Parkour communications: How you can communicate, free running style, using nothing but the 'fixtures' of the Internet.

Presented at Still Hacking Anyway (SHA2017), Aug. 8, 2017, 11:10 a.m. (60 minutes)

Using encryption and onion routing is all fine and dandy, but both can be detected and both can, at the very least, be severely hampered or even be cut off.<br/> However, the Internet nowadays is full of services and systems that autonomously, and continuously, send data to users all over the world.<br/> These messages or interactions are seen as formalities and have become a blind spot, even with security minded people; they are just the fixtures of the Internet.<br/> In this lecture I want to try and effect a change of mind when looking at these fixtures and to show ways how to hack them.<br/> Hack them, not to pwn them or to corrupt them, but rather hack them to use as communications method when all else is either watched, broken or blocked.<br/> Not in the same way as 'just sending a few base64 encoded tweets', but really... #NetworkSecurity #Privacy Subscription services send confirmation emails, two factor authentication systems send out text messages. Search engines send out crawlers, IRC servers send out ident requests. Webservers use session cookies to identify a session. <br/><br/> If done properly these 'fixtures' are secure and usually for a single intended recipient. <br/><br/> But what if we intentionally use the single-minded correctness of these systems? What would be the available entropy? Could we communicate? How fast, or rather, how slow? <br/><br/> What I want to convey is that 'blocking Twitter' or 'blocking Facebook' or rather, 'anything short of just switching the whole Internet off' is a pretty useless idea if the goal is to prevent people from communicating. <br/><br/> Just as you can use anything in the city to reach your destination in Parkour, you can use anything that <i>is</i> available which changes <i>something</i> on the Internet if your mindset is on 'hacking to <i>use</i>' things. <br/><br/> But what if they switch off the Internet? <br/><br/> Well...

Presenters:

Links: