They say you should never perform with children or animals. Juniper Networks’ CSO Chris Hoff found that out the hard way when he was upstaged by nine year old Reuben Paul. Reuben created a fake website, injected it with a Java exploit and executed a social engineering attack on Hoff at the RSA Conference.
Hoff’s presentation started with a simple premise - much of the discussion occurring at RSA Conference this year has centred on how the infosec industry has failed to protect businesses, government and individuals. Quoting a line from The Who song “Talking ‘bout my Generation” he said “people want to put me down”.
"The interesting thing about this discussion is that it’s easy to talk about problems. But it’s really hard to talk about solution’” says Hoff.
That lead Hoff to the crux of his presentation - the next generation of security and how we are going to get there.
He began his discussion with a history of computer security starting with a paper written in 1949 by Jon Von Neumann. He posited a “Theory of self-reproducing automata” and is considered the theoretical father of computer virology.
Hoff then looked at the 1970s through to the 2000s, noting that while some of the early viruses - which weren't even called viruses then such as Creeper and ANIMAL - were quite benign, over the years both the maliciousness and release velocity have escalated markedly.
Today, the malware scene is dominated by eta Hoff called Internet-scale monoculture vulnerabilities - threats that affect the Internet as a whole. This includes software such as Heartbleed, PODLE and Shellshock. Combined with the massive expansion of other malware driven by automation, anonymous marketplaces where malware and stolen data are traded and the actions of some nation states Hoff painted a very scary picture. He then layered the Internet of all things to make it clear security is part of everyone’s life.
At that point, a covered server rack is rolled onto the stage, with young Reuben stepping out as the face of the future of IT security.
Hoff and Reuben proceeded to demonstrate how easy it is to execute a targeted cyber attack. The demonstration, while not going quite to plan, showed how easy it can be to a take over a machine, use the webcam to shoot pictures and then shut the machine down. It highlighted who easy it can be to execute an attack and the importance of investing in students in order to build important skills in software engineering.
Importantly, although Reuben is just nine years old, he’s been learning these skills at school already. We’re left wondering how many schools in Australia are actively engaging young students in IT education in such an engaging way.
You can watch the full video here
Anthony Caruana travelled to the RSA Conference as a guest of Symantec.