out of that and and I I'll talk a little bit more about these um coming uh so okay here is uh again uh just review of of of securing system and security system very very uh mundane and common I'm sure in most of your jobs that you you take on you know data access you you want to prevent or remote logins where you have remote access you want to make sure those are monitored very well so that the RDP vulnerability that came out not too long ago in Windows uh was a huge issue um there then you know local monitoring obviously

you want to monitor your local data you have some policies and procedures these are I think one of the most important things if you design them well you can fall back onto them and and do a good job at it uh network security itself you know again the biggest part of this diagram uh portal limitation web security um detection and active you know firewalls again very standard common systems I just want to have everyone get a feel of you know this is your comfort zone and when I take you out of the comfort zone uh it I hope the transition goes smoother that's why I'm presenting some of these uh these things here okay this is one of our favorite

dasos Protection Systems which 99% of times don't work uh really um you know I I worked when I worked and and we realized you know uh companies sell them half the time they're total crap and they don't work you know people buy them because they have these pretty diagrams that go with them I stole one of these right here uh so so what what did these do my job had had a lot of common things and uh a lot of this talk I'll try to focus on and try to relate to what a common network security person would do you know you you find hacks you fix them and that that kind of a thing I'm not

talking about two radical things those come later on in the biology section you'll see uh so so what do we have a very common uh thing that's happening you have botn Nets or bad people hackers and you have legitimate clients all accessing the same internet right that goes in and out of your uh private infrastructure uh you go and you go in you go out you try to filter that that um the blue thing back there uh is is that protecting wall you cross it if you're good you're allowed to cross if you're bad you're not allowed to cross uh this number Works de filtering this is the second approach and actually this is one of the

things I'm going to talk a lot about later on this is where you this is not the same as what I presented before because I think there are are sort of two uh dust protection techniques air filtering actually is a little slower U well they're real times but they're a little slower comparatively to some of the approaches where they would filter at levels and these levels are sort of thresholds so threshold one will rule out 75% of the bad traffic threshold two is the other sneaky attacks that rule out maybe five five or 10% more and these kind of reduce the damage it's like you know your car has the airbags right you get into a God anyone gets

into car accident you know your airbags and plate and they protect you hopefully this is happening the same thing in layers again I'm talking about a very very generic DS protection system here this is not specific to a company or any uh products I do want to make a note I'm not endorsing anyone uh if I talk about software ignore me that's why I'm not going to try to mention software names I don't want to my talk to be seen as um talking about someone I will advertise books because I love books and people love books and books love books so there are two there are two books here um that influence me a lot

both written by the same guy uh amazing amazing books I highly recommend any aspiring network security people to read them the first is uh here Extrusion detection and the other one is network security monitoring in both of these uh Richard talks about a very uh Innovative approach something that should have been obvious to us but apparently wasn't you know he he got a book and profits out of it so that's good for him uh Extrusion detection what does that mean uh Extrusion is a very common word I have a fancy thing up there and I'll I use PowerPoints as a guideline and I'll hopefully talk to you guys looking at um Extrusion means your system's been

breached you try to contain what's happening from then on to go outside you don't want a compromise system home back to the CNC request more stuff um and keep requesting more stuff and more and more stuff and then you're Fubar um you want to control that uh that I think is actually a very very impressive uh strategy and way to go about doing things because sure you have everyone has a has a intrusion uh detection system where you know you don't want people bad people coming in but what if systems compromise this goes back to the definition of defensible systems can you control and contain what happened if you control and continue your breach you're

already better doing better than 80 90% of people uh there's a report that came up came up by semantic I know some of you guys probably don't like semantic but uh semantic does a good job at writing reports I I'll give him that much um they so the the report that came out uh mentioned a lot of the stuff that uh they were particularly talking about containing and um and correcting the breach and they mentioned if you can just do these two things right if you can Implement a good EXT detection system and Richard talks in in great amount of detail in his book how to do it right uh they use open BSD or FreeBSD

based servers I forget um one of the it's been a while since I've read them but both of them um very fluid approaches and I think there's a lot of U lot of really good uh meat on the bone to take out of these books extruction is something I'll actually come back to real quick um later on in my um in my my talk um inde that I I mentioned not too long ago you know um noobs who are like you know lead hackers uh they they claim to to use these tools like uh SL Loris I think is one of the popular tools uh that you know newbies get their hands on and then get arrested for it um it's

