Monday, April 29, 2013

Challenges with Threat Intelligence, Attribution, and Active Defense are on the Agenda at Suits and Spooks La Jolla

We've got a tremendous speaker line-up including John Caruthers, the head of the FBI's National Security Cyber Program at the San Diego field office, while on intelligence matters, we have RADM Andy Singer (USN ret) who, among his many accomplishments, was the Director of Intelligence for PACCOM. Lance Cottrell, the founder of Anonymizer, will speak on Operational Anonymity & Misattribution: Why you need it, how they track you, how to do it, how it fails, and best practices.

Additional topics and panels include:
  • Projecting Geopolitically Relevant Cyber Hot-Spots by Ali-Reza Anghaie
  • Threat Intelligence for the Enterprise on a Shoestring Budget by Shane MacDougall
  • The State of National Cyber Intelligence by Troy Townsend and Jay McAllister
  • HUMINT Factor: How HUMINT Influences Attribution of Threat Actors and Whether or Not It’s Necessary
  • Can Data Analytics and Incident Response Scale Down? by Stephen Cobb
  • Is there a place on Special Operations teams for Cyber Warriors? (Panel moderator Jim Butterworth; Speakers – Thomas Dzieran, Rob DuBois, RADM Andy Singer (USN ret))
  • The importance of international collaboration in identifying and interdicting non-state hacker groups (Panel moderator Christopher Burgess; Speakers – John Caruthers, Kenneth Geers, Michael Jaeger)
  • Advanced Technologies for Detecting the Insider Threat by John Sipple
  • Vulnerability Disclosure and ‘Cyberwar’: The Cost of Offensive Cyber Weapons by Ryan Ellis
  • Kenneth Geers: Technical expert for the “Tallinn Manual on the International Law applicable to Cyber Warfare” will speak and take questions on this very important document.
This two day conference (Saturday, June 15 and Sunday, June 16) will be held at the San Diego Marriott La Jolla hotel and consist of a combination of plenary and break-out sessions. A continental breakfast and lunch will be served on both days. Attendance will be limited to no more than 100 people to allow attendees to interact more closely with our speakers during the event.

The following Early Bird rates apply through May 10, 2013.
  • Early Bird $395
  • Securing our eCity Foundation member or affiliate $345
  • Government/Military/Academia rate $295
Register via PayPal or by telephone (1-855-777-8242)

After May 10, our discounted rates will revert to the standard $595.



Rates

Friday, April 26, 2013

Chimera: Know The Targets


In today's digital landscape, threats are expanding and your intellectual property and trade secrets are their targets. You may not know the threat actor, but you can know what they're targeting.

CHIMERA will launch in the summer of 2013.

Wednesday, April 24, 2013

Syrian Electronic Army: Background, Operations, Gov't Affiliations

The Syrian Electronic Army (originally called Syrian Electronic Soldiers) was created in May 2011 by the Syrian Computer Society who registered the domain Syria-es.com and .org with Network Solutions. 

The Syrian Computer Society was founded in 1989 by Bassel al-Assad, the son of then Syrian President Hafez al-Assad. Later, his brother Bashar took over the SCS presidency and Bashar later become the current President of Syria. The SCS is affiliated with the Ministry of Information and the Ministry of Higher Education. Its original goal was to "introduce information technology to all the economic sectors in Syria".

The following domains are all associated with the Syrian Electronic Army and all point to IP address 213.178.227.152, which is hosted at the Syrian Computer Society's ISP (SCS-net) located in Damascus, Syria:
  • mail.syrian-es.com
  • mail.syrian-es.net
  • mail.syrian-es.org
  • syrian-es.com
  • syrian-es.net
  • syrian-es.org
  • syrianelectronicarmy.com
  • www.syrian-es.com
  • www.syrian-es.org
The Syrian government also uses SCS-net hosting for its Ministry of Defense (mod.gov.sy) at IP address: 213.178.225.248. The website presently shows as under construction. This may be significant because there are at least nine ISPs operating in Syria which offer hosting options for the Syrian Electronic Army, yet they continue to use the same service which hosts the Ministry of Defense and other government websites.

