We’ve all heard about Nation State surveillance programs and their capabilities throughout the world, but have you ever wondered how these programs were developed and the decisions that went into them? In this talk we will go through the very recent actions a particular nation-state undertook in order to build up their offensive cyber capabilities for both desktop and mobile, including iOS and Android. With insights gleaned from exfiltrated content obtained during a recent investigation into one of their bespoke tools, we will look at the build vs. buy decisions that key individuals involved in this process went through–from the lawful intercept and exploit shops they communicated with, to their in-house development, and ultimately to what their resulting solution(s) were. This talk will have mystery, intrigue, couch surfing, and as usual a bunch of op-sec failures.
Michael (@terminalrift) and Andrew (@ablaich) are security researchers at Lookout and lead the Threat Intelligence team. They specialize in discovering, tracking, and disrupting the offensive cyber operations of state sponsored actors and have presented on some of their research including Pegasus, Chrysaor, Dark Caracal, Desert Scorpion, Frozencell, and others. They’re always looking for new adversary campaigns, OpSec fails, and are repeat offenders for maxing out their VT API quota in the first few days of the month.
Michael (@terminalrift) and Andrew (@ablaich) are security researchers at Lookout and lead the Threat Intelligence team. They specialize in discovering, tracking, and disrupting the offensive cyber operations of state sponsored actors and have presented on some of their research including Pegasus, Chrysaor, Dark Caracal, Desert Scorpion, Frozencell, and others. They’re always looking for new adversary campaigns, OpSec fails, and are repeat offenders for maxing out their VT API quota in the first few days of the month.