Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Reticle: Dropping an Intelligent F-BOMB

Brendan O'Connor
July 26, 2012
Research
0
3.6k

Reticle: Dropping an Intelligent F-BOMB

This was my presentation at BSides Las Vegas 2012. For more information (including the video), check out http://blog.ussjoin.com/2012/07/reticle.html .

Abstract:

F-BOMB is a disposable computing project, and Reticle is its software brain: a distributed, leaderless system for transferring data and commands to and from the tiny, distributed, dirt-cheap little boxes. Together, these two systems form a botnet-styled sensor network that can be deployed the same way as a smoke grenade by a field agent, but with intelligent encryption, plausible deniability, and a peer-to-peer command network to ensure that an enemy can't compromise your goals-- whether you're providing Internet access to an Occupy group, or playing distributed hide and seek for cell phones. We discuss the design and implementation of Reticle, which was intended to take some of the networking ideas from modern botnets and apply them in a more useful context. Reticle was created with support from DARPA Cyber Fast Track, and the code, utilities, and documentation created under that project will be released with the talk.

Brendan O'Connor

July 26, 2012
Tweet

More Decks by Brendan O'Connor

See All by Brendan O'Connor
The Perfectly Legitimate Project
ussjoin
0
280
Stalking a City for Fun and Frivolity
ussjoin
2
27k
CreepyDOL: Cheap, Distributed Stalking
ussjoin
2
41k
Hack the Law
ussjoin
2
720

Other Decks in Research

See All in Research
論文紹介:What Learning Algorithm is In-Context Learning? Investigation with Linear Models
kosuken
0
220
【RESEARCH Conference 2023】0からスタートしたリサーチ組織の立ち上げ。開発現場でリサーチが当たり前に行われるようになるまでの歴史
researchconf
0
170
音声感情認識技術の最前線
atsushi_ando
3
570
レガシーなサービス・組織でリサーチの土壌を耕す
uepon73
3
860
【RESEARCH Conference 2023】「患者さんの希望をつくり出す」製薬会社の新規事業創出でのインクルーシブデザイン
researchconf
0
300
A Theory of Emergent In-Context Learning as Implicit Structure Induction
eumesy
PRO
4
470
Improving LaCAM for Scalable Eventually Optimal Multi-Agent Pathfinding
kei18
0
240
CVPR 2023 速報:CCC Summer 2023 in MIRUチュートリアル(配布版)
gatheluck
3
2.8k
マルチリンガルな言語モデル入門:これまでとこれから
ryou0634
1
1.1k
[CV勉強会@関東 CVPR2023] UniAD: Planning-oriented Autonomous Driving
inoichan
2
980
深層モデルの高速化
joisino
11
4.2k
ACL2023レポート − LLMの動向を中心に
misonuma
4
820

Featured

See All Featured
Fantastic passwords and where to find them - at NoRuKo
philnash
34
2.2k
Intergalactic Javascript Robots from Outer Space
tanoku
263
26k
Writing Fast Ruby
sferik
615
59k
Bootstrapping a Software Product
garrettdimon
PRO
299
110k
Stop Working from a Prison Cell
hatefulcrawdad
265
18k
How to name files
jennybc
56
84k
Art Directing for the Web. Five minutes with CSS Template Areas
malarkey
197
11k
The Invisible Customer
myddelton
113
12k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
352
21k
How STYLIGHT went responsive
nonsquared
89
4.4k
Building a Scalable Design System with Sketch
lauravandoore
453
31k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
271
12k

Transcript

  1. RETICLE: DROPPING AN
    INTELLIGENT F-BOMB
    Brendan O’Connor, CTO/DSS
    Malice Afterthought, Inc.
    Think again.
    a decentralized botnet for disposable computing

    View Slide

  2. BRENDAN O'CONNOR
    • CTO/DSS, Malice Afterthought, Inc
    • Rising 2L at the University of
    Wisconsin School of Law - IANAL,Y
    • I've done DARPA stuff, security
    research, and even Network
    Warfare teaching for DoD (want to
    hire me? I'm always looking, so ping
    me!)
    • BTW, No One Authorized Me To
    Say ANYTHING! I speak for nobody.

    View Slide

  3. DARPA CYBER FAST TRACK

    View Slide

  4. ROADMAP
    • Scenarios (The Problem)
    • F-BOMB (The Hardware)
    • Reticle (The Software)
    • Missions (What It Does)
    • Next

    View Slide

  5. SCENARIO 1: ENVIRONMENTAL RESEARCH

    View Slide

  6. SCENARIO 2: BAD MEN WITH GUNS

    View Slide

  7. SCENARIO 3: OCCUPY

    View Slide

  8. WHAT WE WANT
    • A system for cheap, disposable computers
    • Deployable by untrained personnel
    • Reconfigurable post-deployment
    • Capable of independent or coordinated action
    • With sufficient processing power to take on high-level tasks
    • @Dakami - “Ever deployed hardware? It’s not fun.” I disagree!

    View Slide

  9. ROADMAP
    • Scenarios (The Problem)
    • F-BOMB (The Hardware)
    • Reticle (The Software)
    • Missions (What It Does)
    • Next

    View Slide

  10. FALLING/BALLISTICALLY-LAUNCHED OBJECT
    THAT MAKES BACKDOORS
    • Design Goals
    • Cheap -- < $75, < $50 if possible
    • Reconfigurable Hardware for Different Sensors
    • Ultimately, this will require USB for cheapest sensors
    • Light enough to be flown on a UAV, or thrown, hard
    • Durable enough to land poorly (we’ll come back to this)
    • Ubiquitous enough to be deniable-- no bespoke PCBs

    View Slide

  11. WHY NOT THE PWNIE PLUG?

    View Slide

  12. WHY NOT THE MINIPWNER?

    View Slide

  13. WHY NOT THE WASP?

    View Slide

  14. F-BOMB, VERSION 1
    PogoPlug (v2/v3) Core
    Flash Drive
    2x RTL8188
    PogoPlug POGO-B01 Mainboard

    View Slide

  15. BRIGHT PINK INFILTRATION

    View Slide

  16. RECONFIGURABLE

    View Slide

  17. View Slide

  18. EXCESSIVELY REAL-WORLD TESTING

    View Slide

  19. WHOOPS

    View Slide

  20. ROADMAP
    • Scenarios (The Problem)
    • F-BOMB (The Hardware)
    • Reticle (The Software)
    • Missions (What It Does)
    • Next

    View Slide

  21. RETICLE

    View Slide

  22. RETICLE DESIGN GOALS
    • Minimum Viable Hardware - exploit local WiFi for comms
    • Deniable Deployment
    • Encrypted storage, with no local key storage!
    • Encrypted communications
    • No Central C&C Server - fully peer-to-peer, no SPOF
    • Resistance to Central Compromise / Node Compromise
    • As easy to deploy as a life jacket, but still with crypto.

    View Slide

  23. NOT DESIGN GOALS
    • Mesh Network
    • Really great research, but hard for untrained users in the
    field to deploy in an efficient way
    • Instead we’ll use “the Cloud” as our mesh!
    • Synchronous Communication / Simultaneous Command

    View Slide

  24. PROBLEMS TO SOLVE
    • Enough hardware to test
    performance on embedded
    systems

    View Slide

  25. SOLUTION: A CLONE ARMY

    View Slide

  26. PROBLEMS TO SOLVE
    • Enough hardware to test
    performance on embedded
    systems DARPA
    • How do we have encrypted
    storage without storing the
    key on-disk but still easy to
    use?

    View Slide

  27. GRENADE-STYLE KEY MANAGEMENT

    View Slide

  28. PROBLEMS TO SOLVE
    • Enough hardware to test
    performance on embedded
    systems DARPA
    • How do we have encrypted
    storage without storing the
    key on-disk but still easy to
    use? USB Drive
    • Obfuscating Traffic Endpoints

    View Slide

  29. SOLUTION: TOR

    View Slide

  30. PROBLEMS TO SOLVE
    • Enough hardware to test
    performance on embedded
    systems DARPA
    • How do we have encrypted
    storage without storing the
    key on-disk but still easy to
    use? USB Drive
    • Obfuscating Traffic Tor
    • Easy Local Storage

    View Slide

  31. SOLUTION: COUCHDB

    View Slide

  32. PROBLEMS TO SOLVE
    • Enough hardware to test
    performance on embedded
    systems DARPA
    • How do we have encrypted
    storage without storing the
    key on-disk but still easy to
    use? USB Drive
    • Obfuscating Traffic Tor
    • Easy Local Storage Couch
    • Peer-to-Peer Replication

