Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]

---

S'abonner au fil RSS global de la revue de presse

---

Présentation : Executive Summary Cybercrime and Espionage, published in 2011, is a book that was ahead of its time. The authors were pushing the envelope in terms of how the security community should think about advanced threats. However, almost five years later, there is not enough in here to make the book Canon material. Gragido and Pirc present some stimulating ideas, but in the end, the security community has not adopted many of them. My recommendation is to read this book if you are interested in how our community has evolved in terms of thinking about adversary campaigns. However, if you are looking for a state-of-the-art book about cybercrime and cyber espionage, this is not it. Introduction Will Gragido and John Pirc published this book in February 2011 the year after the commercial industry experienced its wake-up call in terms of cyber espionage Operation Aurora. 1 Aurora refers to the adversary campaign launched at Google and other commercial organizations that was designed to steal intellectual property, collect information on human rights activists, and gather intelligence regarding on-going FBI wiretap operations. 2 What made Aurora notable was Google s reaction to it. They went public and accused the Chinese government of being responsible for the attacks. Before Aurora, most commercial organizations would not admit that they had been breached, even though nation states had been targeting commercial organizations for at least a decade. Business leaders worried that admitting a breach would significantly affect the bottom line. After Aurora and Google s public mea culpa, it became easier for other commercial entities to admit that they had been breached. Fast-forward to today, and public breach notifications are so common that it is difficult to keep up with them all. But this was the beginning. Before Aurora, the only significant cyberthreat to the commercial world at the time was crime. After, cyber espionage became something that we all had to worry about. This is the context for the book defining cybercrime and cyber espionage as motivations what makes them different and what makes them the same. Impressions The two authors, Will Gragido and John Pirc, are experienced cybersecurity professionals, and it is clear that they know what they are talking about but the book is a bit disorganized in terms of who the target audience is. The content is a mix of introductory and advanced material. However, I did not see that the book had a through line. The authors analysis of the cybercrime world is at the introductory level. If you want a more in-depth book on the same topic that was published around the same time, consider Kingpin, written by Kevin Poulsen. 3 If you are looking for something a little more recent, consider Spam Nation by Brian Krebs. 4 The espionage material is more advanced, but if you want to go deeper, consider Kim Zetter s Countdown to Zero Day 5 or Richard Bejtlich s The Practice of Network Security Monitoring. 6 I do give the Gragido and Pirc credit though for covering some advanced ideas ahead of their time that have not really become popular until just recently. One idea that I really like is that commercial organizations should build their own intelligence teams to track adversary campaigns. They published the book almost five years ago, and this was not universally accepted at the time. It is not universally accepted today either, but more and more organizations are starting to understand the value of such teams. As an aside, this is one of the reasons I got hired at Palo Alto Networks to build an intelligence team that we eventually called Unit 42. Gragido and Pirc push their own intelligence model called MOSAIC Motive, Awareness, Open Source Intelligence Collection, Study, Asymmetrical Intelligence Correlation, Intelligence Review and Interrogation and Confluence. It is a good framework for an intelligence analyst unfortunately, the model has not really caught on. Most intelligence organizations the CIA, the FBI, and the NSA, as well as Unit 42 use a model called The Intelligence Cycle. 7 8 They are basically the same thing, but the MOSAIC model has more detail. The authors introduce a new phrase called Subversive Multivector Threats SMTs , a sort of superset to what the cybersecurity community used to call the Advanced Persistent Threat APT . They even explain the origin of the APT phrase, a phrase the military had been using for almost a decade in an UNCLASSIFIED setting to mean anything that involved Chinese government-sanctioned cyber espionage. Gragido and Pirc were ahead of their time, understanding that the community needed another name to label similar attacks that did not originate from China. Thus, they came up with SMTs, but the community has not embraced that term. We have evolved the APT phrase to include everything instead. Another advanced idea presented that I really liked was the concept that there are humans behind these attacks. Tools do not attack our systems. Humans often organized into groups attack our systems, and they use tools to accomplish some goal. These adversary groups can be rated in skill level from novice to expert and have motivations like cybercrime and cyber espionage and it helps defenders do a better job by understanding that context, according to the authors. I wholeheartedly agree. But today, I think we can expand that motivation list to include hacktivism, cyberterrorism and cyberwarfare, and I thought their definitions of hackers maturity levels were not definitive enough to be useful. Also, Gragido and Pirc introduce a two-tiered categorization scheme for adversary campaigns, where Tier 1 campaigns target air-gapped networks or networks that would be considered highly secured, such as those of power companies supervisory control and data acquisition or SCADA networks , governments, and defense organizations. 