The APT @home - when the attacker knows your mother's maiden name

Presented at BSidesDC 2019, Oct. 26, 2019, 11:30 a.m. (50 minutes)

You have a strong password and a unique PIN. You're behind seven proxies and your system is locked down tight. Plus you control physical access to your devices, so you can be reasonably certain you're secure. Victims of domestic violence and other vulnerable populations often don't have the luxury of keeping their passwords secret or denying root-level access to their adversary. They're faced with the ultimate insider threat- one that knows everything about them, has complete access to their digital life, and can even dictate their security policy. For them, their proximity to their attacker means that many security solutions are ineffective and, in some cases, even harmful to implement. This talk will explore cases where traditional security measures fail an already-vulnerable population, how we need to rethink our approach to security, and what we can do to help.

Presenters:

• Chris Cox - Executive Director at operation: Safe Escape
  Chris Cox is the founder and past president of the OPSEC Professional's Association (OSPA) and currently serves as the executive director of its anti-domestic violence initiative, Operation: Safe Escape. In the past, he's served as the Chief Information Officer and Information Assurance Manager for the Army's National Training Center, cybersecurity instructor for the Department of Defense, security operations center team lead, and other roles.

Links:

• https://bsidesdc2019.busyconf.com/schedule#activity_5d0aa168395a6d9171000198

Similar Presentations:

• ShmooCon XV (2019) / The APT at Home: The attacker that knows your mother’s maiden name
• Still Hacking Anyway (SHA2017) / Digital personal locker: New paradigm in handling personal (health) data
• DEF CON 16 (2008) / Is that a unique credential in your pocket or are you just pleased to see me?