The domain name syrianelectronicarmy.com was recently created (Feb 24, 2013) and remains active. They promote themselves via social media accounts on Twitter, Facebook, and YouTube:
  • https://twitter.com/SEA_Official7
  • https://www.facebook.com/SEA.205
  • http://www.youtube.com/user/syrianes1
Other than being the registration agent for the domain name Syrian-es.com, as well as providing hosting services for SEA websites, neither the Syrian Computer Society nor anyone in the Syrian government has claimed an official capacity for the Syrian Electronic Army however President Assad referred to them in a speech on June 20, 2011 when he mentioned the "electronic army" while praising Syria's actual Army:
The army consists of the brothers of every Syrian citizen, and the army always stands for honour and dignity. Young people have an important role to play at this stage, because they have proven themselves to be an active power. There is the electronic army which has been a real army in virtual reality.
According to the SEA website, their objective is to fight Arab and Western media who are "fabricating the truth about what is happening in Syria". Their operations have included attacks against social media outlets for:
  • Associated Press
  • 60 Minutes
  • 48 Hours
  • CBS Denver
  • ENERGY 103.7 San Diego
  • NPR
  • BBC
  • Al Jazeera
  • Agence France-Presse (AFP)
  • Reuters
  • Haaretz
They've also leaked documents from the following organizations:
  • Qatari Ministry of Foreign Affairs
  • Qatar Armed Forces
  • Qatar Amiri Diwan
  • League of Arab States
Syria, like Iran, Israel, Estonia, China, Russia, and other countries, is leveraging the talent, patriotism, and enthusiasm of its Internet-savvy youth to act as a force multiplier in its military and geopolitical operations at almost zero cost and very little risk.

Related Sources:


Friday, April 12, 2013

Closing the Loop: Part of an Assumption of Breach Security Paradigm

Tim O'Reilly gave a talk recently at Stanford University on the importance for startup companies to "close the loop" with their customers. Uber was used to demonstrate the concept. Both the Uber driver and the Uber customer know a lot about each other. They can track each other's location. The customer knows what the driver looks like as well as his license plate number. They can communicate with each other prior to the vehicle arriving. There's immediate feedback required on the customer's experience with the driver. There's almost no uncertainty in the entire service chain of an Uber hire. Uber has closed the loop with its customers.

As I listened to Tim speak, I immediately related it to the uncertain world of cyber security. Think of Uber as a U.S. corporation or government agency. Think of the Uber customer as the adversary state or non-state actor who's breaking in to steal valuable data. What cyber security tools "close the loop" between the two?

If you adopt an "Assumption of Breach" paradigm, then you've accepted that attackers may already be active in your network. Any tool which provides you with information on their movements in real-time "closes the loop". Then it just becomes a question of weighing cost against effectiveness and spending your dollars wisely on those tools.

Another way to close the loop with an adversary who's targeting your company or agency is to know what they want. This article in The Telegraph describes how MI-5 has issued a warning to British universities that their research on graphene and quantum computing is being stolen by Russia and China and, eventually, informing those countries' patent development work:
Researchers have already warned that work on graphene is moving abroad, with Britain funding extra research by our own academics but seeing their 54 patents outstripped by 2,204 from China.
Overall, cyber crime costs the UK £27billion per year, official figures suggest, with universities now identified as targets.
Researchers from Manchester, for instance, including academics Andre Geim and Konstantin Novoselov who won the 2010 Nobel Prize, have been warned that their servers could be targets. Graphene is a kind of two-dimensional carbon which is one of the thinnest, lightest, strongest and most conductive materials known to man. Identified only in 2004, it is harder than diamond, just a single molecule thick and conducts electricity.
Threats are posed both by hackers infiltrating UK university computers and from the theft of data from computers used by academics travelling abroad. 
My company, Taia Global, with financial support from our angel investors, is currently in development on a product which knows what the research priorities are in potential adversary states and can predict what will be stolen from our customers; thereby closing the loop between the victim and the thief and giving the victim time to take the necessary steps to protect those targeted documents. This is particularly useful when a company has millions of files, cannot protect all of them, and doesn't have a reliable way to classify those which are of value to an adversary or competitor.

