With the rise of a forensic response to malware intrusion you would think that malware would be smart enough to actually attempt to clean up its tracks by implementing secure deletion methods.  These would include Secure deletion off the disk so as to foil file recovery via forensic means by using tried and true secure deletion tools such as are used to wipe a drive of classified materials.  Microsoft SysInternals sdelete.exe and a zillion other tools are freely available for for whatever reason have not been incorporated into attack methods.  I have been wondering this absence for awhile now in malware.  It will only be a matter of time.  While Metasploit has pioneered a number of anti-forensics methods not one has delved into the secure erasure of malware footprints so as to render forensic response by products such as Guidance Software Encase moot. 

Additionally advanced methods to obfuscate in memory and secure deletion or overwriting of critical data in memory would be needed to foil the growing rise of live memory forensics which many organizations still cant seem to wrap their heads around to use operationally.  HBGary is an awesome tool for live memory forensics as well as Mandiant and the Volitility Framework.

The ….

Hackers Swipe Terabytes of Sensitive Pentagon Data

Apparently the has been hacked multiple times.  Nice :(  Way to go with maintaining our pointy tip of the spear.  You develop, we rip it from you.  Billions in R&D lost.  However if I was on the other side of the fence, and I had the capabilities I would steal it from you to if I knew you were too gutless to stop me or fight back.

060707-n-1328c-141

This is entirely possible.  I was on a proactive malware seek and destroy digital forensics team for a major defense contractor where we found some of our workers doing DEVELOPMENT work via AirForce Virtual Private Network remote access on small little systems such as AirForce One, the B-52, the Prowler and other air based electronic attack platforms and systems.

The developer was going out getting all kinds of little opensource and development tools and using them in his work, and somehow got all munged up with a malware infestation. Needless to say we escalated that quickly however it amplifies the seriousness of if you get compromised and what can happen.

Firms like Northrop, Lockheed, BAE, Boeing are supposed to be the best in the cyber business but with firms so large and expertise so sparse, you cant guard everything all the time constantly.  Theres lots of technical solutions for things however budgets are sparse and will is low, and Beauracracy is RAMPANT.  Process and Rules choke out agility and innovation.

At the end of the day I believe game changers are needed to begin the targeted and offensive attacks of known cyber operators that are doing this for profit and espinage gain.  I mean doing really bad things to these people and their systems and organizations.

_44229147_helmet_pa300b

The gauntlet is thrown, you have been slapped, what the fuck are you going to do about it…

gauntlet

Follow

Get every new post delivered to your Inbox.