Nope, not a photoshop this time. It's CSEC, the Canadian government's version of the NSA, presenting a hacker conference for computer security enthusiasts this November in Quebec. [h/t Lux ex Umbra]
Events scheduled for Hackfest Strikes Back include :
- Hide yo Apache, hide yo SSH cause they backdoorin’ everybody out there
- Bypassing Security Controls with Mobile Devices
- Bypassing whitelisting/blacklisting, anti-virus, and other preventative technologies
- Bypassing Security Defenses – Secret Penetration Testing Techniques - $995.
And a panel discussion : "How can researchers make money selling vulnerabilities? Should they or is it extortion?"
A talk titled Why the NSA should have every vulnerability by now explains :
"High budgeted intelligence organizations, such as the NSA, will not help fix vulnerabilities, only find as many as possible. The intention is to use these vulnerabilities for offensive operations and fixing them is counter-intuitive to that goal."
Difficult to escape the irony here.
In 2006 CSEC was entrusted with overseeing the global encryption standards process for 163 countries. CSEC handed those keys to the NSA, which promptly used them to insert vulnerabilities and backdoors to allow them to spy on foreign companies and governments. The NY Times quotes an NSA memo on how they pwned CSEC:
"... beginning the journey was a challenge in finesse. After some behind-the-scenes finessing with the head of the Canadian national delegation and with C.S.E., the stage was set for N.S.A. to submit a rewrite of the draft … Eventually, N.S.A. became the sole editor.”
And now CSEC presents workshops and panel discussions on the efficacy and ethics of profiting from those same backdoors and vulnerabilities.
.
Update : Dear CSEC : Stop bullshitting us.
When Clapper was asked by the US Congress if the NSA spies on Americans he said no.
When CSEC was asked, CSEC chief John Forster answered :
Update : Dear CSEC : Stop bullshitting us.
When Clapper was asked by the US Congress if the NSA spies on Americans he said no.
When CSEC was asked, CSEC chief John Forster answered :
“CSEC does not direct its activities at Canadians and is prohibited by law from doing so."which completely ignores Part C of CSEC's own 3-part mandate in law [emphasis mine] :
1. to provide technical assistance to CSIS and Canadian law enforcement agencies;
2. to assist CSIS under s. 16 of the CSIS Act; and
3. to assist CSIS and Canadian law enforcement agencies by intercepting the communications of a Canadian/person in Canada that is subject to a CSIS warrant or authorization from law enforcement agencies..
