DEF CON / Нижний Новгород

I fought the law and the law lost

This is a series of talks aimed at surveying and publishing vulnerabilities of Argentine Armed/Sercurity Forces. We'll see 25+ hacktivism-motivated leaks on different kind of police and government systems: intelligence, organized crime, and even internal ones; whistleblowers, and more.

Full Talk Description

I fought the law and the law lost is a series of talks aimed at surveying and publishing vulnerabilities of Argentine Armed/Sercurity Forces.

Between its different chapters, some 50 critical vulnerabilities of the security and armed forces have been compiled, including but not limited to the Argentine National Gendarmerie, the Argentine Federal Police, the Buenos Aires City Police (called “the most modern of the world “according to its creator, the Head of Government) and even government agencies such as Ministry of Defense, Ministry of Justice, Ministry of Security and the Intelligence Service.

Topics such as hacktivist attacks are covered: internal leaks led by agents; politically organized attacks; the disclosure of information from a parallel and unconstitutional force with espionage objectives against political figures or social / union leaders (Called Project X); the dissemination of databases of Organized Crime (drug trafficking, trafficking in persons, among others) containing information on whistleblowers, confidential identity witnesses, undercover officers and intelligence investigations in progress; the theft of the databases of the National Criminal Information System; and even the hacking to the Minister of Security, adding at least a review of about 25+ cases during the talk, all with their due technical evidence, and all of them motivated by hacktivism.

Other topics related to privacy are also covered, such as the Digital Security Ring, a circuit of vehicle license plate readers and cameras with facial recognition that have aroused strong criticism for their systematic failures and their invasion of privacy.

Also, from the side of an attacker is covered all the possible route to get to exploit each of the cases, with scans and analysis done by the author, following as golden rule the use of passive and OSINT recognition to avoid any interaction. Explanations of “How could this happen?” Will be common, demonstrating the errors that allowed this situation to emerge: A CIO using his daughter’s name as a password? / An Undersecretary of Security using his National ID Number as a recovery question? / Previous leaks? Linkedin? Forums? Prohibited sites? / Cybercrime officials reusing the same passwords in all their accounts? / Facebook accounts that allow you to see too much?

All information is obtained publicly and any person can recreate the analyzes that lead to the results presented here. No private or privileged information is used in any way.

Mauro Eldritch
Mauro Eldritch, Argentine Ministry of Production, Buenos Aires

Mauro Eldritch is an Argentine hacker currently working as SecOps for Argentine Ministry of Production. Previous jobs include many government organisms such as Buenos Aires City Police, Federal Government, Ministry of Health, Ministry of Economy, and even FreeBSD. He was a Speaker at DEF CON Las Vegas, ROADSEC Brasil, DEVFEST Siberia, DragonJAR Colombia and P0SCON Iran.