Our product development cycle is currently in early Alpha. If you'd like to receive more information about this product as we get closer to beta, please contact us.

Cyber Security Vendors Who May Benefit From Increased Gov Spending in 2013-14

According to Bloomberg, the following companies may see a piece of Obama's request to increase cyber security spending for the next fiscal year beginning Oct 1, 2013.

"The overall cybersecurity spending proposal of more than $13 billion is about $1 billion more than current levels, according to Ari Isaacman Astles, a spokeswoman for the White House Office of Management and Budget. 
"Increased U.S. computer security spending may benefit SAIC Inc. (SAI) and Northrop Grumman Corp. (NOC) in the defense area and Dell Inc. (DELL) and Hewlett-Packard Co. (HPQ) in the federal civilian space, according to data compiled by Bloomberg Government.
"BAE Systems Plc (BAESY) is “actively pursuing a number of growth opportunities” in cyber spending, DeEtte Gray, president of the London-based company’s intelligence and security division, said in an e-mail. 
"At Bethesda, Maryland-based Lockheed Martin Corp. (LMT), the largest federal contractor, “our portfolio of products, services, and technologies are well aligned with the government’s priorities” that include cybersecurity, space exploration, health care and energy, Jennifer Allen, a spokeswoman, said in an e-mail. 
"A major potential contracting area in the budget is the coordination of fighting online attacks through the Comprehensive National Cybersecurity Initiative Five (CNCI-5), which “seeks to connect cybersecurity centers and other cybersecurity analytics electronically and in real time,” according to the White House. 
“You’re starting to see the increase in the budgets to back up where they’ve been trying to take those networks,” Wendy Martin, vice president of advanced cyber solutions for Harris Corp. (HRS) said in an e-mail. “We think it’s all in a positive direction.” 
"Booz Allen Hamilton Holding Corp. (BAH), SAIC and Northrop Grumman were the top three contractors in defense cybersecurity, according to data compiled by Bloomberg Government last year. Dell, Hewlett-Packard and Computer Sciences Corp. (CSC) were the top three cybersecurity providers to civilian agencies. 
"Ralph W. Shrader, chief executive officer of McLean, Virginia-based Booz Allen, said in a Dec. 5 earnings call that his company had been changing its focus to “today’s most pressing needs” including cybersecurity and health care. 
"Lockheed and General Dynamics Corp. (GD), based in Falls Church, Virginia, have expanded into both cybersecurity and health care. Lockheed conducts disability exams for the Department of Veterans Affairs and develops software for the Centers for Disease Control and Prevention. General Dynamics helps provide electronic medical records and information technology for federal health services.
"Rob Doolittle, a General Dynamics spokesman, declined to comment."

Tuesday, April 2, 2013

U.S. superiority in network-centric warfighting may be in jeopardy. Join the discussion.

Network-centric Warfare has become the de facto standard for many nations, not just the U.S. Unfortunately, thanks to the exponential growth of global networks and the accompanying security vulnerabilities which seem to be infinite in number, the balance of power is no longer what it used to be and the U.S. cannot be assured of superiority in cyberspace.

