Even though the Internet has had many wild and wooly days, I think we reached an interesting tipping point this past year with traditional power structures having power stripped forceabily frome their grasp by the ultimate enabler and disrupter of modern times.  The Internet.  Of course this has been studied before so I will be more specific.  The digital destruction of the company HBGary at the hands of a… God I hate this term, hacktivist group, or should better be known as a hive-mind collective of world wide individuals that rally around certain ideals and concepts.    

The tipping point I am mentioning is that typically the groups protest in many ways, but typically through the technical execution of the problem with no current answer.  Distributed Denial of Service (DDOS) attacks.  However recently several targets have been “raided” and the literal lifeblood of their organization, their email has been absconded with and posted in leak forums, social cloud based posting sites, and in bittorrent feeds.  God help companys that are corrupt or have , or embarrassing personal data, or critically sensative content that would make or break them…..  Now are running for the hills.

The ability to post something on the Internet and have it picked up and replicated such that it is impossible to retrieve is truly a POWERFUL tool that could be used for good or evil.  Additionally it is a great equalizer, or could be used for false information attacks, or just to sow chaos. 

I could actually be used for good when used judiciously and wisely by releasing Malicious Actor information and exposing their operations.  However, the releaser would have to be content to not be able to take credit for this information, and most assuredly make sure it is never found out that the information orginated or was released by them.  This of course was HBGary Federal Aaron Barr’s collossal mistake.  One would have wondered with a long background in intelligence and IO as well as much trolling experience at the keyboard observing the behaviors of Anonymous why on earth he would have thought to voluntarily blow his cover and reveal himself.  Partly it was due to sheer greed and self promotion for his company, and to get PR to obtain more Federal Goverment work for his company.  Nothing bad about generating business for yourself, however when you deal with the ruff and tumble of the digital underground you need to play certainly by different rules. 

The problems we currently face on the Internet are numerous, allowing for digital gansters to bridge the divide from cyber to real world and impose punishing costs.  The zillions of dollars in IT security has done Little to NOTHING to change this fact and it continues to get worse.  One of the reasons is the fact that there is too much duplication of efforts, the the defensive side of the house, and the offensive as well.  Everyone wants their own rice bowl, instead of developing national level strategic capabilites.  There is a concept called coopetition where organizations can collaborate and share information on some things, and then compete on other things such as price, service, support, and features.   You can see a complete FAIL of this in the Malware DNA concept development realm.   I pioneered the concept a couple of years ago and it spawned a whole slew of completely incompatible offerings that are all in parallel development.  If one problem needed such a critical consolidation of research and effort it would be this one.

OMG BTW – Greg Hogland, – If you present at RSA your “idea” of what APT is to RSA like you described in your audio clip that was posted, and how your emails about what it is and isnt, you will be laughed out of the room.  I suggest you get with people who really understand the threat and get briefed before you look completely stupid.

I will wrap this up by stating that I think this is just the beginning and we will probably see more raids to come.  Organizations better get off their collective asses and implement SIGNED AND ENCRYPTED email before they get OWNED as well.  Come on guys, this technology has been around for Years and Years.  I wont even post any links to good vendors if they are that ignorant.  Of course the concept of mandatory signed and encrypted email will have everyone screaming but maybe it would prevent the total vacumn cleanering of email out of our nations most sensitive inboxes to include every major VIP in our goverment.

SO, Attribution Intelligence…. DO it right, use the Internet, do it Anonymously next time.  Build an Attribution Market for the secure posting of Attribution Intelligence.  Seed and build incentives for participation.   And .   Im really suprised someone didnt warn you better.   Go SLOW, Danger Will Robinson, Here they be Giants.

Ironically, the social network analysis research Mr. Barr was “pioneering” is now being done on over 100,000 emails in the digital domain through a cloud supported, crowd sourced digital investigation and then will be publisized through a steady stream of media releases and reports.  Apparently the “Haul” was so damageing and impressive that they group has decided to launch their own .  This does not bode well for the future of secure digital information.

Real intel agencies have been doing social network analysis at a massive sophisticated level for years.

And even in MORE irony, if Anonymous is not careful, and they go searching through the email, they might get infected with a number of APT related malware samples, providing plenty of opportunities them to get Snagged up in National CounterIntelligence Surveillence networks.  (not guys you want to fuck with)  There’s really not much Anonymitity/Privacy/or Security when your shit gets pwned.   And as an added benefit, Anonymous would get exploited by Chinese Military Intelligence.  That would be exactly WHAT we need.  IF Anonymous really wanted a hard target they should take on Chinese APT groups.


Get every new post delivered to your Inbox.