Making Milware: An Interdisciplinary Tryst

Presented at ShmooCon XII (2016), Jan. 17, 2016, 10 a.m. (60 minutes).

How can political and computer science get together to make something beautiful? The pervasive development and deployment of malicious software by states presents a new challenge for the information security and policy communities because of the resource advantage and legal status of governments. The difference between state and non-state authored code is typically described in vague terms of sophistication, contributing to the inaccurate confirmation bias of many that states simply ‘do it better.' This talk presents work to describe how state authored code is demonstrably different from that written by non-state actors. We examine a collection of malware samples which, through existing analytic techniques, have been attributed to a mix of state and non-state actors. Reviewing technical information available in the public domain for each sample, reverse-engineering a sub-set, we determine that there is a set of criteria by which state authored code can be differentiated from the conventional malware of non-state groups. We'll talk about our findings, the interdisciplinary magic that got us here, and what comes next.


Presenters:

  • Trey Herr
    Trey is a researcher with the Cyber Security Policy and Research Institute as well as a PhD Candidate in Political Science at GWU. He is also non-resident fellow at New America's Cybersecurity Initiative and works on malware, regulatory policy, and risk modeling.
  • Eric Armbrust
    Eric is a junior in Computer Science and International Affairs at GWU. He is also an amateur OS and exploit developer who began tinkering with assembly with the crazy idea that it would be ‘fun.' At GWU he works on breaking things and putting them back together.

Links:

Similar Presentations: