BSides Canberra 2017 Panel
Saturday 2.30pm - 4.00pm
Speakers:Alastair MacGibbon - Special Adviser to the Prime Minister on Cyber Security
Patrick Gray - Media, Risky Business Podcast and BSides Canberra 2017 Keynote speaker
Stephen Ridley - CEO/CTO Senrio, BSides Canberra 2017 and ACSC 2017 International Speaker (USA)
Adam Boileau - Organiser of Kiwicon (New Zealand Hacker Con), Risky Business presenter, works at Insomnia Security
Laura Bell - Founder of SafeStack, ACSC 2017 International Speaker (NZ)
Introduction:Welcome to the BSides Canberra 2017 panel discussion! We couldn't go this year without putting to our esteemed panel guests topics that have sprung up over the last year. Those Shadowbrokers, WTF? We are literally watching nation-state espionage on the public internet and if the NSA actually got owned by Russia, that is some popcorn-level drama. Russia you say? Did they really change the US election? Or on our own soil, that census fail was a right proper f* up. Learn to internet Australia. Maybe hacker cons are the solution? Where are Aussies going to go now that Kiwicon is no more? Maybe hacker cons _are_ the problem - do you think they're sexist? Maybe we should see what WikiLeaks, snowden, or Manning have to say - or do you think public opinion has changed?
Those are some interesting topics to say the least. We probably won't have time to cover all of those topics, but we'll put some of them towards our panel guests. Let's hope our panel is up to the task. And remember audience, ASK QUESTIONS. This is an interactive panel! The points below might help you get started:
Shadowbrokers – WTF?
- Do we believe the intent of shadowbrokers was to make money?
- Is it likely that shadowbrokers are state-sponsored actors?
- Are the shadowbrokers Russian intelligence?
- Is the Equation group NSA? Or are they NSA private contractors?
- Did Russia infiltrate US top secret systems to steal the Equation group’s warez?
- How did they do it? Did the NSA really set up internet accessible systems to attack other states with all their tools online? Opsec 101?
- Was it human intelligence? Did Russia have a physical presence in top secret facilities and exfiltrate the data with USB sticks?
- This hasn’t been picked up by mainstream media – why?
- Has the NSA’s reputation been damaged?
- Holy shit – there was a lot of server side exploits. Is the Equation group really so far ahead of the client-side exploit writers in the general public?
- How much are those exploits really worth on the exploit market?
Did Russia hack the US election?
- What proof do we have? Is this proof available to the general public?
- Considering that intelligence is heavily financed by government, why does Trump not believe the CIA’s analysis?
- What benefit does Russia see in Trump being elected president?
- How and why did Trump win an unwinnable election?
- Why is Russia in our sights now when 2 years ago we were all screaming China?
- Are states attacking or infiltrating critical infrastructure? For what purpose?
- Is this a rebirth of the cold war, or to be less dramatic, will this have a continuing impact? Will China be on topic again in a year’s time?
- Is it possible for a country to secure their election?
- Is electronic voting an answer, an enemy, or not at all relevant (if it’s simply a propaganda war and not a technical attack)
- Is electronic voting ready for developing countries? Do we expect technical attacks? Stand over tactics, or propaganda?
How do we now see Wikileaks, Jullian Assange, Edward Snowden, and Chelsea Manning?
- Are they heroes or traitors?
- Is everything leaked? Have they slowed down? Are they still relevant?
- If there is, why do we think there is a shift in public perception?
- Has the US intelligence community limited its powers or does it see the leaks and surveillance as 2 steps forward, 1 step back?
- Does society want the intelligence community to reduce its powers? What do different demographics want? What about pre-911, post 911?
- Are human rights activists targeted around the world? By which intelligence agencies?
- Does the government really drop a chain of 0days against IOS worth 1 million dollars each to attack individuals in the general public that cheat welfare or smoke too much dope?
- Why isn’t Snowden, Assange, and WIkileaks not leaking Russia’s involvement, if at all, in the US election?
- What is the motivation to give Assange and Snowden immunity? Whose interests does it benefit?
- Is commuting Manning’s sentence a PR stunt by a president about to leave office?
Are hacker cons sexist?
- Or is it just infosec in general? Or Engineering? Or STEM?
- Look around, how many women do you see? Is this proof?
- Why are women underrepresented?
- Why aren’t we complaining about other underrepresented groups? Aboriginals? Ethnic minorities?
- Does positive discrimination and outreach help?
- Does outreach create positive role models who are capable leaders?
- Do we want technical women or female leaders when we outreach?
- Do code of conducts help conferences?
- What about the notion of creeper cards?
What is the state of Australasia hacker cons?
- Is the conference scene changing in Australia?
- Why do we have so many startup cons?
- Are prices too high for conferences making them inaccessible?
- Is sponsorship reasonable? (e.g., Unrest was specifically not sponsored)
- Is Australia comparable to other countries around the world?
- Why did Kiwicon have more delegates when NZ has fewer people?
- What monthly meetups exist?
- How do we get original content at Australian cons?
- Are speakers repeating their talks at every con?
- Who validates that speakers are legitimate authorities and speaking correctly?
- What technically went wrong?
- What decisions led to census fail?
- Did Patrick Gray get his analysis right? If so, how did he know this?
- What was ASD’s post-analysis?
- Should the BOM have collaborated with other departments/agencies?
- Is it likely the census data is the target of state sponsored espionage?
- Are there privacy or anonymity concerns with census data?
- Is Australia ready for internet-based interaction with large-scale government services?
- What are some success stories of government? Mygov?