it's a it's a incredibly stupid tool because you don't know what the limits are you know a tool is only as good as a toolmaker you can do a lot and you can do nothing uh a lot of those 14 15y olds unfortunately accomplish nothing DS protection your main goal is actually very difficult in comp in computer science and comp complexity it's an NP heart problem basically meaning that it can't be solved in real time the problem is that of can you given a a Target A and B can you distinguish if a is good or B is good and So based on that there's a lot of criteria that you you use and these software you know

basically you write code based on a criteria you write your criteria determines what's good and bad and these criteria are generally determined by a lot of really smart people U who come and talk about this criteria but sometimes these things don't go as planned particularly with dust Protection Systems because they're getting better and better um I'll talk later on about another term adaptive pressure adaptive pressure is is a a common known term in evolutionary biology where one thing pushes you to get better it's like you having a coach you know a mentor a coach to push you to do better and better viruses the virus makers antiviruses have that kind of relation where adaptive pressure pushes a virus

to get better and better and better and the wirus acts back on the anti-us to get better and better and better uh these don't work in this particular Dynamic but they roughly they both catch up at at a given time um so we all know the common uh data flood types the uh you know TCP flushes UDP and and so on over there the interesting graph actually and this is where I mentioned I come back to um Extrusion detection you see on the graph there's there's height and and and this is I'll what I'll come back to as the height increases in this graph the sensitivity of the data increases obviously no one wants to

access the very readily available data you're not going to heck a website to retrieve his HTML you can just do it through using your your Google browser you want to get uh more reports on their assets Finance is actually planning a big role in this sometimes attacks happen because they want to sabotage right before the quarter reports come out because quarter reports influence how stock market works and some of these hacks they may or may not have a direct uh Financial motive but they end up becoming that I know this happened because a company that I invested in um got hacked their stocks went out right before quarter 4 quarter 4 sales were great i l 20 bucks in that I don't care

I pulled my money out of them because they're not defensible I'm not going to invest that's how clients see it too if the company's not good they're not going to trust them they're not going to invest in them so on and so forth uh so again look at the as the colors get intensified you know it's like same way data gets more secure the more intense and the more uh secure the data is the more you have to do to protect it you know it's kind of obvious and Extrusion detection plays a role um you you can see there's two ways to get to the top either you go from the very bottom or you go from the green up you can either

make your syst some so you going Focus all your efforts that you have so much intrusion detection that no one gets in which is obviously a FAL someone will get in or you can do a a decent job at it and also do a very good job at Extrusion detection where you can control and contain your your breach and now you're getting somewhere because now you not only have protection for someone getting in you also have protection for someone homing back home or control and command servers to protect them from doing bad stuff bad stuff I mention as in anything bad um one of the i in the pictures before you saw uh they um this

one of my favorite wors by the way uh they they mentioned um botn Nets and stuff this is one of the earliest propagations I was actually in India uh my dad used to work in in uh in it he got a calling that their uh Banks especially in the local area got hit by cona he needs to come in Saturday morning he had to come in to work and uh that was my beginning of security career I'm like huh what is this thing let me look it up there were no reports online back then internet used not not used wasn't as common as it is now so you actually had to uh we had those modems

you had to uh plug your your telephone wire back in that's back in the day this is 1999 uh I was young back then I didn't understand half the stuff I read but I found this picture this is actually from that Old Paper I was like this is so cool but I don't get what the hell is going on here generally those things inspire you to do better things so now uh so far i' I've talked about what security systems are and what their design is roughly a very generalized approach and now I'm going to take out of your comfort zone to something that I like it's easier on me right um so these are life systems

and what is a life system a life system is something that has three criteria uh these are heavily debated I think these criteria fit the purpose of the St the first criteria is it should have a sensor what's a sensor something sensors VOA U what's an integrator something that takes the output of a sensor and stores it temporarily generally and what's an effector an effector will take the output of the integrator and do something about it a very simple system is you take liol you put it on you know your bathroom or whatever use it you kill bacteria with it right the bacteria died because of a stimulus they couldn't handle the stimulus was processed

internalized taken care of and it activated stuff that shouldn't have been activated in normal things and well it killed them um that's a very common uh at the bottom you see uh beautiful pictures you can't see to in here but um these are u a live systems that actually light up if you do the right things at the right time um basically uh I'll come to a point later on that viruses I argue that in in throughout my talk and I will more the viruses are very uh I'm talking about computer viruses by the way not real life viruses which I'll get to in a bit too that's when it gets confusing um viruses are a very very powerful tool to

