Wednesday, September 17, 2008

ISOI 5, Tallinn, Estonia - Summary!

ISOI stands for Internet Security Operations and Intelligence. It is a professional conference, but with a very casual atmosphere. It brings together individuals who work daily to secure the Internet and respond to global security incidents, mostly as volunteers. They are often employed in government, law enforcement, ISPs and Telcos, anti virus, security industry and academia.

We often invite some policy makers as well, but they are there to learn rather than participate.

The conference is run under the Chatham house rules, with the added caveat of having to seek permission from the presenter before mentioning in public what was talked about.

When Hillar Aarelaid first approached me about hosting ISOI in Estonia, my first reaction was: 'cool'. My second was: 'ahhh'. After all, while going to Europe is something we wanted to do for a long time now... who would go as far as Estonia? I said 'go for it', and the rest is history.

How do the rednecks say: 'Boy!' I am happy I took the chance. I forgot the venue factor. You can judge how many people will attend the Virus Bulletin conference by, for example, if there was a conference there before, and how good of a vacation spot it is. Dublin was a huge hit, as was New Zealand. Get my drift?

Within two days of announcing ISOI 5, we had 50 Americans who RSVP'd as attending. We had two Europeans. Mind-boggling.

As the conference approached, more Americans RSVP'd and we found it amazing we had barely the same number of Europeans. We later found out that there were five other conferences before or immediately after ours, not to mention one in Sweden on the very same dates. The scale was then tipped and we ended up with lotsa Europeans, but the lesson about what vacation venues mean to Americans was learned.

Randy Vaughn once again came to the rescue with preparing the online schedule, and Hillar along with the rest of the Estonian CERT made our stay amazing, and ran one hell of a conference.

Conference highlights
1. Estonian girls. Enough said.
2. No tax on alcohol. Enough said.
3. No sleep in between conference days. 'So say we all!' :)

Two evenings before ISOI, before the local Estonian CERT conference, we all went out to an Irish pub, called St. Patrick's of all things. Hillar picked up the tab.

The evening before ISOI we all went out to a local place across from the Viru hotel, where after drinking profusely for hours and eating dinner, the bill was only 200 Euros or so (I just got diet coke, shame on me).

Chad from Sunbelt simply picked it up instead of gathering money, saying it costs less than dinner in Vegas--he is a great guy. Danny McPherson from Arbor picked up what was ordered later, which couldn't have possibly been more than 50 Euros--Danny is one of the more fun guys around. Lots of thanks to them both. Alcohol is really cheap over there. Think the night ended there? Think again.... but let's talk about the conference now.

While ISOI is centered around the trusted and vetted communities of folks who spend time protecting the Internet against evil cyber criminals (ooh), one highlight of the conference for me was a lecture named The Limits of 'permitted self-help' in Internet Security and Intelligence by Alana Maurushat, an Academic from Australia.

She opened the discussion of how far can "vigilante" groups (I hate that term, especially when it is wrong) go, what is legal and what isn't. Needless to say, while she was interesting, her initiation into our group was by fire. Several of us, while appreciative, were "active particpants".

She started by showing pirates on the screen, followed by an entire room yelling "Argh!!!". Good start.
The interesting discussion aside, she had to keep saying "permitted self help". I kept wanting to ask "right or left hand?" but eventually ended up using Aussie terminology (as she is from Australia, after all), saying "so, what are these wankers all about?"

Eventually I just said she must stop implying we all masturbate for a living, but it was a good time and a great discussion. She had a cold, and it was her birthday. Trial by fire, indeed. I hope she comes back, she added quite a bit to the mix.

Rick Wesson showed a map of abuse on the Internet inspired by an xkcd comic, and many other presentations filled the day, which unfortunately I barely had time to listen to. While Hillar was amazing and ran most of the conference, being the organizer keeps you busy. The rest of the presentations I can't really talk about without seeking permission (see first paragraph about Chatham house rules and caveat), so...

At the end of the first day we gathered some of the defenders of the Internet "war" of last year on a panel to answer questions. Estonians are very shy, so moderation was problematic, but it ended up being pretty interesting.

In the evening everyone went to a local restaurant/bar with local Estonian food, for the official "reception". Microsoft, Hansapank and SEB picked up the bill for the food, and Norman volunteered to pick up the drinks tab. I asked them to cover 1000 Euros, and after the first evening we never believed they would pay more than 500, given the low prices. It ended up being 1200 Euros. Unbelievable, but some of us can drink! Thanks Norman!

The second day had many neat presentations, but the second half of it was filled with presentation after presentation on the cyber conflict in Georgia last month, and one presentation on RBN by Jart Armin.

As a surprise (for me as well), Hillar flew in last second a system administrator from one of Georgia's banks to discuss how things went from her perspective. She gave a very good presentation, but the surprise he intended for me was ruined. Hillar was somewhat annoyed when I came to him with her business card. How did I find out, you ask?

"Hello, who are you? :)"
"I am Masha, I am lecturing tomorrow"
"No you are not, and I should know.. this is my conference"

I ended up giving her my copy of "Stranger in a Strange Land" by Robert A. Heinlein, which she earned (but left me book-less for the flight back home).

The rest is history. :)

Quite a surprise from Hillar!

The last evening of ISOI is when people often go off with friends to eat dinner. The Viru hotel bar seems to have become the main gathering point from which people went in groups, came back and left again. I sat back with my laptop, staring out the window as Estonian girls passed continually, while trying to hold up my end of several conversations.

It was a very good ISOI, and a very fun one, as well. Next one is around February, in Dallas TX. After that we will have one in Norway.

Special thanks once again go to the Estonian CERT: Toomas (who helped organize), Tarmo (who operated everything), Aivar (who regardless of anything, I am just happy was there), Kathrine (who made sure we all had food, and took care of us) and of course, Hillar!

Gadi Evron,

Follow me on twitter!

1 comment:

sallreen said...

the plausible deniability is provided only by that mechanism, not through changing the keys after each message. That's only the mechanism used to recover the security of the algorithm after key disclosure. It's the typical cryptographic type of proof if authenticity which is executed in a way which is only ever trustworthy to the recipient, so the recipient cannot prove anything to others with it.
Social Marketing