HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Ghost Dog » Journal
Page: 1

Ghost Dog

Profile Information

Gender: Do not display
Hometown: Canary Islands Archipelago
Home country: Spain
Member since: Wed Apr 19, 2006, 01:59 PM
Number of posts: 16,678

About Me

A Brit many years in Spain, Catalunya, Baleares, Canarias. Cooperative member. Geography. Ecology. Cartography. Software. Sound Recording. Music Production. Languages & Literature. History.

Journal Archives

Non-partisan ICT thinktank on hacking techniques

(& Neo-McCarthyism - "McCarthyism is the practice of making accusations of subversion or treason without proper regard for evidence." - https://en.m.wikipedia.org/wiki/McCarthyism )


Malicious actors can easily position their breach to be attributed to Russia.  It’s common knowledge among even script kiddies that all one needs to do is compromise a system geolocated in Russia (ideally in a government office) and use it as a beachhead for attack so that indicators of compromise lead back to Russia. For additional operational security, use publically available whitepapers and reports to determine the tool, techniques, and procedures of a well-known nation-state sponsored advanced persistent threat (APT), access Deep Web forums such as Alphabay to acquire a malware variant or exploit kit utilized in prolific attacks, and then employ the malware in new campaigns that will inevitably be attributed to foreign intelligence operations. Want to add another layer? Compromise a Chinese system, leap-frog onto a hacked Russian machine, and then run the attack from China to Russia to any country on the globe. Want to increase geopolitical tensions, distract the global news cycle, or cause a subtle, but exploitable shift in national positions? Hack a machine in North Korea and use it to hack the aforementioned machine in China, before compromising the Russian system and launching global attacks. This process is so common and simple that’s its virtually “Script Kiddie 101” among malicious cyber upstarts.

***

Incident Response techniques and processes are not comprehensive or holistic enough to definitively attribute an incident to a specific threat actor from the multitude of script kiddies, hacktivists, lone-wolf threat actors, cyber-criminals, cyber-jihadists, hail-mary threats, and nation-state sponsored advanced persistent threats (APTs), who all possess the means, motive, and opportunity, to attack minimally secured, high profile targets.

***

Attribution might be reliable if the target is well-protected, if the target operates in a niche field, or if the malware involved in the incident is unique because one or more of those characteristics can be deterministic of the sophistication and resources of the threat actor. Attribution is less exact in the case of the DNC breach because the mail servers compromised were not well-secured; the organization of a few hundred personnel did not practice proper cyber-hygiene; the DNC has a global reputation and is a valuable target to script kiddies, hacktivists, lone-wolf cyber-threat actors, cyber-criminals, cyber-jihadists, hail-mary threats, and nation-state sponsored advanced persistent threats (APTs); and because the malware discovered on DNC systems were well-known, publicly disclosed, and variants could be purchased on Deep Web markets and forums.

***

Both APT28 and APT29 are well-known sophisticated threat actors that have been extensively profiled by cybersecurity firms such as FireEye. As a result, their profiles, operational behavior, tools, and malware could all be easily emulated by even an unsophisticated adversary in a campaign against an insecure target such as the DNC, that did not prioritize cybersecurity, cyber-hygiene, or system cyber resiliency. For instance, the cyber-criminal group Patchwork Elephant, known for adopting malware from other campaigns, could easily have also conducted the DNC/ RNC attacks by emulating APT28 and APT29...

http://icitech.org/its-the-russians-or-is-it-cold-war-rhetoric-in-the-digital-age/


About icitech.org: http://icitech.org/mission-values/

Regarding the politicisation of the BBC:

Ex-editor of The Economist Bill Emmott, a well-known and vociferous elite-class lefty and pro-European journalist, was appointed to head the Ofcom content board, which will oversee the BBC’s editorial standards from next spring, and then summarily dismissed after publishing some lefty pro-European articles...


... The affair does seem to reveal startling ineptitude by Hodgson – who hired someone to run the content board because he was a journalist and then forced him out when she discovered he was, er, a journalist. Is she up to the task of invigilating the BBC, especially given her own past as a corporation executive? Or of standing up to the secretary of state? The DCMS select committee will now surely have to investigate further.

In a letter to MPs on the committee two weeks ago, Emmott also drew attention to the political balance of the main Ofcom board, soon to be responsible for the BBC. Since he has been evicted (by a Conservative minister), three of the six non-exec directors “have associations with the Conservative Party”.

One is Tory peer Baroness Noakes, who in the run-up to last year’s election was writing tweets such as “Be very afraid if @Ed_Miliband and #Labour get back into power” and “Must not let Labour back to destroy progress”. After protests, Ofcom conceded that some of the comments were “not appropriate” – but she remains an Ofcom director, and indeed its deputy chair.

“Board members are able to express their opinions publicly on a range of matters,” a spokesman explained at the time, adding that Ofcom “is independent of government… All its decisions are free from political influence”. Karen Bradley may agree, but does anyone else believe a word of it?

http://www.private-eye.co.uk/issue-1433/media-news
Go to Page: 1