study lab systems um viruses are nothing more than computer programs that be' written but if you look at them in in a bigger um picture you start to see things that work in a way that you never expected them to be this is code downloading other code making sure its other parts that are spread are well infected or if they're out of date they go and get updated um this topic is very Hot Topic in in in biology uh some examples of you see here this is called bioluminous bioluminous and basically light these lights are happening when one cell responds to the next cell which sell the next cell to light up which tells the next cell to write up these

are completely random by the way the patterns that formed some of them um when I worked in The Labb that did some of this stuff absolutely uh absolutely breath faking um patterns that come out one of them actually look like Christmas Christmas tree around the Christmas Center like oh that's wonderful um I am a huge fan of emerence I think my formal study um as as an undergraduate started uh with Emergen Theory I focused on Emergen because emerg was interesting the question drives me every morning you wake up you think about okay why am I waking up and going to work today why am I waking up going to lab today to me the question is

why is Simplicity around why are very complex things boiling down to simple facts in nature and in life and that's a question that's a very difficult question obviously I may not never find an answer I hope I don't because it becomes boring afterwards even if you have answers um uh Steven wlr uh if you've used Mathematica before uh talked about the U I wrote a book a new kind of science a influential book at maybe this actually it's got 1,500 some pages ridiculous he he said it took him 10 years to write it up there you'll see these patterns started from nothing but random movements of dots these dots this is after 10 minutes by the way uh

completely random movements the only things there are four principles generally I'm only going to talk about one or two that they R to if you're next to a guy you push the guy up if you're behind the guy you push him back and if you're up and down you do something crazy um but really these patterns are coming out after 10 minutes again realize computers can do these things much much faster than we can imagine right you do it on paper it's going to take forever this take 10 minutes and these are impressive interesting colonies that are happening um so how does this relate to life systems a be with me I will get into talking about

security systems in a very quick moment and you'll see I what I want you guys to focus on throughout my talk is is how are these things just in the back of here how are these things related to what you guys work on on a daily basis means that more complexity arise arises from well- defined simple components these simple components can be programs program modules stet has about 15 modules that just do program management um detecting on the uh Seaman's um systems U I'll talk about Su later on in a bit uh that's very exciting topic but here I want to talk about two things one obviously that book get it it's good just like the last books really good

book uh it talks about the in there they talk about how the lives of software cities and ants are related uh sounds like a crazy topic just like the crazy topic I'm presenting um but uh that book inspired me to do a lot and I think everyone at least at some level should understand emergence because you can build better algorithms you can build better tools to do things but at a at a level you realize I don't need to do better tools if I can use the tools this is a Unix very core Unix philosophy you use one tool to do one thing mud is a email reader that's it procmail is a email filterer that's it I have task

Warrior which is the task manager that's it you don't make much do 20 things that it sex at all 20 of them you make it do one thing and it's good at that when you start stacking them up you you sort of Break The Rules you know rules of Statistics where added complexity should saturate but they don't that's what um Steve Johnson is going to talk about in his book and and we see this happening up in life system if you let this simulation run forever we don't know what's going to happen but something will come out of it maybe something very intricate and complicated is going to come out of it and the thing is if you

let simple tools stack up they will make some something complicated and that is very very very powerful if you really truly understand what the simple tools are my God the thing you're going to get out of it is going to be truly incredible and very powerful because it's customizable how many people just by a show hands have used mut here I hope everyone oh wow that's uh that's a few people not my expectation but yeah so much as you know a very old email client if you contribute to group list mailing list and whatever they prefer use mud cuz Gmail does top posting they don't like that um the bottom picture here actually is one of the things I

want to talk about very very brief detail mitochondria that's it's a part of the cell mitochondria is generally the PowerHouse uh back when life didn't exist mitochondria existed by itself it got swallowed up by a cell afterwards somewhere down the line something ate it when they ate it it turns out in its tummy it didn't get digested but it stayed there it stayed there because these two could form a symbiotic mutually beneficial relationship to each other and they stay that's what mitochondria looks like by the way it's a circle go well that's the inside this is what it looks like and then the the idea I'm trying to show here is again a very simple thing that just generates

energy now got got absorbed by something that only existed as a layer before mitochondria stuff around the cells only existed as inanimate layers these were chemicals lipids once you have a Powerhouse okay now we're getting somewhere now we add Machinery to replicate and now we have bases of of very rudimentary basis of life you have Powerhouse and you have replication now we're getting somewhere with this okay and this is a picture uh I actually made this I'm really proud of it it came out good uh part of it was made in in in Mathematica so what is going on the top part kind of fuzzy but but the top part is u i analyzed uh the

