The global telephone network is often an opaque and muddy environment where many false assumptions of privacy are made by its users. Providers do their best to compartmentalize as much privacy-centric data as possible. However, information must be shared for the sake of network interoperability. The speakers will discuss gaps in privacy protection and how they can be leveraged to expose who you are, your location, and the privacy of those in contact with you.
Demonstrations will reveal how location data can be augmented and used in several fashions. First, the speakers will show how information can be leveraged to develop fairly accurate physical boundaries of a particular mobile switching center and how this information changes over time. Second, the speakers will overlay cellular tower data to depict coverage in a particular mobile switching center. Next, the speakers will demonstrate how to visualize an individual traveling across adjacent mobile switching centers and the cell towers they are likely to associate with. Finally, the speakers will demonstrate how known location values for many subscribers can reveal location information for handsets where location information can't be obtained directly.
Lastly, the speakers will elaborate on mitigation strategies for these attacks at the subscriber level and potential mitigation strategies for the provider level.
iSEC Partners, Inc. Don Bailey is a security consultant with iSEC Partners, Inc. Don has found and exploited unknown vulnerabilities in both userland and kernel code on many popular computing platforms including Mac OSX, Linux, FreeBSD, and OpenBSD. He also has a strong background in network protocol analysis and root-kit design and detection. Don's prior work includes threat assessment for a wide range of clients, including the financial sector, government sector, and Fortune 500 companies. Mr. Bailey has previously spoken at several national and international security conferences on various topics such as zero-day development, root-kit design, NULL pointer dereferences, and DECT security.
Nick DePetrillo is an independent security researcher with a focus on critical infrastructure. Most recently, Nick was a senior security consultant with Industrial Defender performing physical and electronic security assessments for utility companies and power plants. Nick also researched Smart Grid/AMI hardware and software security issues while at Industrial Defender. Previously, he worked as a research and development engineer for Aruba Networks, concentrating on wireless security threats and prototyping new products. Mr. DePetrillo has also consulted for U.S. government agencies, Fortune 500 companies, and worked as a network security engineer for an Internet2 giga-pop. Nick has presented new security threats and mitigation techniques at both national and international conferences.