Jenny Radcliffe - hacker halted 2020

Hacker Halted 2020 – Day 1

Hacker Halted day 1 is over and provided several very informative and entertaining speakers. The event itself by EC-Council had a few technical hiccups along the way but as this was probably put together at the last minute as an online conference instead of a face to face event and is free I think we need to be a little bit more lenient with the organisers and give them a bit of time to smooth everything out.

Jenny Radcliffe started us off with a presentation about how social engineers have been taking advantage of Covid19 by scamming people with fake tests, fake cures and trying to cheat the government relief schemes out of money before they have had a time to tighten up their security. Using peoples fear of the situation as leverage to make as much money as possible before the other bad actors get there. One key point is that while some of these scams may seem obvious to us, many are not and just because someone has fallen victim to a scam does not make them dumb. Labeling scam victims as the weakest link can end up being counter productive as it sets up a white hat vs user mentality when it should be a white hat + user vs black hat one.

Marcelle Lee followed up with a look into how she got into a career in cyber from unrelated jobs and what types of activities are undertaken on a day to day basis. A good talk for anyone not working in cyber currently to give an idea as to one of the potential roles. Marcelle works in the intelligence gathering/sharing side so the majority of the talk covered sources for finding out the latest cyber security related news and what the current threats are, including a discussion on the evolution of ransomware into name and shame ransomware where the files are exfiltrated out to be used for blackmail before the victims machines are encrypted.

Antonio Rucci was next with a talk about ransomware using real world examples instead of just theory, Highlighting ransomware which demands payment within 24 hours being a sign of an amateur attacker as more experienced criminals would know it takes far longer than that for a typical victim to setup a crypto currency wallet and transfer money into it. One point which stuck out was that from his experience 90-95% of ransom payments resulted in the data being unencrypted and sent back to the victim as promised. Which goes against what I had previously assumed that it was far more of a gamble and the bad guys were just as likely to drop contact.

After that came the very passionate Jake Williams who highlighted the need to communicate well with people from all walks of life, specifically the ones paying the bill for cyber security services. This topic does tend to come up at least once or twice in most conferences but the talk delivered by Jake came with far more practical examples than I’ve seen before. Such as suggested analogies to help explain security concepts to people who may not have come across concepts such as defense in depth or baselining before.

Overall a very fun first day, it is very obvious that each presenter is an expert in their field and put a large amount of effort into their talks. For us to be able to enjoy them for free is a bargain.

Game Event

If anyone msised any of the codes from these talks for the event game I’ve created a seperate page to list them all: