Analysis: The strange world of cyberspy vendor conferences

It is common knowledge among intelligence observers that espionage activity around the world is on the increase, having in some cases surpassed Cold-War levels. The main facilitator of this phenomenon is technological, namely the ease of access to classified information afforded by relatively safe cyberespionage techniques. In our 21st-century, therefore, the spy v. spy game takes place largely online. Ironically, however, many of the government agencies engaged in offensive cyberintelligence operations against each other buy the required software and hardware from the same vendors. The latter are private companies, headquartered in Milan, London, Johannesburg, Montreal, and other cities around the world, which periodically participate in industry trade shows. These gatherings are eerie, secretive meetings, frequented by international spies representing various governments, and are strictly closed to outsiders. Vernon Silver, of Bloomberg, which has done an admirable job lately tracking the operations of these secretive vendors, has penned a fascinating exposé of one such bizarre trade show, called ISS World. Known informally as ‘Wiretappers Ball’, ISS (short for Intelligence Support Systems) World convenes several times a year in various cities around the world. One recent show, which took place in Malaysia, hosted nearly 1,000 attendees from 56 countries, writes Silver: “unlike trade shows, this one had no social events [and] no corporate-sponsored cocktail parties”. Instead, merchants of communications interception technologies offered demonstrations to agents of various governments, of what is called “offensive IT intelligence”. These demonstrations, conducted by appointment only in darkened conference rooms, center on technologies that can hack cell phones, break into email accounts, unscramble encrypted Skype calls, and surreptitiously access targeted web cams. Typically, ISS World is closed to journalists; when Bloomberg’s Silver attempted to interview an ISS World employee, presenting him with his business card, he was flatly told that “anyone can print a business card”, and therefore it cannot be regarded as a reliable form of identification. Perhaps the strangest part of these trade shows is that they attract agents of rival governments, who presumably purchase interception equipment from the same vendors; Silver describes a scene in which “contingents from Greece and Turkey sat on opposite sides of the [same] room” during a conference break. Moreover, some countries forbid their representatives from interacting with agents of other governments at these events, fearing possible recruitment attempts from rival spy agencies. In some cases, governments will send ‘minders’ as part of their national delegations, whose task is to “watch the rest” of their team at the conference. Silver’s fascinating article is here.

5 Responses to Analysis: The strange world of cyberspy vendor conferences

  1. Though it may not be news to the readers of Intelnews, it’s not just industry insiders and corporations who sponsor and/or stage major “trade” events ripe for espionage. I believe that much of the country would be surprised and concerned if they knew what went on during the many “back room” and other unofficial events at the major hacker conferences like Black Hat in Las Vegas.

    Many of the ‘invitation only’ and even some of the more or less ‘open’ sessions are high-level, educational events with focus on penetration, exploitation, encryption and obfuscation.

    Attendees at these conferences are most definitely not the script kiddies, gamers, music pirates and unsophisticated rogues that much of the PR, such as it is, implies. They are, however, quite adept at games such as “Spot the Fed” and “Out the Outsider.”

    Over the past ten or so years the increase in foreign nationals and other ‘attendees with an agenda’ at these training programs has been noticeable.

  2. intelNews says:

    Thanks for sharing this interesting account. I guess the major difference between Black Hat and ISS World is that the latter gears itself toward an international audience. Come to think of it, I’m not sure anyone exactly understands what is the main goal of meetings like Black Hat. [JF]

  3. RE: Black Hat

    The main philosophy boils down to “ALL Knowledge Should Be Shared.”
    While I believe in the nobility of the goal, the practicality is lacking a bit because, as we all know, some knowledge should NOT be shared.

    When Black Hat comes to town the casino security staffs go on overtime. While some ‘sessions’ do focus on things like hacking video poker and so on, these are usually attended by ‘newbies’ and the idly curious. The conferees don’t want to mess where they eat.

    I did have the network manager for one casino tell me that she actually looked forward to it, because it was an annual and thorough test of the casino’s security.

    Many sessions are highly technical and delve into very sophisticated techniques for executing everything from firewall breaches to building and destroying botnets. Representatives from many vendors (IBM, CISCO, Verisign, etc.) attend, though they may endeavor to be anonymous.

    Because of the proliferation of ‘moron level’ do-it-yourself virus kits, the sessions on malware have become increasingly sophisticated with emphasis on rootkits and ‘sleeper trojans.’

    There are always a number of both formal and informal sessions and discussions on database security, the latest encryption techniques and known security vulnerabilities.

    Since almost everyone has affordable, unlimited US voice calling, phone phreaking sessions focus more on understanding/hacking international networks and cellular/satellite hacking and mischief with Smart Phones.

    Of course virtually NO ONE pays for any kind of wireless connectivity either at the conference or back home.

    For the most part, the conference is mis-named, since the vast majority of those who attend are ‘more or less’ good guys, or White Hat hackers. While there is usually a noticeable non-US presence, I’ve watched the makeup of that group change over the last ten years. I see fewer Japanese, South Korean, Taiwanese and other ‘friendlies’ and more Chinese, Russian and Middle Eastern individuals.

    Though a lot of people might look at the ‘average’ Black Hat attendee as a crook/bad guy, and some are, the majority are basically patriotic and wouldn’t intentionally do anything to compromise US security. That word “intentionally” however, is the rub. They do a pretty good job of policing themselves, and it’s rare, but not unknown, to see an “undesirable” being forcibly ejected from one of the private sessions.

    Since the focus of my business has changed I probably won’t be attending another, but if you have the time and inclination it can be a real eye-opener.

  4. intelNews says:

    Thanks for this response, Steve, which I think is far more interesting than my initial posting. It seems like Black Hat has something for everyone, ranging from the mildly curious onlooker to the experienced professional. And its name –Black Hat– has always been confusing to me, so it’s nice to read that it’s misnamed. Most of what I know about Black Hat comes from Wired, which tends to focus on selected sessions, so it’s nice to read this broader impression from a participant. [JF]

  5. Anonymous says:

    blackhat… sellouts… defcon… woo woo

We welcome informed comments and corrections. Comments attacking or deriding the author(s), instead of addressing the content of articles, will NOT be approved for publication.

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: