OPSEC for security researchers

Friday 26 September 11:30- 12:00, Green room.

Vicente Diaz Kaspersky Lab
Dani Creus Kaspersky Lab

   This paper is available online (HTML, PDF).

  download slides (PDF)

Being a security researcher nowadays is not an easy task, especially now that we no longer deal only with technical aspects. The global picture of the security landscape these days features new actors including governments, big companies, criminal gangs and intelligence services.

That puts researchers in a tricky situation.

It is not unheard of for researchers to be threatened by criminal gangs, or approached by intelligence services. In other cases they have found themselves under surveillance or their devices have been compromised when on the road.

What should be our position for minimizing risks? What can we do to avoid leaking information which could put us in an uncomfortable situation in the future?

Sometimes we are the public faces of research, on other occasions we don't want to be in this position.

In some sense, we as security researchers have power and capabilities over some of the threats we analyse - for instance, we can shut down a cyber espionage operation. Some believe that this power makes us like the 'police' of the Internet, even when we don't have a clear attribution. However, one of the main differences between us and the police is that we don't have any OPSEC training or capabilities to protect ourselves.

This talk will provide the basis of OPSEC for security researchers, discuss the points where we may be leaking information about ourselves, highlight the best practices both in our daily investigations and when travelling, and describe what can we do in certain situations where we may be in a delicate position and how to minimize trouble in daily activities such as travelling.

We will provide some real examples in which small information leaks have led to the identification of real people, describe the tools can we use and their weak/strong points.

We believe that, as security researchers, it is very important to know OPSEC - after all, our opponents do!

Click here for more details about the conference.

Vicente Diaz Vicente Diaz is Principal Security Analyst in Kaspersky Lab's Global Research & Analysis Team. Vicente specializes in intelligence, data mining and big data applied to research on malware and fraud in the European region, including banking trojans, social networking threats, cybercriminal 'partner networks' and mobile malware. Prior to joining Kaspersky Lab, Vicente worked as a software developer for IT&C and Actaris, after which he took up a research position at the Technical University of Catalonia (UPC). He then entered the field of IT security, working for a number of leading companies for more than five years. Vicente is the author of several software tools and is active on the conference circuit, both as an organizer and speaker. He is a member of the advisory board of Source Conference and a cofounder of Edge-Security, a security group dedicated to research and organizing non-profit events such as FIST conferences. He holds a degree in computer science and an M.Sc. in artificial intelligence. @trompi

Dani Creus Dani Creus has been working in the security field for 10 years acquiring practical knowledge on several infosec disciplines (offensive/defensive/research) focusing on cybercrime and intelligence. Prior to joining the GReAT team at Kaspersky Lab, Dani worked as a lead investigator performing incident response and forensics investigations for the EMEA region within the Verizon's RISK Team. He also formed part of the e-crime team at S21sec mainly involved in cybercrime intelligence and digital threats research.