    View Slide

  33. SOLUTION: COUCHDB

    View Slide

  34. PROBLEMS TO SOLVE
    • Enough hardware to test
    performance on embedded
    systems DARPA
    • How do we have encrypted
    storage without storing the
    key on-disk but still easy to
    use? USB Drive
    • Obfuscating Traffic Tor
    • Easy Local Storage Couch
    • Peer-to-Peer Replication
    Couch
    • Encrypted, Revokable
    Communications

    View Slide

  35. SOLUTION: COUCHDB?

    View Slide

  36. STEP 3.5: FILE A BUG REPORT

    View Slide

  37. PROBLEMS TO SOLVE
    • Enough hardware to test
    performance on embedded
    systems DARPA
    • How do we have encrypted
    storage without storing the
    key on-disk but still easy to
    use? USB Drive
    • Obfuscating Traffic Tor
    • Easy Local Storage Couch
    • Peer-to-Peer Replication
    Couch
    • Encrypted, Revokable
    Communications

    View Slide

  38. SOLUTION: NGINX

    View Slide

  39. PROBLEMS TO SOLVE
    • Enough hardware to test
    performance on embedded
    systems DARPA
    • How do we have encrypted
    storage without storing the
    key on-disk but still easy to
    use? USB Drive
    • Obfuscating Traffic Tor
    • Easy Local Storage Couch
    • Peer-to-Peer Replication
    Couch
    • Encrypted, Revokable
    Communications Nginx
    • Initial introductions to the
    peer-to-peer network

    View Slide

  40. EXPLANATION: I WISH I HAD FRIENDS

    View Slide

  41. STEP 6.1: REMEMBER USENET?

    View Slide

  42. STEP 6.2: THE SASSAMAN MEMORIAL HACK

    View Slide

  43. PROBLEMS TO SOLVE
    • Enough hardware to test
    performance on embedded
    systems DARPA
    • How do we have encrypted
    storage without storing the
    key on-disk but still easy to
    use? USB Drive
    • Obfuscating Traffic Tor
    • Easy Local Storage Couch
    • Peer-to-Peer Replication
    Couch
    • Encrypted, Revokable
    Communications Nginx
    • Introductions to the peer-to-
    peer network Usenet

    View Slide

  44. PROFIT!

    View Slide

  45. ROADMAP
    • Scenarios (The Problem)
    • F-BOMB (The Hardware)
    • Reticle (The Software)
    • Missions (What It Does)
    • Next

    View Slide

  46. TESTING MISSIONS

    View Slide

  47. MISSIONS SO FAR
    • Blinkenlights
    • Stalkr
    • OKCreepy
    • Private Web Browsing (Auto-Tor)
    • Note that we get wireless bridging / area extension for free!

    View Slide

  48. OTHER EASY MISSIONS
    • P25 listeners (SDRs are now $25!)
    • A shout-out to Matt Blaze / Travis Goodspeed
    • “Why (Special Agent) Johnny (Still) Can’t Encrypt”
    • ...a thousand other things (and reconfigurable on the fly)
    • Also missions aren’t exclusive, though Reticle doesn’t
    attempt to negotiate sharing of devices; this isn’t designed as
    a public resource network

    View Slide

  49. ROADMAP
    • Scenarios (The Problem)
    • F-BOMB (The Hardware)
    • Reticle (The Software)
    • Missions (What It Does)
    • Next -- and how you can help!

    View Slide

  50. NEXT STEPS FOR RETICLE
    • Opportunistic Replication
    • Change the scan+connect script to run continuously, and
    replicate whenever we find a connection
    • MIT did this, but won’t release the source code :-(
    • Data Visualization for hordes of data
    • New hardware (F-BOMB v2) - mmm, Raspberry Pi!

    View Slide

  51. NEW PROJECT: SPOTLIGHT

    View Slide

  52. SPOTLIGHT
    • Hide and Seek
    • No trained “seekers”
    • We’ll use bicycle couriers and bored students
    • 20 Reticle Nodes
    • 12 Hours
    • 10 Targets (5 mobile, 5 static)

    View Slide

  53. SPOTLIGHT
    Anyone want to come play with us? We’d love to partner.
    [email protected]

    View Slide