Reverse Deception: Organized Cyber Threat Counter-Exploitation (127 page)

Read Reverse Deception: Organized Cyber Threat Counter-Exploitation Online

Authors: Sean Bodmer

Tags: #General, #security, #Computers

BOOK: Reverse Deception: Organized Cyber Threat Counter-Exploitation
9.63Mb size Format: txt, pdf, ePub

RAT (Remote Administration Tool or Remote Access Trojan)
A tool used for legitimate and nefarious purposes to access a client or private computer by someone who is not the local user.

RBN (Russian Business Network)
The underground and illegal operations of Russian enterprise.

ROI (Return on Investment)
A calculated step that evaluates the resources applied to an activity/process/problem set to see if the utilization of the aforementioned resources is worth the investment.

RSYNC (Remote Synchronization)
The ability to synchronize folders on a computer and another component.

SALUTE (Size, Activity, Location, Unit, Time, Equipment)
An acronym used for succinct reporting by US military forces to summarize foreign force activity.

SCADA (Supervisory Control and Data Acquisition System)
A computer system used to manage and control industrial processes and activities across an infrastructure-based system’s (power, water, gas, oil, etc) operations.

SLA (Service-Level Agreement)
A standard document used to define the level or depth of services from one organization to another, generally regarding the level of service a vendor will provide a customer.

SSCT (State-Sponsored Cyber Threat)
A cyber actor or entity that is resourced by a formal government.

SSH (Secure Shell)
A network protocol for secure communications through tunneling.

SSID (Service Set Identification)
A unique identifier of 32 characters attached to the header of packets sent over a wireless local area network (WLAN), used as an authenticating agent or password for all traffic operating within that IEEE 802.11 WLAN.

SSL (Secure Sockets Layer)
Cryptographic protocols providing security, which encrypt above the transport layer by using asymmetric, symmetric, and message authentication codes.

SSR (System Security Readiness)
The approach to security wherein the system’s settings are ready for security inspections or testing of its security settings.

TLD (Top-Level Domain)
A domain that sits at the highest level in the hierarchy of the Domain Name System (DNS), such as .com, .net, and .edu.

TTP (Tools, Tactics, and Procedures)
The ways, resources, and means of categorizing a number of operations, their methods, and their preferred tool set and methods.

URI (Universal Resource Identifier)
A unique string that defines the location of files and other resources stored on web servers across the Internet that are both publicly and securely visible to those with the appropriate credentials (generally synonymous with URL).

URL (Universal Resource Locator)
A unique address that correlates to a web page on the Internet.

US-CERT (US Computer Emergency Readiness Team)
The US government organization subordinate to the Department of Homeland Security and charged with improving the US cyber posture and informing US cyber users of impending threats and existing vulnerabilities.

USCYBERCOM (US Cyber Command)
A US subunified command responsible for defending US critical infrastructure and military systems of interest, which is subordinate to the US Strategic Command (USSTRATCOM).

UTC (Universal Time Clock)
Greenwich Mean Time (GMT), commonly identified as Zulu time in military operations.

VM (Virtual Machine)
A computer system that operates within another operating system, independent of its host.

VMM (Virtual Machine Manager)
Software that provides for centralized control of IT infrastructure.

VPN (Virtual Private Network)
A secure network that operates over the Internet or through other shared and unsecure areas.

Index

9/11 attack
100 Acre Wood Boot Camp
2009 FBI Uniform Crime Report

A

abuse.ch
data repository
academic research abuse
access control lists (ACLs)
ACLs (access control lists)
acquisition security
actionable intelligence
actions
ACTs (advanced cyber threats)
Adobe
advanced cyber threats (ACTs)
advanced persistent threats.
See
APTs
adversaries.
See
attack characterization
adversary environment
advertising campaigns
Ahmadinejad, Mahmoud
Allee, Verna
AmaDa tracker
ambiguity-decreasing deceptions
analysis detection systems
annotated codes
anonymity
“Anonymous” hactivist group
Anti-Malware tool
antivirus.
See
AV
Anubis data repository
application vulnerability scenario
APTs (advanced persistent threats).
See also
threats
        conclusion
        considerations
        criteria
        defined
        defined by Wikipedia
        examples of
        history of
        Internet value chain and
        investing in
        sizing up
        value networks and
        value of
        vs. persistent threats
ARPANET
Assange, Julian
asset development/handling
asset validation
AT&T wiretaps
attack attribution.
See also
profiling
        civilian cyber warrior
        conclusion
        example study
        levels of information in objects
        overview
        profiling vectors
        references
attack characterization
        conclusion
        events
        forensic adversary characterization
        motive/intent
        overview
        postincident characterization
        real-world tactics
        starting point for
        theoretical
        threats
attackers.
See also
hackers; victims
        antisocial behavior
        blocking vs. monitoring
        characterizing.
See
attack characterization
        commuters
        educational level
        marauders
        motivation.
See
motivation
        organized vs. disorganized
        personality traits/behaviors
        profiling.
See
profiling
        skill level
        social networks.
See
social networks
        social psychology
        state-sponsored
        symbols
        time considerations
        understanding
attacks.
See also
engagements; threats
        attribution.
See
attack attribution
        balance of power and
        blocking vs. monitoring
        characterization.
See
attack characterization
        cost vs. profit
        into criminal infrastructures
        detection of.
See
detection
        e-mail-based
        hacking back
        infiltration response planning
        isolating
        measuring resources
        metrics applied to
        numbers involved in
        opportunistic
        opportunistic turned targeted
        origination points
        overkill
        planned vs. premeditated
        postmortems
        risk tolerance
        skill level
        skills/methods
        targeted
        timeliness aspect of
        when to act/not act
Attorney General Guidelines
autopsy, psychological
Autopsy Browser
AV (antivirus)
        described
        fake antivirus (FAV)
        rogue AV-based products

Other books

The Dead Caller from Chicago by Jack Fredrickson
Runaway Miss by Mary Nichols
Before They Rode Horses by Bonnie Bryant
The Suicide Club by Rhys Thomas
Doctor Criminale by Malcolm Bradbury
The Last Camel Died at Noon by Elizabeth Peters
Rebecca Rocks by Anna Carey
Alice in Verse: The Lost Rhymes of Wonderland by J. T. Holden, Andrew Johnson