To accurately establish attribution, you need evidence and understanding: Evidence linking the presumed attacker to the attack An understanding of the attacker’s actions, supporting that evidence Evidence collected from other systems that matches the understanding of the attacker’s actions An understanding of the sequence of events during the attack, matching the evidence via Attribution is […]
U.S. not ready to launch offensive cyber attacks, charges Congressman Rogers
“The Russians can flip a switch and their Internet goes down; the Chinese can flip a switch and their Internet goes down. We can’t do that here, nor should we, but it leaves that 85 percent of private-sector Internet vulnerable,” he explained. “We are not prepared if the federal government wants to take an offensive […]
China’s strategy: infowar, poliwar, lawfare
Deceive spectrum activity at its finest. It doesn’t have to be all political, after all. So China makes dubious legal claims, convinces people that they are real by creating media illusion, and creating political discontent. This is not new, but apparently the west never gave it any great strategic thought… Bet we haven’t given any […]
Destroy: Assassination by hacking an automobile – Richard Clarke suggests its been done.
Ok, so where to begin? Look we all know that hacking is serious now. Control systems hacks are the in thing at the moment, and what is cooler than hacking a 2000 pound mountain of steel and plastic that can barrel down the road at 100 miles per hour? They did it in SnowCrash, and […]
Military Budget limits cyber weapons proliferation, except in legitimate BUSINESS SELF-DEFENSE
The Verge reports that the Defense spending bill signed by President Obama back in December, offers funds to help reduce the sale and spread of exploits. The article then uses the term legitimate self-defense, as a valid reason to allow these exploits to continue to be traded. Is this something specific to DIB companies? Is […]
A predictive model for cyber warfare
http://www.pnas.org/content/early/2014/01/08/1322638111.full.pdf+html So this has the potential to be an awesome entry. An analytical tool to figure out the optimal timing of deployment of a zero-day. In short, how to catch your enemy with their cyber pants down. Pretty cool idea. Need to do more than read the abstract to decide if its useful.
Claims that cyberspace is now cyberbattlefield
http://resources.infosecinstitute.com/classified-nsa-exploit-tools-radon-dewsweeper-work/ From the article: Security expert Bruce Schneier is one of the most authoritative experts who revealed that the NSA has a wide-ranging arsenal of zero-day exploits to use for cyber operations. The revelation isn’t surprising, the security community is aware of the great effort spent by governments on cyber operations. Many intelligence agencies have […]
Cyber mass shooter
http://p.washingtontimes.com/news/2013/oct/3/cyber-mass-shooter-poses-future-threat-computer-se/ What a great article. Of course General Hayden’s comments beg the question, how do you stop a criminal, if you can’t defend yourself? This really goes directly to the need to be able to respond to an immediate threat with a proportional use of force in self-defense. Of course, some will argue that it […]
Malware Attribution is a Waste of Time
According to Ellyne Phneah‘s piece at ZDNet, Rob Rachwald, senior director of research at FireEye observed that the security industry today is keen on attributing malware to a specific region or group in an effort to assign blame. [H]e pointed out attribution to malware was not key in combating cybercrime because it did little to […]
When guns are outlawed…
…then only outlaws will have guns. Or so goes the old saying. The Senate Armed Services Committee wants to get control of those pesky cyber weapons that are available for purchase by just about anyone by establishing an arms control regime along the lines of what’s done for missiles, tanks, and fighter jets. via The […]