Read Reverse Deception: Organized Cyber Threat Counter-Exploitation Online
Authors: Sean Bodmer
Tags: #General, #security, #Computers
Organized crime groups
Criminals
3.
Analysis of vulnerabilities
A
vulnerability
is a weakness that your adversaries can exploit if they are aware of it and have the means. If your company throws all of its important research and development records into the trash, that may not be a vulnerability if the adversary is not aware that all your intellectual property is sitting in an open dumpster, but do not be fooled that it probably is a very real vulnerability just waiting for exploitation. What about spear phishing vulnerabilities? The IT department is usually inundated on a daily basis with notifications of vulnerabilities from a number of sources, so what if your adversary has those same notifications? How safe is your IT infrastructure now?
4.
Assessment of risk
In the intelligence business, the assessments of risks are called
indications
or
warnings
. The world-renowned detective Sherlock Holmes called these things
clues
. Whatever you call them, the truth is that this activity or information, in conjunction with other observables, tips off the adversary that there is a potential vulnerability—possibly multiple vulnerabilities.
Consider “Domino’s theory.” It had been widely reported that late-night delivery of Domino’s pizza to key government buildings was an indicator, for example:
Delivery people at various Domino’s pizza outlets in and around Washington claim that they have learned to anticipate big news breaking at the White House or the Pentagon by the upsurge in takeout orders. Phones usually start ringing some 72 hours before an official announcement. “We know,” says one pizza runner. “Absolutely. Pentagon orders doubled up the night before the Panama attack; same thing happened before the Grenada invasion.” Last Wednesday, he adds, “we got a lot of orders, starting around midnight. We figured something was up.” This time the news arrived quickly: Iraq’s surprise invasion of Kuwait
.
—“And Bomb the Anchovies,”
Time
(August 1990)
5.
Application of OPSEC measures
Countermeasures are anything that will reduce the risk to an acceptable level.
Training family members or employees to avoid discussing personal or company information in public places
When on vacation, having a trusted friend take in your mail and newspapers, turn on lights, and so on
Changing schedules and travel routes
Using encryption, a virtual private network (VPN), Secure Sockets Layer (SSL), and more
While traveling overseas, blending in as much as possible (don’t be “that guy”)
Legal Aspects of Investigations, Including Executive Order 12333, the Attorney General Guidelines, and the Foreign Intelligence Surveillance Act
Executive Order (EO) 12333 outlines US intelligence oversight requirements and limitations for intelligence activities. The Foreign Intelligence Surveillance Act (FISA) explains procedures for physical and electronic surveillance of foreign powers and agents of those powers. These agents can include citizens, aliens (both legal and illegal), and anyone suspected of espionage or violating US law in the best interest of the foreign power.
The main focus here is to understand the authorities, as well as the limitations, for counterintelligence activities. Each country or corporation has its own rules to limit counterintelligence activities to not invade the rights of private citizens to varying degrees. In some countries, the state has absolute power, masquerading as freedom and liberty for all citizens. Prudence is therefore warranted as the counterintelligence professional conducts operations. Specific attention must be paid to the cyber realm, where activities can go from one country to another in an Internet pursuit of information.
Joint and Interagency Operations
Here is where we use all those cool buzzwords that imply joint efforts are going well. Anytime there is an operation starting up or already in progress, ensure you synchronize, deconflict, coordinate, orchestrate, harmonize, and so on. You get the idea: use those liaison and communication skills you developed in the previous section to be the envy of everyone in your organization.
Listening, Communication, and Writing Skills
Seek first to understand, then to be understood
.
—Stephen Covey,
7 Habits of Highly Effective People
One must cede the floor to a true communications hero to succinctly communicate a message on communication.
Communication is the most important skill in life. You spend years learning how to read and write, and years learning how to speak. But what about listening? What training have you had that enables you to listen so you really, deeply understand another human being? Probably none, right?
If you’re like most people, you probably seek first to be understood; you want to get your point across. And in doing so, you may ignore the other person completely, pretend that you’re listening, selectively hear only certain parts of the conversation or attentively focus on only the words being said, but miss the meaning entirely. So why does this happen? Because most people listen with the intent to reply, not to understand
.
—Stephen Covey,
7 Habits of Highly Effective People
, Habit 5
Do not rush to reply or be heard. We all intuitively want to share our opinion and be heard. There is time for that. Understand first, and all things will come to you in time. As you peel back and analyze each component of data, you will see that there is a larger story to be put together.
Knowledge of CI Terminology
There is much to be said for someone who can talk the talk and walk the walk. When individuals are not knowledgeable of the very basic lingo of their profession, no real professional in that function will take them seriously. It is all about being professional and having presence with professional credibility.
Reporting Procedures and Methods
Every government and organization around the world has its own version of red tape and procedure. Knowing what to do and how to do it will make it easy going when your turn comes to present evidence or information in your investigation, and it turns out that your evidence or information is admissible because you did everything right. Understanding the agreements between organizations is imperative when conducting a joint operation, as your organization might have one requirement that is not strict enough for the other organization.