It’s a tough job, but someone’s got to do it.

Every February several hundred of the world’s top IT security experts gather in a sunny beach resort, be it in the Americas, Europe, Asia, or just off the coast of Western Africa. But they don’t go for the sun, per se. Or the beach. Or the beach-bar cocktails. They go… to fight cyber-swine! At least, that’s what they attempt to tell their loved ones when they disappear for a week in Feb to this year’s chosen idyllic paradise.

And this year’s idyllic paradise was the Canary Islands – chosen for, you guessed it, the Security Analyst Summit (SAS), our annual special pow-wow for IT security gurus. SAS brings together InfoSec big guns from different companies, with different specializations, from all over the globe, to basically just chew the fat, sometimes formally – mostly informally – in air-conditioned basement conference halls – and on sun loungers on the beach (oops, the secret’s out for those loved ones:) – in order to help more folks understand the where and how and why of IT threats by exchanging expert know-how and experience.



SAS-2016 brought together some 330+ participants from 30+ countries.

On the first day everyone was in one and the same big hall: here the keynote presentations were given, as selected by the program committee. On the second day we were split up into three thematic groups (one of which was (logically) dedicated exclusively to critical infrastructure protection).

In addition, this year for the first time there was a series of training sessions on hot tech-topics, including reverse engineering, and masterclasses on Yara and Maltego, all given by our top experts. These went down really well and will feature at future SASs for sure.

As per tradition, quite a few of the presentations were… creative and visual and humorous. Never a dull moment – KL style :).

Also as per tradition, at this year’s SAS there were quite a few scoops: important announcements – some of them exclusive. Alas, I wasn’t able to see each ‘premiere’, but I think I’m up to giving some summaries of the most interesting ones.

The main premieres at SAS-2016 were investigations into cybercriminal attacks: PoseidonGCMAN, Metel & Carbanak 2.0Adwind and Dyreza. Details – behind those links: highly recommended: better than a top-notch thriller!

I was a little disappointed there was a lack of tales of successful investigations into cybercrimes – with subsequent jailings of the bad guys. Actually, there was one: the story told by Dutch police about our joint operation against the CoinVault ransomware campaigns. Incidentally, this is the perfect example of how security companies and law enforcement agencies can (and should) work together in order to conquer cybercrime.

The industrial security group really raised the roof. The hall was packed out: the busiest of all the presentation groupings. This was probably because the topic is so current-hot-relevant, but also because some of the presentations were so attractively-seductively titled, including How to Hack a Hospital and Power Grid Honeypot Puts Face on Attacks. Oh yes. ‘How to Hack a Smartphone’ – that’s, like, so last… decade.  ‘Attack Vectors on Nuclear Power Plants’ – that’s more like it.

Yet another tradition was continued at SAS this year: we invited experts who made some of the ‘loudest’ contributions to the development of world cybersecurity. When still organizing the event, the program committee voted most of all for two Americans… can you guess which? Clue: ‘remote controlled cars’ doesn’t just refer to miniature model toy cars anymore!

Answer: Charlie Miller and Chris Valasek – the pair who showed us how a Jeep Grand Cherokee can be hacked and controlled remotely. They were given the award of ‘Most Valuable Professional’.


Also present was Andy Greenberg, the journalist who authored the article about the Jeep Cherokee hack – the one who was driving the Jeep when Charlie and Chris conducted their experiment. Judging by the plethora of words beginning with F in the report, I think it’s safe to assume Andy was more than a little unnerved during the experiment, and understandably so: can you imagine driving along when someone remotely turns off the engine, turns the steering wheel, and turns the radio up full blast?!?!

So it was good karma at SAS when Andy got his own back on Charlie and Chris :).

Besides how ‘elite’ SAS is (always strictly invitation only), another way SAS differs greatly from similar events is its especially friendly and relaxed atmosphere. No sanctimoniousness, no high horses; just straight cutting to the chase and the core – with lashings of humor and irony. Also, for many guests (including from KL) SAS is the only time of the year to come face to face with colleagues and peers instead of via phone or the Internet. This also adds to the special cozy atmosphere at SAS.

At the end of the first day, the ‘3 on 3’ theme went down really well. Here, teams defended points of view on random security topics – often not points of view they actually hold. So it was quite amusing seeing champions of online privacy agitating against cryptography for all, and antivirus stalwarts trying to convince us that antivirus is dead :).

Perhaps the coolest recurring attraction of the gig this year (especially in the evenings) was Mighty Alcobot 1.0 – a device used to demonstrate to non-techies the basics of industrial security. The Alcobot has a simple task – to mix and pour cocktails depending on which buttons are pressed. But if you dig deeper you find that it doesn’t differ that much from, say, an assembly line. And what both have in common are vulnerabilities that can be used for hacking.

Turned out no one could hack the Alcobot, so the cocktails were only shaken, not stirred.

After another successful SAS, what remains of the impressions it made on me?…

…That we live in an extremely vulnerable world and that every new day brings more unpleasant surprises: new attacks, often masterly and large-scale. Still, when you see in one large room several hundred top cyber-special-force troops generals from all over the world who constantly fight these threats, the mood brightens up a bit lot, and you realize things aren’t so hopeless. After hearing these folks speak (semi-)formally and having a drink with them very informally, I realized that the world still has a chance.

But what I liked most of all was this: all the experts present were from different countries and different companies. Countries argue today because of geopolitics, while companies are just getting on with what needs doing, regardless: working and competing on the market. Security experts have no other option available besides working together – on the same side of the barricades. Cyber-evil can only be fought effectively with cooperation and joint efforts with colleagues in the field. So, having gathered together on sunny Tenerife, the SASers showed that for folks united by one higher, noble aim, no national, corporate or other barriers exist at all.

And that’s very cool, and very timely.

The rest of the photos from SAS 2016 are here.

Leave a note