data loss Archives

data loss

APT-For-Hire: Symantec Outs Hidden Lynx Hacking Crew

September 17, 2013 Paul Roberts

This site and others have been writing about the “Advanced Persistent Threat” problem, which has generally been treated as a euphemism for the government and military of The People’s Republic of China or – in some cases – Russia, Iran, North Korea or other un-friendlies. Firms like Mandiant have taken pains to separate the concept of APT from run of the mill cyber criminal hacking groups whose motivation is profit, rather than the acquisition of information that can be used to advance geopolitical or economic goals. Cyber criminal groups may well use “advanced” in their attack methods and “persistent” in their efforts to compromise victim networks, but they weren’t “APT.” Now Symantec Corp. has put a fly into that ointment: publishing a report that pulls the covers off an APT group dubbed “Hidden Lynx” that it claims is responsible for some of the most sophisticated and large scale hacks of […]

Sharing Threat Intelligence To Sort Out Targeted Attacks

September 14, 2013 Paul Roberts

Headlines about “advanced persistent threats” and targeted attacks have organizations of all sizes concerned. Barely a week goes by without news of a new, stealthy campaign targeting executives, government leaders or platforms used by prominent organizations. But while APT-style and targeted attacks may have the attention of the boardroom, organizations still face a Herculean task determining when an attack they’ve detected is targeted, and when it is merely indiscriminate. To help answer that question, I “hung out” with two experts in detecting and analyzing malicious threats to enterprises. Anup Ghosh is the CEO and co-founder of Invincea, which makes malware detection tools that isolate threats on endpoints. Matt Hartley is the Senior Director, Intelligence Lab Services at iSIGHT Partners, a cyber threat intelligence firm. Both told me that, while targeted attacks are on the rise, awareness about them is also at an all time high. That can, sometimes, result in organizations […]

BitSight: A Equifax For Security Risk?

September 10, 2013 Paul Roberts

I’ve opined in these pages and elsewhere that one of the big problems in the IT security space is the absence of actionable data. After all, problems like denial of service attacks, network compromises and inadvertent data leaks are all just risks that organizations and individuals must grapple with in our increasingly wired world. True – they’re new kinds of risks, but otherwise they’re not fundamentally different from problems like auto accidents, property crime or illness – things that we do a good job accounting for. The difference, as I see it, is an absence of accepted and independent means of assessing the relative security posture of any organization. IT security is still so much dark magic: we rely on organizations to tell us about how secure they are. Organizations, in turn, rely on a complex and patchy network of security monitoring and detection tools, then try to read the […]

What Is The NSA’s Big Crypto Breakthrough?

August 30, 2013 Paul Roberts

The revelations about US government spying keep coming fast and furious, thanks to Edward Snowden, the former Booz Allen Hamilton contractor who absconded with reams of classified (and highly classified) documents from the National Security Agency. The latest details come courtesy of The Washington Post which on Thursday published documents detailing the so-called “Black Budget” – government spending on its intelligence services including the CIA and NSA – over the last nine years, including the $52 billion spent in 2013. The documents give the most detailed accounting to date on U.S. government spending on intelligence in the post September 11 world and contain quite a few surprises. Among them: proof that the CIA receives far more money than does the NSA. But it is Uncle Sam’s work on cryptanalysis that has attracted a lot of attention from computer security and privacy experts. First, the Black Budget reveals that the NSA […]

Is Jump In ToR Use Blowback From PRISM?

August 29, 2013 Paul Roberts

It’s ironic that government surveillance might push the public to embrace technology pioneered by the Department of Defense. But so it is: new metrics from The Tor Project show that use of the online anonymity service has exploded since early June: up more than 100 percent, from just over 500,000 global users to more than 1.2 million. Why the sudden surge in privacy conscious Internet users? It would be easy to connect the dots between revelations about the U.S. government’s omnibus data gathering program PRISM and the sudden desire of Internet users to sacrifice some speed and performance for the privilege of having their online doings passed through The Onion Router. Still, it’s not clear that this is the case. To be sure: growth is being seen across the board, not just in active users, but in the number of ToR clients running, the data suggests. There are steep increases […]