The Getaway: Methods and Defenses for Data Exfiltration presented at BlackHatDC 2011

by Sean Coyne,


Summary : There are several stages to a successful cyber attack. The most crucial of which is also the least discussed: data theft. Cyber criminals, insider threats, advanced persistent threats; every attacker has ways to get into your network and find what they want. While there are several tools, methods and strategies to combat intruders, once theyve made off with your data there is no getting it back, the game is over.
MANDIANTs consultants regularly respond to incidents where data, intellectual property even money is being stolen from victim organizations. During this presentation we will take a look at some of the advanced methods of stealing data that we have recently encountered in the field, including: preparing and cleaning staging areas, avoiding DLP/traffic scanning products and how attackers use a victims own infrastructure and architecture against them. We will discuss why these tricks work and what, if anything, can be done to stop them.
Whether it be financial information, intellectual property, or personally identifiable information; the most valuable thing on your network is the data. Intruders may get in, but until they get out with what they came for the games not over.

Sean Coyne: Sean Coyne is a security consultant for MANDIANT, where he conducts penetration tests of networks and webapps, teaches cyber investigation to federal agents, forensics investigations, and security assessments for government and commercial clients. Prior to this he has worked for an elite handful of security and consulting firms serving intelligence & defense clients here and overseas. Sean was one of the first graduates of Penn State's Information Assurance program and is currently studying intelligence analysis at Mercyhurst College.