attacks that happen per year uh again semantic reports list this kind of stuff there you can just got it off there uh the number of attacks that happen the frequency of them where their very cluster that's DS attacks the other ones are all other attempts some of these are just failed failed attempts to log in uh the point I'm trying to show here is that even though these attacks look like nothing in the top shelf they just mean if you have this kind of stuff you're doing bad as a company you shouldn't have this many attacks happen that's not you know obviously that's not good um the point I'm trying to make is in the

lower part you see that you can actually stack these up in a 3D structure and look at that something something interesting is coming out of it can you make sense of your attacks in a 3D point of view where you saw nothing before but you start to see some structures maybe the top structures in here can be avoided if you do one strategy you can tackle more than one things you can identify problems again the idea is emergence we take simple attacks that we we recorded you pile them up in a in in a in a logical fashion and you get something out of it and and and we hope that something you get out of it is

interesting enough to help you not be attacked by the same things again often times this happens by the way you get attacked and you get attacked by the same thing you realize you just forgot to fix one thing uh that happened to me when I was working I got by my boss and that was not good but anyway uh it was good it came out good you know I'm I left that for soon so anyway uh so um we I just showed you a picture of the attacks that happened how does that relate to life systems in life systems bacteria like to do this thing where they where they they have a lot of friends you know they like to be around

their buddies I like to be around my buddies you know here you guys want to be around each other um at least those of you are friends and so so you want to be around your buddies and these bacteria form you can see this picture here they all go attach they attach on a Surface they find where food is present they attach and they form these things called biofilms the picture looks slightly complicated but basically biofilms are these you know it's like your group of friends right someone uh someone attacks you you have 10 buddies I mean come on no one's going to bother attacking you the nine of them are going to beat the crap out of the people who

attack you right that's kind of the idea here you have a lot of them who are protecting you working together as an entity realize bacteria have no consciousness no mind none of that stuff we have that they don't yet yet there able to form these these interesting colonies out of nothing but sharing very fundamental and known compounds to each other these compounds signal them to do one thing worse than another that's an interesting approach right so in in in security systems we can have something like that happen often and this is the idea that that I I talked about earlier with mut uh you can put together mud you can put together procmail and now you

have a decent filtering system for for email you can put together other stuff like I put together task Warrior so I can schedule task right from my email client by pressing m and stuff like that that's what kind of what the idea of of biofilms is and the interesting thing here is that biofilms and these kind of things they produce what what I like to call intelligent response because before we know bacteria were not intelligent but now they have a sort of a protection you know it's like you're walking with t of your buddies and you have a sort of protection by being around them and kind of the same here actually they have protection just by being around their

buddies and and and and and and things like that um and here is actually one of my qus with a lot of software softwares will often put things together they have new and neat features and they to take them and then they take out some of the old stuff because if you advertise the old stuff that got you breached you're probably not going to run very well in business um pardon that um and so um life systems have have incredible advantage over this uh I worked in a lab before where so everyone here uh I hope at least to some extent knows what DN is right so it's like a long thing that does other things

you know that your DNA is like your core molecule for life so DNA contains everything ever since Evolution started it contains everything from the first Geto till now which is a few Millions years of evolution that happened throughout that time the contains every single change that that accumulate even us we contain a lot of things that even happen that you know we share most of our stuff with other related species um turns out about 7 million years ago there used to be something called the Thea defenses which I show here it's a protein by the way T defensin used to protect old world monkeys this is before our ancestors direct ancestor chimpanzees are neot transformed these

guys had a protein that could protect them from HIV this is still present in our DNA but it's not activated of course new my my point I'm trying to make here is security systems presently often miss out things that they realize afterwards were important your your patches delete code your patches insert things that may or may not be you know you want to Avo your right obviously your software needs to be slim and and and and nice because it works that way but that may not be an advantage to it and over this biological systems have an incredible Advantage because they can save almost all of these things that happen uh the lab I worked in earlier on they revived t

defens a 7 million years old Protein that's sleeping that revived it and it had incredible amount of success treating HIV now they're working on a drug that actually U it's a very commonly found drug actually I mean black is SES don't worry if you're not familiar with that if you are then talk to me after conference um the uh the this very common antibiotic is found outside you take that you apply you give it to some some patient and uh um they start to well we're not at patient level yeah but this is just at the level of um of samples and stuff they had protection for HIV for 3 or 4 days this is three or

