“SideChannel has both internal and external contributions. Internally it’s a great exercise in how a problem should be broken down, studied, and a solution proposed; this makes us have, more and more, collaborators with critical thinking about their work. For external readers it’s a source of content in various levels of depth: from very simple topics for beginners in security, software engineering and design, to more sophisticated topics such as reverse engineering and memory corruption.” (Henrique Arcoverde)
Every year, the numbers of cyber-attacks only increase, demanding more and more knowledge and new skills for those working in the field. Especially in recent months, due to the pandemic of the COVID-19 virus, more people are working, studying and having their leisure time at home, with a much greater use of their many cyber devices (computers, cell phones, tablets, TVs, refrigerators, surveillance cameras, game consoles, etc.) connected to the Internet, becoming easier targets for these attacks. According to data obtained by FortiGuard Labs, the threat intelligence lab of the cybersecurity company Fortinet, in Brazil alone, more than 8.4 billion attempted cyber-attacks were recorded in 2020.
Aiming to contribute to the creation and improvement of tools and safer practices for people and organizations, the sharing of technical knowledge in the cybersecurity segment is an essential tool. One way to contribute to the community is by creating a channel to give voice to those who understand the subject. And that is why SideChannel was created.
Where does the name of the blog come from?
Side Channel is a category of attacks that extract information by observing the use of a technology rather than interacting with it. The idea to use this name came from Carlos Cabral, cybersecurity researcher at Tempest Security Intelligence, on a quiet Sunday while re-reading the now classic NSA document about a secret project of the US government to study the susceptibility of some devices to emit electromagnetic radiation in a way that could be read to reconstruct their data. In other words, Side Channel attacks by interpreting electromagnetic waves.
This project was named Telecommunications Electronics Materials Protected from Emanating Spurious Transmissions, nicknamed by its acronym, Tempest (from which the name of the Tempest company originated). “There are several Side Channel attacks: by heat, radio frequency, radio signals emanating from a semiconductor, among others. And it was based on this link between Tempest and SideChannel that we chose the name of the blog,” states Cabral.
SideChannel appeared in 2017, when Tempest opted to create a specific blog for technical content and produced by the Tempesters themselves (affectionate term used among employees of the company). And since then it has addressed various issues for the public. As cited by Henrique Arcoverde, Technical Director of Engineering and Operations at Tempest, several themes have already been brought up, “from very simple topics for beginners in security, software engineering and design, to more sophisticated topics such as reverse engineering and memory corruption.”
About content production
For a blogpost to reach you, dear reader, there is a whole process behind the scenes: from the idealization of the theme that was addressed by the researchers, through monitoring, review and technical validation by a Research Advisor (or RA), the spelling review done by a Portuguese language specialist and the institutional review by a Gatekeeper (term brought from Journalism, which are the evaluators who give the final word about the publication of a text). In other words, all the content brings a bit of what Tempest is and what its talents have to offer.
It is worth highlighting the role of the Research Advisor, who is the person responsible for following the researcher throughout the content production process, providing the necessary support for the delivery to be the best possible. Henrique Arcoverde adds that “RAs are technical references in their fields. They serve not only as a source of knowledge but also as inspiration for the younger ones. Despite their hard and discreet work, there is no doubt that, together with the researchers, the RAs are paramount in ensuring that there are new publications.”
The Research and Content Generation Program (PPGC) is a strategic initiative of Tempest and the driving force of this entire process of generating technical content, offering its Tempesters stimulus, motivation and professional recognition. It also rewards with financial bonuses the results achieved by the research and sponsors national or international trips (with airfare, accommodation and meals) to authors who are invited to present their results at security events or conferences. The PPGC is part of the Academy, Research and Publishing (ARP), which, within the board of Henrique Arcoverde, is the sector that is also responsible for the Research, Development and Innovation (RD&I) support process at Tempest, under the management of Gerson Castro.
Going back in time
With 4 years of existence, through bi-weekly posts, SideChannel has brought more than 100 posts with several important themes from Tempesters working in several areas such as: Consulting, Threat Intelligence, Software Engineering, Security Operations Center (SOC), among others. Among the most accessed blogposts and that had a great repercussion even outside Brazil is the “HTML to PDF converters, can it be hacked?“, produced by Eduardo Müller, security analyst of the consulting team. The text was created through a research conducted for his internship program, completed in 2019, whose goal of the research was to investigate what types of vulnerabilities can be inserted into a software through the use of libraries by HTML converters.
Eduardo, who will soon complete 2 years as a Tempester, shared a bit about his experience as a researcher: “this research added a lot to my career, mainly because it was a breakthrough, as I didn’t like researching before. After this experience, I started to enjoy it. And I see that this adds to the professional field, because the person becomes a reference in the team regarding the theme addressed in the study”.
Still on the subject of outstanding blogposts during the blog’s trajectory, Cabral cited two subjects that became important to him as a researcher, because they were information of public utility and had wide repercussion. Check them out:
- A cyber fraud scheme that reached a portion of the Brazilian population was discovered and baptized by the Tempesters as HydraPOS.
And a series with five blogposts from March to April 2020 about cybersecurity during the COVID pandemic, once it started in the country:
- Cybersecurity in home office in times of coronavirus: a matter of co-responsibility
- The bare minimum of cybersecurity you must consider when setting up an infrastructure in a hurry
- The strategies behind the new coronavirus-themed attacks
- Difficulties in the way of those who need to manage cybersecurity in the midst of a crisis
- Putting Zoom’s security in perspective
And already for Henrique Arcoverde, several blogposts could be cited and for different reasons. But if he needed to emphasize one, it would be Gabrielle Delgado’s A Burp plugin that automates fault detection in the HTML development process, “because it summarizes three very interesting Tempest projects: the “Na Beira do Rio” (a weekly open space where Tempesters can share their knowledge internally through technical lectures), the PPGC and the Tempest internship program.
Henrique adds: “I was thrilled to see Gabrielle’s journey from the beginning of her internship, when she knew almost nothing about security, to having identified an opportunity for improvement ‘in one of her presentations at Beira do Rio’ and having published the result. As can be seen, also from this account, there is a special attention given to the exchange of knowledge and experiences among the company’s professionals, aiming at mutual growth and with the greater objective, which is to create a safer world.
And from here on?
There is still a lot of content to come. Our researchers are always aiming to transform into words, parts of the daily experience that they have while navigating through this vast world that is cybersecurity. SideChannel, according to Carlos Cabral, “is a channel for Tempesters to express themselves outwardly, which has to do with professional growth, but also with giving a little of themselves to the community. It is also a great platform for internal knowledge sharing among Tempesters, contributing to their professional development and improving the results of the products and services they provide to Tempest clients.
Eduardo talks a bit about this content creation and sharing:
“This [content sharing], for security people is very vivid, because you’re always researching, running after what you want to learn, and people are always sharing something. I also, when I am researching, look for content. There has been someone before me who has researched that, written a blogpost about it, and facilitated my knowledge. So that would be something that I would need to give as well. I intend to keep researching and writing.”
He adds, bringing a tip for those who are starting their research: “You need to search and study about what interests you. If you like it, go for it. This will give you a gigantic fuel when it comes to research. And that is what will bring you personal fulfillment”. Along these lines, a lot of content will still be produced.
“Your content, no matter how varied the level or the approach, is always going to be useful to someone.” (Carlos Cabral)
SideChannel is a technical blog with biweekly content on cybersecurity from Tempest Security Intelligence.