Reverse Deception: Organized Cyber Threat Counter-Exploitation (25 page)

Read Reverse Deception: Organized Cyber Threat Counter-Exploitation Online

Authors: Sean Bodmer

Tags: #General, #security, #Computers

BOOK: Reverse Deception: Organized Cyber Threat Counter-Exploitation
5.45Mb size Format: txt, pdf, ePub

When the adversaries work for something, they tend to have a higher confidence level in the information and believe it more. Overt activities are frowned upon by deception planners, and effort is given to ensure the adversary does not become suspicious.

Life is the art of being well deceived; and in order that the deception may succeed it must be habitual and uninterrupted
.
—William Hazlitt

 

Understanding the Information Picture

Situational awareness and perspective are key to success.

Well, first I was gonna pop this guy hanging from the street light, and I realized, y’know, he’s just working out. I mean, how would I feel if somebody come runnin’ in the gym and bust me in my ass while I’m on the treadmill? Then I saw this snarling beast guy, and I noticed he had a tissue in his hand, and I’m realizing, y’know, he’s not snarling, he’s sneezing. Y’know, ain’t no real threat there. Then I saw little Tiffany. I’m thinking, y’know, eight-year-old white girl, middle of the ghetto, bunch of monsters, this time of night with quantum physics books? She’s about to start some shit, Zed. She’s about eight years old, those books are way too advanced for her. If you ask me, I’d say she’s up to something. And to be honest, I’d appreciate it if you eased up off my back about it. Or do I owe her an apology?
—Will Smith as Agent J in
Men in Black

 

So, here’s the million-dollar question: Is the glass half empty or half full?

 

 

This is a valid question and requires serious contemplation. The following sections provide several versions of the answer; of course, your results may vary.

Half-Empty Version

Some people will say the glass is half empty. This is usually considered a pessimistic perspective. Is it not obvious that it had been a full glass and now half is gone, therefore leaving a shell of a full glass? It is a glass with only half of its original liquid representation. Is the amount of liquid sufficient for that container?

Half-Full Version

The optimists of society will say the glass is half full. There is always a bright side to having something instead of nothing. Besides, we can always add a bit more, and voila, there is a full glass once again!

 

 

Well, that looks good on paper, but is that really the whole situation? Is that the complete physical state of the situation? Has everything been captured in the half-empty or half-full statements, which are not as dissimilar as they might appear on the surface? Did you ever think you missed something? After all,
everyone
says it is half empty or half full.

A Question of Bias

We’ve been going about this all wrong. This Mr. Stay Puft okay! He’s a sailor, he’s in New York; we get this guy laid, we won’t have any trouble!
—Bill Murray as Dr. Peter Venkman in
Ghostbusters

 

Now is the time to cast off all traditional thinking on how to solve a problem. Everything is not black and white in real life, but in the world of cyber, which is ones and zeros, there are fewer shades of gray—either your system or enterprise is compromised or it is not.

Deceit is a powerful tool, but consideration must be given to employment. For example, if you want to get all the people to buy cars from your dealership, you need to understand the target first. As with advertising, you need to study potential clients and their habits. Do not fall victim to the thought that because you like it, they will like it, too. Do not offer only subcompact economy cars to families in the heartland of America in the middle of hundreds of acres of farmland. That won’t work. Try something conducive to farm life. Likewise, don’t open a mountain skiing store in Miami, or you will find that business is not promising.

The most important part of any deception planning is discovering what the focus is after. Understanding this makes it much easier to engage the focus successfully while using deception.

Consider this question: Is it possible that the half-empty glass is full only to a point because it has a small hole, which means it cannot retain any more fluid? Subsequent attempts at filling the glass any further would be fruitless, not to mention wasteful and lead to leakage.

We see biases exploited every day in life. You need only to turn on a professional sporting event to see those exploitations in action. Coaches play off the biases and assumptions of other coaches to gain a strategic advantage. Pitchers and batters engage in a battle of wits to see who can win. With every pitch, the pitcher attempts to deceive the batter. Back to another bias, we consider that the pitcher tries to outpitch the batter, not deceive him.

Organizationally speaking, because of the size and scope of government cyber defense organizations throughout the world, they are susceptible to deceit based on individual (and organizational level) biases.

Military planners, because of their responsibilities and training, also tend to concentrate primarily on purely military factors that influence combat. Officers thus often see the world through lenses that filter out important political considerations that can (and should) influence strategic decisions and military outcomes in war
.
—Scott D. Sagan, in “The Origins of Military Doctrine and Command and Control Systems,”
Planning the Unthinkable

 

Totally Full Version

Have you considered the argument that the glass is totally full and can never be anything except totally full?

 

 

A small challenge to our personal biases and thought processes will lead us to consider the fact that when we say the glass is half empty or half full, we really are analyzing only the portion of the glass that contains the liquid. We are taught not to consider the portion of the glass that contains the air from the atmosphere.

When thinking about your enterprise and the systems, data, and critical resources within, do you ever consider your enterprise as being the proverbial half full or half empty? By nature, leadership desires the glass to be full (or your enterprise is perfectly secure and running smoothly), and the professionals in the trenches know of all the gaps and weak points in the enterprise, which make their security posture “half full.”

Step-Beyond Version

Is it possible that a glass could be more full or less full with the same volume limitation? Consider Charles’s law of gases, which explains how gases expand when heated (the same is true for liquids):

100 − V
0
= kV
0

 

where:

V
100
equals the volume occupied by a gas at 100°C.
V
0
is the volume of the same gas at 0°C.
k is the constant for all gases at a constant pressure.

 

As the temperature in a given specified volume increases, the molecules become more active, which require more space.

Other books

Hired Gun #4 by A.J. Bennett, Julia Crane
Safe With Me by Amy Hatvany
Captive Heart by Scarlet Brady
Fallen Sparrow by Dorothy B. Hughes
Enraptured by Mel Teshco
Saint Errant by Leslie Charteris
D is for Drunk by Rebecca Cantrell