four days continuous attack by HIV virus to get in to get in to get in no no it's like slapping the thing away no you can't come in um this is u i argue that this is actually one of the advantages this redundancy and this incredible amount of complexity that live systems possess is an advantage over over some of the um uh security systems which might or might not we want to we want to keep implement it I'll talk about the stru later on where I think how about something like torrent trackers right so these trackers stay up most of the time and they track you know who's in who's out that kind of General kind of stuff

can you keep old your old versions of the software very slim down just the module you removed as a Tracker so if you detect an attack like that that you previously tackled can this tracker take care of it in real time or can this tracker at least file an alert that's the idea as long as you can be alerted you can you might be able to do something about it um computer systems also have it have a major problem and that's limited adaptability um if you take a software uh in Linux you know softwares generally edit the uh RC files and stuff like that I'm talking about much you you only have three or four files you can edit in

there you have a limited amount of variables you can edit because obviously the programmer doesn't want you to edit everything right uh you'll break something you want to edit the things that that seem interesting to you in biological systems that's not always true in life system that that thing over there that looks like a clover leaf uh it's an adapter molecule that's found in all of us by the way the adapter molecule can go on this thing can do ridiculously impossible tasks that would be would be not um not known otherwise in humans uh this was there was a case uh study this guy was sleeping there was a tornado he he's sleeping you know all

this is and napping nicely the tornado sweeps the entire house his roof he flies I think a 100 feet from the genoid Fallen he wakes up he's just fine not even a single broken bone um the point I'm trying to make here is is that the life systems using these adaptive molecules can produce responses in life systems it's called the SOS response uh and you know that kind of SOS is bad right so that's helped me out some kind of stuff these SOS responses make it so that you can do I mean it releases adrenaline and adrenaline can do incredible tasks I mean I'm not going to talk go go into that uh into detail but

adrenaline is a it's a thing that we are one of the only things only species who have it and it's for good reasons uh adrenaline makes us from a normal to a superum so I hope most people here are familiar with t in completeness and the notion of what T in complete is if you're not t completeness is a language that can give rise to more languages uh roughly that's one way to put it uh touring completeness is basically if you know C you can create programs out of it in the most basic terms auring complete language gives me the ability to create other things out of it that were not originally part of constructing this

language so C has a certain list of words he used those are system reserved I created something out of it that was not that hello world was not a part of SE I created that that gives me the ability to create that's the completeness viruses now I'm talking about software stuff by the way um viruses are nothing more than teing completeness codes that somehow we think I mean we're seeing them now and now when I talk about SE this will become very clear we're seeing that behave just like life systems if not better the examples I just gave the uh the adapter molecule the Thea defens and I will try to come back to them if we have enough

time revisit them in the context of Life systems um complex viruses I'm talking about the three big ones that were just revealed not too long ago uh stq and Flame um I have read almost too much about them because they were amazing um just amazing pieces of of software probably some of the most advanced software and the people who wrote them were genius mathematicians or I don't no one knows but anyway um these complex viruses create subloc local is if I have a computer and this computer and this computer they're part of a network okay that's cool but I can also create a peer-to-peer network from this network to another Network here these create these subloc networks that initially

were impossible to do you know this sounds just like out of a sci-fi movie right you have you have a a nuclear power plan and you blow it up and and stuff bad stuff happens this is like good guys fighting against the bad guys this is right sounds like movie but this is almost exactly what Su I did and I'll talk that about that in much detail basically viruses now are known to have almost all the features that we know exist in life systems they can replicate mention here they have self assembly meaning they are downloaded in parts right so often a lot of times viruses download their payload after the fact they they they have self assembly

because they can function as a whole after they download the second part the first part knows how the second part is going to dock into it and function properly as a full virus uh afterwards they can also the most important thing they can sense and respond viruses have have this thing if you try to especially with Su if you try to delete it it'll lock up your system uh and the machines that were used by the Iranian Engineers to control the Seaman U Control Systems um the devices if you try to delete some of the parts of it out or if you try to delete SE modules or drivers it will lock up your computer and it sounds

nothing like a you know it sounds just like oh my computer got broken or something I'll go fix it but they don't realize is actually a defense by the virus if you reset it suent restores itself from a local command command control server um I keep mentioning suent I don't worry I'll get to it oh right here actually there we go um so seet uh in my opinion by far one of the most brilliant pieces of code written ever uh this figure explains I'm going to refer to this figure generally I like to use PowerPoints as guidelines when I talk CU I get to see you guys in you know your beautiful faces but U this

