Technical Tuesday – 21 June 2016 – SS7, SWIFT, and Checking: Closed Network Evolution and Exploitation by Jeff Kuhn of Amches, Inc.

Posted by on Jun 21, 2016 in Events Archive | No Comments

A recent 60 Minutes article on extracting mobile phone information from the SS7 telephone carrier signaling network crystalized some thoughts I’ve had for a while on the evolution of closed networks over time and the security implications of opening closed networks. This talk examines that issue using three case studies: the SS7 demonstration, the recent theft of $81 million dollars from the New York Central Reserve Bank belonging to the Central Bank of Bangladesh using the SWIFT network, and the enormous but generally unremarked shift about 10 years ago from the paper check to digitized check information as a negotiable instrument for moving money between bank accounts. All three involve complex networks with both “real world” and digital network dimensions, and illustrate how authentication and trust design decisions (explicit or implicit) made when a network is first created can lead to exploitation opportunities as that network and the way it’s used evolves over time.

Presented by: Jeff Kuhn of Amches, Inc.

Mr. Kuhn has 30 years of Intelligence Community and commercial experience with networked system vulnerability analysis and security engineering. He began his career in the early 1980s at the R&D division of the National Computer Security Center before spending more than a decade performing Computer Network Operations engineering as a Department of Defense civilian. Mr. Kuhn then spent five years with GTE supporting their early CALEA lawful intercept efforts and a series of telecommunications security engineering programs. After another ten years providing technical direction and key engineering for Pangia Technologies’ Cyber Network Operations practice, he is now Vice President of Security Engineering at Amches, strongly focused on networked system security and practical cyber operations.