Therefore, I think it's time that we had an indepth discussion on exactly how the InfoSec community can play a part in improving U.S. capabilities in Network-centric warfighting and/or U.S. covert actions rather than leaving such discussions solely to the classified world or one dominated by the Defense Industrial Base companies. As a result, I've invited 24 distinguished authorities from the DOD and the infosec world to come to San Diego and spend two days engaging in a discussion that will include the following topics, among others:
  • "Operational Anonymity & Misattribution: Why you need it, how they track you, how to do it, how it fails, and best practices" - Lance Cottrell
  • "Developing Offensive Cyber Tools, Techniques, and Procedures for Defending Corporate and Government Networks" - George Kurtz, Greg Hoglund, Jim Butterworth
  • "Is there a place on Special Operations teams for Cyber or Information Warfare specialists?" - Thomas Dzieran, Rob DuBois, Jim Butterworth
  • "Vulnerability Disclosure and ‘Cyberwar’: The Cost of Offensive Cyber Weapons" - Ryan Ellis
  • Q&A with Kenneth Geers, Ph.D., Technical expert for the Tallinn Manual on the International Law applicable to Cyber Warfare
  • "The Georgian Government’s cyber operation against internal political opponents" - Paul Joyal
  • "The importance of international collaboration in identifying and interdicting non-state hacker groups" - Sanjay Virmani, Kenneth Geers, Michael Jaeger, Christopher Burgess
  • "Projecting Geopolitically Relevant Cyber Hot-Spots" - Ali-Reza Anghaie
  • "Threat Intelligence for the Enterprise on a Shoe-string Budget" - Shane MacDougall
  • "Can big data and small incident response teams scale down to small and medium-sized businesses?" Steven Cobb
  • "Advanced Technologies for Detecting the Insider Threat" - John Sipple
  • "The State of National Cyber Intelligence" - Troy Townsend and Jay McAllister
  • "All-Source Intelligence Shapes the Future of Security Operations Actions" - (to be announced)
I want to stress that while Suits and Spooks is a conference, it's not like any conference that you've attended before. We actually do have discussions because the speaker to attendee ratio is an unheard-of 1:4 or less. If you don't believe me, check out our testimonials page or ask anyone who's been to our past events.

Here's who you'll get to meet if you attend SNS La Jolla:
  • Ali-Reza Anghaie: contract Security Engineer and Senior Analyst with Wikistrat
  • David Burcham: President and CEO, VendorX
  • Christopher Burgess: Sr. Security Consultant with Fortune 50 experience; retired national intelligence executive CIA
  • Stephen Cobb: Security evangelist, ESET North America
  • Chris Coleman: Vice President, LookingGlass Cyber Solutions
  • Lance Cottrell: Founder / Chief Scientist of Anonymizer Inc., Chief Scientist of Ntrepid Corp.
  • Robert DuBois: retired U.S. Navy SEAL, an international authority on Smart Power and the author of "Powerful Peace: A Navy SEAL's lessons on peace from a lifetime at war"
  • Thomas Dzieran: retired U.S. Navy SEAL and software engineer
  • Kenneth Geers, Ph.D.: U.S. Naval Criminal Investigative Service (NCIS) Cyber Subject Matter Expert
  • Will Gragido: Senior Manager, RSA FirstWatch Threat Research
  • Greg Hogland: Independent expert in offensive cyber strategies and tactics; former Vice President at Mantech and founder/CEO of HB Gary.
  • Michael J. Jaeger (CAPT, USN): An active duty officer with the U.S. Navy Judge Advocate General's Corps
  • Paul Joyal: Managing Director, NSI; Public Safety and Homeland Security Sector
  • George Kurtz: Co-founder, President and CEO of Crowdstrike
  • Rafal Los: Principal, Strategic Security Services, HP ESS
  • Shane MacDougall: Co-founder Tactical Intelligence
  • Jay McAllister: Senior Analyst, Software Engineering Institute, Carnegie Mellon University; formerly with NCIS
  • Jeffrey McNeill, Ph.D.: Cyberspace Policy Analyst, STRATCOM
  • John Pirc: Director, Security Intelligence, HP Security Research
  • Billy Rios: Technical Director at Cylance, Inc.
  • Andy Singer (USN RADM ret): Defense Intelligence Senior Leader; Deputy Director for Information Dominance Advocacy (OPNAV N2/N6)
  • John Sipple: USN LT, AFRICOM J2 0166, IDC Region Wash DC
  • Troy Townsend: Senior Analyst, Software Engineering Institute, Carnegie Mellon University; formerly with DIA and CYBERCOM
  • Sanjay Virmani: Director, INTERPOL Digital Crime Centre; Supervisory Special Agent, FBI
Please help spread the word about this exciting and important event and join us in beautiful La Jolla on June 15-16. Register today.