time I think I'll look back and see stuite starts from uh control and command server uh we have the SE report or sorry the St side report by semantics mentions the two of the most prominent ones where they got most hits on control and command servers were actually in Iran and Israel um realistically speaking us and Israel probably oneone of them made it because they're the only ones who have the capability to make it no one else can because this is far too complex by the way uh there was a torrent not too long ago I probably shouldn't download it but I was younger I was stupid the torrent had the code for St that I got it down it's I didn't

look through all of it this some of stuff kind of kind of neat stuff I think when HB Gary got ped they got this stuff from them and uploaded it and I'm like well that's cool you know there's a Tor here I can download it um so there's an infection from the control and command server into one target site uh in case of su that there was more stuff involved someone actually plugged in a USB this USB USB contained a and this is the coolest part of all three of these sister worms USB contained a driver that was signed up by Microsoft no one knows how the hell the godam driver signed uh it was actually signed by realtech and I

think by Microsoft too uh the vulnerability was a printer spool vulnerability uh that printers are bad printers are totally evil old comic and printers are evil because printers are generally are most insecure things no one gives a about updating you know printer drivers but well someone can exploit them that's another way you can pone someone by printer stuff if they don't have updated we got a new printer I was surprised this printer has FTP running on it locally so you can email or upload files to be printed on that I'm like this is too much for a printer only thing this thing should do is print my documents and nothing more than that we don't want 20 of features so okay

infection happens the guy the computer's happy the wirus is happy not the computer now the wirus is all happy like the wirus now goes and searches for other mates that are connected like the computers that are nearby and it's vicinity it'll go spread to them once it spreads all of them have uh I think it was 11:59 actually at night when these wires go and check for an update script they on an update script if the command and control servers are nearby or if they reach the commander control servers they'll update them themselves this is something you can absolutely prevent to exe detection I guess the Iranians didn't read that book so you guys should um obviously after they they got

those viruses get hold and take control over what's going on uh the um after the control happens then um then they go and Seek and Destroy uh St net worked beautifully and this is actually something I'm almost certain that designers of this took some inspiration from Life Sciences because St worked by feing false information it basically read what the the walles and those rotating Chambers were feeding few days later on it basically fed the same information but caused the cylinders to rotate faster the cylinders kept on rotating and rotating but the operator only sees the fake data the stet generated out of the blue you don't know what's going on with your machines no one's going to go in and check that but

they found over and over again the cylinders were were were not working they were they kept on breaking why is that uh is the rotation wrong no my data tells me my my rotation of C is absolutely fine they didn't know that were doing this this ingenious task of and life systems do this by the way viruses they go this is animal viruses by the way they go into your cell they infected they replicate the cell doesn't know why it's replicating the virus to make more of it right the virus wants more buddies it's it's lonely inside of a cell because and then it goes into the cell and makes more of itself it's like well let me

make more of my buddies and in the process the cell actually will do this and it keep doing this the problem is the cell doesn't realize just like the operator didn't realize the Su suet was feeding that info okay so there's Story Time right so everyone loves story time I like story time so once upon a time you saw all story star there was a CBE virus uh that was lacking food uh it found food as in terms of bacteria you see this guy that's bacteria that's how they look by the way they look really cool uh neat they have a tail this is what's called a T4 right out of this tail uh as much

pressure as your tire exploding generates that's how how much pressure this thing is going to put and inject its DNA nothing in the world that it's living can tolerate that much pressure at the level of a cell it just goes right in and you can't stop this thing you can stop its attachment maybe but you can't stop once it's attached it's going to dig its toes it those are spikes toes whatever you want to call them uh and then bam it injects itself inside and so now the sun inside but it feels lonely uh it's happy but it's it's it's just there by itself you know have buddies in there um this is how you

would feel once your systems have been breached but you don't know the viruses the worms whatever back doors injected are present and now is where the good stuff is going to start this virus is going to go inject itself once more into this the Machinery of the cell and make more of itself because you know it wants buddies no one no one wants to be by themselves right this guy wants buddies and in the process of making new friends this guy is going to start destroying stuff the same way in how security systems once a wirus gets in it's going to download more payload you know more of his buddies and actually implement the core modules uh stet had a core

module that that actually uh would start off by resetting your computer that's how the initially found Su the computer would go infin that reset Loop uh the is a common problem semantic had some honeypots that Su accidentally went to and that's where the journey started to find the Su so here's you know more story time that virus makes more mates it makes those mates the cell is broken uh it it leaves and basically the cell's dead they keep repeating this process it makes more and more of itself basically same way suet keeps on repeating locally to local networks and viruses repeat themselves locally through local networks keep doing more and more that you cause more and more harm similarly