9 Tier 2 adversary campaign plans are all other APT campaigns. This two-tiered system seems ill-conceived today. The security community considers SCADA networks in general, and power companies in particular, as being at least 10 years behind the rest of the community 10 . And government networks have proven to be even less secure than most commercial organizations, except for maybe the intelligence community s networks and some select defense networks. 11 I do not see a need for this two-tiered system in today s threat environment. One last advanced idea that I really liked was that threat prevention is possible. There has been a trend in the industry these past five years where security leaders have thrown their hands in the air saying they cannot possibly stop the APT, and that it is better to concentrate their precious resources solely on detection and mitigation. This is just plain wrong, and Gragido and Pirc do well to point that out. If I can prevent 90 percent of all attack campaigns because most adversaries use known techniques, why not do it That lets me concentrate my resources on finding the unknown techniques. Detection and mitigation is important, but these activities should be balanced with a robust threat prevention program. Even in 2011, Gragido and Pirc asserted this philosophy. Conclusion Cybercrime and Espionage is a book that was ahead of its time. I give the authors credit for pushing the envelope as to how the security community s thinking around advanced threats should evolve. If you read it when it was published, it would have stimulated your thought process around your own security program. But almost five years later, there is not enough in here to make the book Canon material. Gragido and Pirc present some stimulating ideas, but in the end, the security community has not adopted many of them. My recommendation is to read this book if you are interested in how our community has evolved in terms of thinking about adversary campaigns. However, if you are looking for a state-of-the-art book about cybercrime and cyber espionage that will stand the test of time, this is not it. Sources 1 Google Hack Attack Was Ultra Sophisticated, New Details Show, by KIM ZETTER, Wired Magazine, 14 January 2010, Last Visited 5 July 2015,http www.wired.com 2010 01 operation-aurora 2 Google Aurora Hack Was Chinese Counterespionage Operation, by Mathew J. Schwartz, Information Week Dark reading, 21 May 2013, Last Visited 5 July 2015http www.darkreading.com attacks-and-breaches google-aurora-hack-was-chinese-counterespionage-operation d d-id 1110060 3 The Cybersecurity Canon Kingpin, by Rick Howard, Palo Alto Networks, 11 February 2014, Last Visited 9 July 2015,http researchcenter.paloaltonetworks.com 2014 02 cybersecurity-canon-kingpin 4 The Cybersecurity Canon Read Rick Howard s First-Look Review of SPAM Nation by Brian Krebs, by Rick Howard, Palo Alto Networks, 17 November 2014, Last Visited 9 July 2015,http researchcenter.paloaltonetworks.com 2014 11 cybersecurity-canon-rick-howard-reviews-brian-krebs-spam-nation 5 The Cybersecurity Canon Countdown to Zero Day Stuxnet and the Launch of the World s First Digital Weapon, by Rick Howard, Palo Alto Networks, 28 January 2015, Last Visited 9 July 2015http researchcenter.paloaltonetworks.com 2015 01 cybersecurity-canon-countdown-zero-day-stuxnet-launch-worlds-first-digital-weapon 6 The Cybersecurity Canon The Practice of Network Security Monitoring, by Rick Howard, Palo Alto Networks, 10 November 2014, Last Visited 9 July 2015,http researchcenter.paloaltonetworks.com 2014 11 cybersecurity-canon-practice-network-security-monitoring 7 The Intelligence Cycle, Central Intelligence Agency Kids Zone, Last Visited 9 July 2015,https www.cia.gov kids-page 6-12th-grade who-we-are-what-we-do the-intelligence-cycle.html 8 The Intelligence Cycle, Federation of American Scientists, Last Visited 9 July 2015http fas.org irp cia product facttell intcycle.htm 9 Cyber Crime and Espionage An Analysis of Subversive Multi-Vector Threats, by Will Gragido John Pirc, Syngres Publishing, 7 January 2011, Last Visited 10 July 2015https www.goodreads.com book show 10651366-cyber-crime-and-espionage ac 1 10 SCADA systems Riddled with vulnerabilities by Doug Drinkwater, SC Magazine, 26 August 2014, Last Visited 10 July 2015,http www.scmagazineuk.com scada-systems-riddled-with-vulnerabilities article 368094 11 4 Worst Government Data Breaches Of 2014, by Jai Vijayan, InformationWeek Government, 12 November 2014, Last Visited 10 July 2015http www.informationweek.com government cybersecurity 4-worst-government-data-breaches-of-2014 d d-id 1318061 References APT1 Three Months Later Significantly Impacted, Though Active Rebuilding, by Dan Mcwhorter 21 May 21 2013, Last Visited 9 July 2015https www.mandiant.com blog apt1-months-significantly-impacted-active-rebuilding EU Data Protection Directive Directive 95 46 EC , by TechTarget, Last Visited 10 July 2015,http searchsecurity.techtarget.co.uk definition EU-Data-Protection-Directive Internet Crime Complaint Center IC3 , The Federal Bureau of Investigation FBI and the National White Collar Crime Center NW3C , Last Visited 5 July 2015http www.ic3.gov media annualreports.aspx SAFE HARBOR PRIVACY PRINCIPLES, by export.gov, Last Visited 10 July 2015,http www.export.gov safeharbor eu eg_main_018475.asp

Les mots clés de la revue de presse pour cet article : cybercrime
Les videos sur SecuObs pour les mots clés : cybercrime





Les derniers articles du site "Security Bloggers Network" :

- In An Era Of Decline, News Sites Can t Afford Poor Web Performance
- BeautifulPeople.com experiences data breach 1m affected
- Swedish Air Space Infringed, Aircraft Not Required
- Why cybercriminals attack healthcare more than any other industry
- Setting the Benchmark in the Network Security Forensics Industry
- Spotify denies hack users subjected to weird music beg to differ
- The Dangerous Game of DNS
- Threat Recap Week of April 22nd
- Is your security appliance actually FIPS validated
- Deploying SAST Static Application Security Testing

---

S'abonner au fil RSS global de la revue de presse

---