Information Security & Occasional Forays Into Adjacent Realms
via @DFRLab - Digital Forensics Research Lab, writing at the Atlantic Council's Medium blog, reports the discovery of a Russian Federation (Rossiyskaya Federatsiya) information operation of 'immense proportions'...
News, via the astonishingly prolific security writer Dan Goodin, editing, and reporting at Ars Technica, tells the tale of oil and gas network attacks in the United States, by a group monikered Xenotime. Think we're protected? Think again. Read the Dragos security researcher's post for truly concerning national security relevance.
"The group, now dubbed Xenotime by Dragos, quickly gained international attention in 2017 when researchers from Dragos and the Mandiant division of security firm FireEye independently reported Xenotime had recently triggered a dangerous operational outage at a critical-infrastructure site in the Middle East." via Dan Goodin, Security Editor reporting at Ars Technica
##
"Ultimately, XENOTIME’s expansion to an additional ICS vertical is deeply concerning given this entity’s willingness to undermine fundamental process safety in ICS environments placing lives and environments at great risk. - via Dragos
via Paul Szoldra writing at Task And Purpose, comes a superlative piece on the United States Cyber Command's cible du jour: The Russian Power Grid. This news, arrives via outstanding reporting of two of the The New York Times' highly respected correspondents and authors, namely - David E. Sanger and Nicole Perlroth.
"In interviews over the past three months, the officials described the previously unreported deployment of American computer code inside Russia’s grid and other targets as a classified companion to more publicly discussed action directed at Moscow’s disinformation and hacking units around the 2018 midterm elections." - via correspondents David E. Sanger and Nicole Perlroth reporting for The New York Times'
With superb research efforts, and the equally fascinating tutorials available for researchers targeting the problematic of illegality in terrorist funding, Brenna Smith divulges what it takes to discover, and subsequently track ill-gotten gains and the funding thereof, through the utilization of BitCoin transactions. Certainly today's MustRead, via Bellingcat. To effectively analyze any bitcoin address, I rely on four main tools:
"A bitcoin blockexplorer — which gives you access to the bitcoin blockchain... BitcoinWhosWho — which is a tool that allows you to look up certain BTC addresses... WalletExplorer — though similar to a block explorer in reporting transaction history... Good ole’ Google search — simply googling BTC addresses can lead you to blog posts..." - via Brenna Smith, writing at Bellingcat
News, via Ars Technica's Dan Goodin, detailing another BGP SNAFU - with the end result being the re-route of legit traffic - and this time - it's Googles' (Nasdaq: GOOG) bits-in-question. Included in the particularly bad-news-for-the-interwebs, is the belief that this redirect was not malicious - this, of course, remains to be proven. Stay Tuned.
Yup. A new information operation - this time, from our Cyber Command, turning their attention to The Rus, and their own operatives. Via Julian E. Barnes, writing at the venerable New York Times, comes this piece, ostensibly discussing a sanctioned military-run information operation targeting the Russian apparatchiks running their own information operation against the world, as they have for years...
Terrific post at War On The Rocks, with an intriguing theory: The Best Strategy for Cyber-Conflict May Not Be A Cyber-Strategy, via Benjamin Runkle, . There's that pesky 'Cyber' thing again... At any rate, the discussion in this case, revolves around the leveraging of electronic, computational information warfare (perhaps also known as cyberwar) by the previous administration (President Obama). Elected (of course) - as today's Must Read, and watch out for 'them cybers'!
'We will respond in a time and place and manner of our choosing, and when we do so, we will consider a full range of tools, economic, diplomatic, criminal law enforcement, military, and some of those responses may be public, some of them may not be. One analyst derided the vice president’s pronouncements on the topic as “Biden threatening to threaten Russia.”' - via Benjamin Runkle at War On The Rocks
via The Daily Beast's Spencer Ackerman and Kevin Poulsen, comes the tale of Guccifer 2.0, an officer of the GRU, Russia’s Main Intelligence Directorate (also known as, the Russian Military Intelligence Directorate); and, of course, there's this and this.. H/T
From the video description: Breaking with the adversarial approach of Red vs Blue, look at how the current system and approaches may be broken in some organizations and provide recommendation not only for the mature organization with a large structure but also how small businesses can take a more purple strategy in the way they operate their teams including how they acquire pentest services. Presentation will cover an approach beyond the red and blue team and more of a organizational and strategic approach to change the paradigm of thinking and action to more symbiotic approach to security.
Carlos Perez is a Director at a Security Vendor working on reverse engineering, security research and integration projects. Carlos also works as a trainer providing training both to government and private organizations across the world in security technologies and also provides consulting in his spare time on infrastructure and security. His work and thoughts can be found on his webpage www.darkoperator.com. He has presented at several security conferences and is a co-host of the Security Weekly podcast.
Captain William R. Bray's (USN RET) outstanding thought piece (via the USNI's November 2017 Proceedings Magazine issue) detailing the necessity to NOT confuse dissent with disloyalty; this, wrapped up within the Information Warfare genre. Capt. Bray is also the author of the superlative essay Intelligence Is Not Warfare! (both documents are Must Read's).
"Captain Bray was a career naval intelligence officer who retired in September (2017 - ed.). His last operational tour was Director for Intelligence at Naval Forces Europe/Naval Forces Africa/Sixth Fleet." - via the United States Naval Institue
Michael Rogers ADM USN, Director of the National Security Agency and Commander of the United States Cyber Command sums up 'cyber' quite nicely, indeed:
"Cyber is an operational domain in which we do a variety of missions and functions, many of which are very traditional,” Adm. Rogers said. “We do reconnaissance, we do fires, we do maneuvers. The same things I was used to as a surface [warfare] officer … I’m constantly going back to that.”
"Don’t make this thing so specialized, so unique, so different that it just gets pushed to the side. That will sub-optimize our ability to execute cyber operations, and quite frankly it will minimize or at least negatively impact, in my view, the operational outcomes, which is the whole reason we’re doing this in the first place.”
Apparently, The Peoples Republic of China's wealthiest individual is attempting to crack the 'Hollywood Code' via acquisition... Read Judicial Watch's take.
'A one-time commander in China’s Communist Red Army has launched information warfare with an aggressive plan to invest billions in all six major Hollywood studios, a show business trade publication reports, describing the foreign deal as an unprecedented push into the U.S. entertainment sector. The former People’s Liberation Army (PLA) regimental commander, Wang Jianlin, is China’s richest man and he’s aggressively pursuing a big chunk of one of the world’s most influential industries.' - via Judicial Watch's post 'Information Warfare: Communist Takeover of U.S. Entertainment Industry'.