the operator or the or the cell in life science model they don't know what they're doing and why they're doing it they just know they're doing something they're replicating but they're not replicating themselves they're replicating the virus and making more of that bad stuff happened um again back to Su because I love this thing um uh they said semantic I think said that this virus reset Iran's nuclear program which by the way is total [ __ ] uh you read how they implemented some of that stuff and you read some of the people who were involved in it basically a lot of the information that they used to implement a lot of their work in the nuclear power

plant was publicly available they didn't do something now a lot of that papers up in 1970s and ' 80s here by scientists implemented that stuff um it set their nuclear program back by 2 three years but just by the amount of cylinders and money because cylinders cost money you know anything you add the word nuclear on top cost already $5,000 and then you actually and then that thing actually has real function that cost another $5,000 and then you replace it that cost maybe five more um so Iran obviously shut itself off no one knows why they just uh this this is after right after the impact by the way um only the um in the International Energy atomic

energy Association they're the only ones who actually know what what's going on because they were there visiting they're not allowed to talk because they made a pack with with the if if they they can even come into Iran and talk about their nuclear stuff they can't talk about it outside so Iran just shuts the nuclear facilities um it comes as a shock to the world B uh semantic reveals what the hell is actually going on and they partner up with someone uh this German guy um I forget his name now a brilliant fellow this guy had weird degrees he had knowledge of some weird stuff he actually had a really good expertise in those semen devices that's why he got a

recruited to work on this project um and that resulted them finding uh he told me um I actually corresponded with him through email um he told me that through through when this was going I follow this very very closely when when it happening he told me he was working 80 hours a week and he didn't feel like he wanted to go sleep he would come in because he was so passionate about what he was doing because he you know he realized that this is something novel that's never happened before he he said I I you know he told me this is his code he's like man I come into work I go work I go back home I sleep I come back to

the work this is my life for 5 months and he decoded everything that was happening in in uh in Stu that he gave the largest chunk of information on it uh yeah so uh real quick Su has modules as as we mentioned life science systems also have modules viruses have a module that maintains their own Integrity they have a module that makes their friends they have a module that kills the host after they make their friends it's like you know you go you go to someone's house like they invited you for dinner you go there and then you know you call your buddies hey there's free food come by and then you basically uh all 10 your buddies eat and all 10

your buddies actually gang on this poor fellow and kill him and then the house is yours all the food is yours that's how viruses work more or less um and so the you know the Su modules work in a similar way there was a management module there was a loading module there was an unloading module there was an updating module you can go on and on there's 27 total modules I think it sucks last time I read the thing maybe there's more um again get this book too uh so so St and D two of the U the sister ons that came out you realize they were actually integrated in in a much larger um larger hole as itself flame as I

understand actually contained a whole freaking scripting engine based on Lua it was really stripped down this thing could actually this thing was left so that the attacker could actually modify and create new worms right on the spot on that server that it's infected the local control and command server and push them out it's like you know you pushing your coat to jeub GitHub you just you push and you just type and push whatever it does basically that was the idea that you create local repositories of these viral infections there similarly in life systems sometimes viruses do nasty nasty things uh the U salmonella virus actually has something very similar to this I feel like and this is maybe my

own personal bias I feel like a lot of these creators they drew inspiration from biological systems because it's impossible you know this is all this stuff that I'm presenting is something that's very commonly known to someone who works in life sciences and how how did they make something so feelingly similar to what's found in in natural system maybe they took some some uh you know to design some of these best wires they took inspiration for those things and I hope you guys do too in designing the future uh security system uh inspiration from these U particular or these particular biological systems okay and here is probably the the wrecking ball part of this this track there's no nichas C here yet um

these pictures look complex but don't worry about the complexity I made them so that you guys probably can't read them that's for our purpose they the the point of these pictures is to illustrate numbers um and we we been by numbers companies cannot make software that they they advertise look our software is shitty but we have so much of it that you're protected that won't sell our body works that way we have at any given time 75% of our blood contains these tuugs called NK cells they're like your local thugs that double rob you of everything you have they protect us from something that's not us there self and that is nonself in the immune system

