Mighty Fine Buckeyes, Folks. Mighty Fine.

Buckeye'd

May 08, 2019 by Marc Handelman in Espionage, Information Operations, Information Security, Information Technology, Government, Intelligence

Astounding flaws, reported by both Symantec and Ars Technica... What happended to OpSec? As importantly: The true ramifications for our country are yet unknown... Unless of course, this and other 'leaks' of the same or similar ilk - are, in fact - structured information operations of the highest caliber. Crafted to ensnare the miscreant espionage bounders wandering amongst us... You be the judge.

Key Findings

The Buckeye attack group was using Equation Group tools to gain persistent access to target organizations at least a year prior to the Shadow Brokers leak.

Variants of Equation Group tools used by Buckeye appear to be different from those released by Shadow Brokers, potentially indicating that they didn't originate from that leak.

Buckeye's use of Equation Group tools also involved the exploit of a previously unknown Windows zero-day vulnerability. This zero day was reported by Symantec to Microsoft in September 2018 and patched in March 2019.

While Buckeye appeared to cease operations in mid-2017, the Equation Group tools it used continued to be used in attacks until late 2018. It is unknown who continued to use the tools. They may have been passed to another group or Buckeye may have continued operating longer than supposed. - via Symantec Corporation's Threat Intelligence Blog

GrrCon Augusta 2018, Tomasz Bania's 'Intelligence Creating Intelligence: Leveraging What You Know To Improve Finding What You Don't ' →

September 27, 2018 by Marc Handelman in Conferences, Education, GrrCon Augusta, Information Security, Intelligence

Videography Credit: Irongeek (Adrian Crenshaw).

GRU'd →

March 25, 2018 by Marc Handelman in Espionage, Russia, Intelligence, Information Warfare, Information Security, Agitprop

via The Daily Beast's Spencer Ackerman and Kevin Poulsen, comes the tale of Guccifer 2.0, an officer of the GRU, Russia’s Main Intelligence Directorate (also known as, the Russian Military Intelligence Directorate); and, of course, there's this and this.. H/T

AWS GuardDuty: Human Security Employment Will Become Moot →

November 30, 2017 by Marc Handelman in Information Security Jobs, Cybersecurity Jobs, SecDevOpps Jobs, Intelligence, Intelligence Sharing, Information Security, Cybersecurity, Analytics, Security Economics, Security Architecture, Security, Security Automation

The apparent beginning of the end for certain information and cyber security employment categories: Behold the newly minted Amazon.com, Inc. (NASDAQ: AMZN) AWS GuardDuty... H/T via the inimitable Trey Blalock of Firewall Consultants and Verification Labs.

BSides Nashville 2017, Chris Sanders ' 'Abstract Tools for Effective Threat Hunting' →

May 08, 2017 by Marc Handelman in Threat Intelligence, Intelligence, Information Security

SANS CTI 2017, Dave Herrald's and Ryan Kovar's 'The Threat Intel Victory Garden: Threat Intelligence Using Open Source Tools' →

April 10, 2017 by Marc Handelman in All is Information, Conferences, Education, Data Science, Data That Is Big, Intelligence, Threat Intelligence

SANS CTI 2017, Elias Fox's 'Integrating Cyber Threat Intelligence using Classic Intel Technique' →

April 07, 2017 by Marc Handelman in All is Information, Conferences, Education, Intelligence, Threat Intelligence

SANS CTI 2017, Jeremy Johnson's 'Using Intelligence to Heighten your Defense' →

April 06, 2017 by Marc Handelman in All is Information, Conferences, Education, Intelligence, Threat Intelligence

CTI Summit 2017, Threat Intelligence At Microsoft - A Look Inside →

March 14, 2017 by Marc Handelman in All is Information, Conferences, Information Sciences, Intelligence, Threat Intelligence

Machine-Based Investigation: Fully →

March 14, 2017 by Marc Handelman in All is Information, Analytics, Computation, Data That Is Big, Exploration, Fingerprinting, Information Sciences, Intelligence, Robots, Machine Learning

via Motherboard writer Michael Byrne, comes this well-wrought piece on the apparent proliferation of 'bots on Twitter, ie., the implications of algorithm-driven entities on the Twitterverse. The fascinating component to this study by Onur Varol, Emilio Ferrara, Clayton A. Davis, Filippo Menczer and Alessandro Flammini, was the utilization of a machine-learning apparatus (and the feature-sets therein) to tease out the truth. Additional documentation (in the form of the paper) is available on arXIv. Today's MustRead.

"Part of what makes the new research interesting is the sheer number of features used in the classification model..." - Motherboard's Michael Byrne

CTI SUMMIT 2017, Robert M. Lee's - Knowing When to Consume Intelligence and When to Generate It →

March 13, 2017 by Marc Handelman in All is Information, Information Security, Threat Intelligence, Intelligence, Conferences, Education

H/T

Wisdom, Ignorance of the Crowds

February 22, 2017 by Marc Handelman in IARPA, Intelligence, All is Information, National Security, Must Read

IARPA's doing it, the Neuromongers did it, why not You? Well crafted report on the methodology behind applying the power behind the ignorance and widom of the crowd... Known as the Crowdsourcing Evidence, Argumentation, Thinking and Evaluation (CREATE), IARPA's new program ostensibly may enhance intelligence anlayst's capability levels by leveraging the behavior of crowdsourced resources. Today's Must Read.

Retailers Begin Physical Customer Tracking →

January 18, 2017 by Marc Handelman in All is Information, Tracking, Dubious Methodology, Questionable Tracking, User Tracking, Surveillance, Must Read, Demise of Privacy, Information Security, Information Sharing, Intelligence Sharing, Intelligence, IoT, IoT Security

Tracking, that is, with the assistance of Intel Corporation (NASDAQ: INTC), that benevolent arbiter of all things computational... El Reg has conveniently provided a FAQ (direct from the chip fabricator) in their superlatively reported post. Today's Must Read.

iOS Tracking, The Control Gambit →

July 25, 2016 by Marc Handelman in All is Information, Information Security, Intelligence, Vulnerabilities, User Tracking

via Kate Kochetkova writing on the Kaspersky blog, comes advice on mitigating iOS tracking. Well played Ms. Kochetkova, Well Played.

"Unauthorized Code" In Juniper Firewalls, The Decryption Litany →

December 18, 2015 by Marc Handelman in All is Information, Intelligence, Espionage, Malware

via the inimitable Dan Goodin and writing at Ars Technica, wherein the good Mr. Goodin, in a display of remarkable restraint, tells the tale of the discovery of code (in this case not 'authorized') making itself at home in Juniper network componentry. In this case, firewall network componentry. Ooops

Council on Foreign Relations, The State of US Cybersecurity →

November 09, 2015 by Marc Handelman in All is Information, Intelligence, Infrastructure, Infosec Policy, Information Security