Thoughts, Musings, and Other Items from the Worlds of Infosec, ICS, and Beyond

The Question of the Benign Indicator

I recently had a discussion as to whether PSExec, the legitimate Microsoft Sysinternals tool often abused by malicious actors for remote code execution, should be included on a list of indicators related to a recent intrusion event. While my overall opinion of indicators of compromise (IOCs) as they are used (as opposed to their underlying idea) is that they are useful, but far less so than most think, the question is significant as nearly all Read more…

By Joe, ago

If There’s a Cyber Attack and No One Notices, Did it Even Happen?

Reuters reported on an interesting event from September 2019 today (16 October 2019): “The United States carried out a secret cyber operation against Iran in the wake of the Sept. 14 attacks on Saudi Arabia’s oil facilities, which Washington and Riyadh blame on Tehran, two U.S. officials have told Reuters. The officials, who spoke on condition of anonymity, said the operation took place in late September and took aim at Tehran’s ability to spread “propaganda.”” Read more…

By Joe, ago

Cyber Leviathan

Writing during the tumultuous years of the English Civil War, Thomas Hobbes sought to identify the means through which humanity proceeds through an anarchical, violent natural state (the “nasty, brutish, and short” state of Man) to attain ordered, governed society. In formulating an idea of how such a society (or in Hobbes’ terms, a “commonwealth”) emerges, he emphasizes two primary means of development: commonwealth by institution, where individuals contract to the sovereign maximal authority for Read more…

By Joe, ago

The Spectre of Cryptocurrency

Cryptocurrency (Bitcoin, Etherium, etc.) is quite possibly the most damaging, least useful, most reprehensible technological development of the past 20 years – which is definitely saying something given the rise of “social media”. While cryptocurrency advocates continually espouse benefits such as transactional anonymity, increased access to financial services, and financial security, the reality is that the combination of (relatively) low penetration and high friction translating cryptocurrency into actual useful currency means any such benefits are Read more…

By Joe, ago

The Curious Case of Edward Snowden

At present, I will assume anyone reading this possesses at least a basic familiarity with who Edward Snowden is and the general conception of his actions. The former CIA employee (removed from overseas duty for suspicious behavior in 2009) and former Dell and Booz Allen Hamilton contractor for the NSA in Hawaii is infamous for leaking over 200,000 classified documents (and purloining potentially as many as 1.7 million) before first fleeing to Hong Kong then Read more…

By Joe, ago

Perception, Visibility, and Analysis

A common theme in metaphysics (and to some extent epistemology as well) since antiquity is understanding the relationships (or differences) between “things” and how we perceive or observe them. Examples extend from Plato’s Allegory of the Cave and forms through Kant’s Transcendental Idealism to modern scientific variations such as Heisenberg’s uncertainty principle. While each possesses distinct differences and are certainly (in many ways) incompatible with each other, the central, fundamental theme remains the same: that Read more…

By Joe, ago

Kicked While Down: Critical Infrastructure Amplification and Messaging Attacks

I am writing this only a few days removed from Black Hat 2019 and Def Con 27, where both events featured a number of presentations on critical infrastructure or industrial control system (ICS) threats – but with a continuing lack of scope (or imagination) for the threat landscape. While identifying new vulnerabilities or work-arounds in technology are certainly interesting, they are practically somewhat minor when considered the events required to take advantage of them (e.g., Read more…

By Joe, ago

Cyber and Information Operations

Something interesting came up in an extended (and wandering) Twitter thread discussing the relevance of certain legacy information security frameworks (like the CIA triad) to modern concerns like disinformation campaigns. The aspects of this discussion that most interested me were the following two items: “Which part of the CIA triad covers disinformation? Having a semantic argument using a model so outdated that it doesn’t even allow for information warfare is so 2000 and late.” “Integrity Read more…

By Joe, ago

Active Defense and Adversary Blowback

I previously recorded some thoughts on the new US government strategy in cyber defense known as “defend forward”. Recently, I had the pleasure and opportunity to take part in a Naval War College exercise implicitly testing this strategy’s implementation and execution in the context of civilian critical infrastructure cyber operations. My past statements expressed concern on this strategy given the risks it imposes in terms of escalation and loss of control over events – and Read more…

By Joe, ago

Deterrence, Attribution, and Legalism

The past several weeks have been an exciting time in the realm of cyber security – and especially the more narrow, less understood field of (potential) “cyber war”. Starting approximately two weeks ago (writing on 25 June 2019), there began a bombardment of news, with reports that: The XENOTIME activity group started probing US electric utilities in mid-2018 (disclosure: this is research which I am deeply involved in through my employer, Dragos) The US allegedly Read more…

By Joe, ago