it's very clear immune system is our major integrator you can see this count the numbers there's a whole bunch of stuff here each of these can then go on to make 10 to the 8 number of themselves 10 to the 8 is a huge number they keep making them these are modes of life system just described St that has management modules it has loading deloading modules immune system has these guys which will pretty much kill everything actually even including you that's the uh the basis no that's really That's the basis of autoimmune disease where you're your own the problem is you have so much of this stuff in in you at all times that if they decide to attack

you you're dead I mean there's no way saving you let called septic shock happens sometimes um if you're a good doctor you can save the person if you're bad they die generally they die even if you're a good doctor because the intensity is too high of these things um uh unfortunately no more pictures I just text stuff uh because you know we had pictures pretty pictures and stuff but now we talk about some more material um Quality versus quantity uh you sell stuff if you have quality if you have pretty pictures I think most of the depends dep on sales and how well you can pit your product more importantly I think a lot of it depends on can you

make pretty documents where I stole the pictures from throughout for this presentation if you make them you sell your stuff very well our body doesn't do that we work in a very sloppy system but we have 10 to the 20 of them so we're good you know how much of wires can enter your body right no matter how much it enters you always have more of us and you have so many of them that one of those will actually act on killing it you're always going to have one one that one guy you know you have the one guy in class who ask them questions right there's always that one guy who will kill any given virus at any time even

HIV um and once they find that guy basically you know that guy is like your main fighter I'm almost done by don't worry U oh this is oh this is a really cool picture actually a beautiful diagram I stole again of the don't worry about the names and stuff just look at the locations these are all your module centers these are the command control servers in the human body uh that do all the neat stuff basically these guys have one function produce a lot of the stuff that kills other stuff that's it they don't do any they don't do IDs they don't do any of that detection you know how detection Works in US chemical

imbalance you maintain a very proper balance in the body if the balance is imbalanced well we need to do something these guys all activate and produce a crap lot of stuff that actually harms you that's why when you're sick you actually start to feel when you recover it takes a while to recover not just one day uh it's because your own tissues and stuff got damaged from it U so NK cells the the one of the things I was talking about earlier on these guys attacking numbers it's like you know you're you're walking on your down the street you're wearing a a Golden Chain a golden watch everything like a golden shirt you know that's like

just ask them to get robbed but um you're walking down a shady Shady Hall in Alleyway um you come by and you see someone uh and then those guys you know you're you're walking with your your bunch of buddies right you think no one's going to attack you but well you're wrong you got a whole bunch of people attack you one of those your buddies runs back to your boss you know cuz you're the tug so you have gam or however that that [ __ ] Works um you go back to your boss you your boss comes back and says you know what you ran away you know I'm going to send like 50 of my

people that one guy who came by knows oh hey look that person had a gun that person had a baseball bat and that person had and that person had uh these other things and so you basically come back with your buddies you know everyone has a machine gun or something now and you kill them all and you win that's how generally body systs work out um for the most part um so we have a lot of ponage advantages that give us uh make us who we are and I hope that um I'm letting a little short of time actually and I'm going to try to wrap up quick here uh I hope that part of what I what I tried to

get across to you guys is is a lot of these aspirations from biological systems and Life Sciences how these things work the biggest thing that we have going for us is that life has been around for a couple 2.5 billion years that's a long time security systems have not been for that long which is good U because then they will be just as good uh we a lot of us probably W have jobs because the machines are everything U the we have advantages because of random mutations that occur in US these mutations so think of this way the the worst thing you can think of AIDS right so um one of the worst things you can

think of AIDS 1% of population will never get AIDS no matter what happens but you can't infect everyone with AIDS and have 1% live and like oh VOA that's the 1% and you'll kill everyone else um but at any given time 1% of them have it so the the ruction of random logic and and fuzziness can you incorporate those things in security systems to make it so that those guys there are some modules that don't work in your traditional manner they don't detect the common rules you follow they detect something else that goes back to the idea kind of The Trackers right each tracker detects or appear and so on and so forth can you

make it make them happen so that they work differently in a sense that can confer Advantage how this works I leave up to you guys because I'm not a security person anymore I stud competitional biology so that's your challenge to figure out my challenge here is to present to you guys what can I get across in whatever 45 you know 50 minutes that was allocated um to make sure that do you do you do you realize this how much advantages life systems have just by numbers so writing software that's the most brilliant code may not be the best approach always sometimes just putting together a lot of shitty tools might give you a humongous functional advantage or over some of

these tools and I think I will wrap up by by by saying that by thank you for for staying awake actually I'm I'm surprised thank you very

much um now maybe I have two three more minutes I'm going to open up the for questions anything yeah no no questions we're cool all right people that was lovely thank you