Thoughts, Musings, and Other Items from the Worlds of Infosec, ICS, and Beyond

BGP, Midpoint Collection, and the Encryption Debate

Note: This post will refer and link to allegedly classified programs leaked by Edward Snowden, and potentially others, in the past several years. If accessing this article from certain networks, readers are strongly advised to preview links before following them due to the possibility that such an action may be considered a spillage of classified information. As always, Think When you Click.© I recently noted an aspect of Internet (in)security that has bothered me for Read more

By Joe, ago

What does ‘Attack’ Mean?

One issue that came from my recent CYBERWARCON talk was an item of focus (or for others, limitation) when approaching the idea of what a “critical infrastructure attack” actually means. While I faced some (really good, topical) questions on my definition of “critical infrastructure”, a more public debate ensued over the conception of a cyber “attack”. Within the context of this talk, I used the same definition of “attack” I’ve used in several recent presentations Read more

By Joe, ago

OPCW, WikiLeaks, and Russian Influence Operations

On 24 November 2019, WikiLeaks posted an email, purportedly from a whistleblower on the Organisation for the Prohibition of Chemical Weapons (OPCW) team assigned to investigate the chemical weapons attack on the Syrian city of Douma. I will let readers find the original WikiLeaks post, but the story was promptly taken up by Icelandic news site Stundin, Italian newspaper la Repubblica, (allegedly) German magazine Der Spiegel (unable to actually find the published story), and UK Read more

By Joe, ago

Who ‘Owns’ an Incident?

Note: This blog post was significantly revised on 17 November 2019 after initial release on 12 November 2019. The primary alteration is within the second paragraph, noting that the initial event that inspired this blog post – an exchange between a security researcher/responder and a journalist – was much more nuanced than it originally seemed. To the extent that such items can be stated publicly, they have been addressed below. A foundational aspect of my Read more

By Joe, ago

Sensors and Sensibility

The most frustrating type of bad argument to refute are those which feature or rest upon a kernel of truth. In the worst, most-annoying scenario, one must deal with a counterparty that simply reasserts their position without hesitation resembling the chess-playing pigeon of Internet fame. More worrying still is that circumstance where the counterparty – for reasons of bias, conflict of interest, or incentive – responds in bad faith, identifying and amplifying those correct components Read more

By Joe, ago

The Conflicting Duties of IT Vendors in an Age of Cyber Conflict

On 02 November 2019, Brian Batholomew (at the time of this writing, at Kapsersky Lab) posted a very interesting Twitter poll. To summarize (or in case the poll is removed), the question can be simplified as the following: if someone bought leaked data from the Shadow Brokers, would you still do business with them? For any company either based, domiciled, or doing significant business in the United States (given the nature of the Shadow Brokers Read more

By Joe, ago

The Question of the Benign Indicator

I recently had a discussion as to whether PSExec, the legitimate Microsoft Sysinternals tool often abused by malicious actors for remote code execution, should be included on a list of indicators related to a recent intrusion event. While my overall opinion of indicators of compromise (IOCs) as they are used (as opposed to their underlying idea) is that they are useful, but far less so than most think, the question is significant as nearly all Read more

By Joe, ago

If There’s a Cyber Attack and No One Notices, Did it Even Happen?

Reuters reported on an interesting event from September 2019 today (16 October 2019): “The United States carried out a secret cyber operation against Iran in the wake of the Sept. 14 attacks on Saudi Arabia’s oil facilities, which Washington and Riyadh blame on Tehran, two U.S. officials have told Reuters. The officials, who spoke on condition of anonymity, said the operation took place in late September and took aim at Tehran’s ability to spread “propaganda.”” Read more

By Joe, ago

Cyber Leviathan

Writing during the tumultuous years of the English Civil War, Thomas Hobbes sought to identify the means through which humanity proceeds through an anarchical, violent natural state (the “nasty, brutish, and short” state of Man) to attain ordered, governed society. In formulating an idea of how such a society (or in Hobbes’ terms, a “commonwealth”) emerges, he emphasizes two primary means of development: commonwealth by institution, where individuals contract to the sovereign maximal authority for Read more

By Joe, ago

The Spectre of Cryptocurrency

Cryptocurrency (Bitcoin, Etherium, etc.) is quite possibly the most damaging, least useful, most reprehensible technological development of the past 20 years – which is definitely saying something given the rise of “social media”. While cryptocurrency advocates continually espouse benefits such as transactional anonymity, increased access to financial services, and financial security, the reality is that the combination of (relatively) low penetration and high friction translating cryptocurrency into actual useful currency means any such benefits are Read more

By Joe, ago