Conference:  Defcon 31

Authors: Scott "Duckie" Melnick Principal Security Research and Development, Bulletproof International

2023-08-01

On September 29th, 2022, one of the most controversial poker hand was played, winning an all-in $240K cash pot on the Hustler Casino Live poker stream (HCL) by newcomer Robbi Jade Lew. The controversy and accusations of cheating took the poker and media world by storm! Conspiracy theories emerged immediately within the media, podcasts and the internet sleuths, including crossover theories from the Chess cheating scandal, accusations of collusion with HCL employees, and advanced technology being used. This is the wild tale of my investigation into cheating live stream poker if it was done and what are all the ways I would do it. I will also show how I utilized my experience from attending hacking conferences such as DEF CON for over 26 years, the competitions and how I tapped into a broad range of resources throughout the years of making friends in the hacking community, reaching out to discord groups and doing that which isn’t covered in the academic world. This is why I am here; this is why you are here. This war story contains treachery, wild technology theories, drama and current criminals on the run. But you, the audience must all decide. Is Robbi innocent or guilty? Was something missing? How would you have cheated?

Conference:  Black Hat Asia 2023

Authors: Yue-Tien Chen, Zih-Cing Liao

2023-05-11

Cyber espionage actors have demonstrated great interest in the media industry. These actors seem to like to see Taiwan's daily activities through the "eyes" of these media companies and journalists. During Taiwan's intense 2022, we saw more and more Advanced Persistent Threat (APT) groups infiltrate Taiwan's media industry. In our observation, the media has become the first non-government target of those APT groups.This talk will focus on APT's targeted attack against media companies in Taiwan. We dubbed this series of attacks "Operation Clairvoyance." Because Taiwan has a much more intensive political situation, such as the former US House Speaker Nancy Pelosi's visit and the 2022 Local Election, we will dissect more than 20 targeted attack operations TeamT5 has tracked since 2020. Our analysis shows technical links between these targeted attacks and the infamous Chinese APT, including APT23 (aka GouShe), APT41 (aka Winnti, Amoeba), and BlackTech (aka Huapi).Our presentation will cover these attacks' Tactic Techniques and Procedures (TTPs). We have seen those APT groups adopt different TTPs aimed at media companies. Some of those backdoor abuse cloud service as their C2. More importantly, these cases gave us a peek into China's strategic move. We believe that these APT attacks are the preliminary work of the Chinese government. Our strategic intelligence indicates several possible scenarios which could lead us to consider the ultimate goal of these APT attacks. We will provide the attacking scenarios after these threat actors have infiltrated the media industry.