Operation Aurora & Zeus – A wake up call?

How can Malicious Code Hide in Plain Sight in the year 2010?

I have been intentionally holding back on addressing the recent cyber breaches (Google China, etc.) in order to allow the situation to fully unfold. Also, I have been near the front lines on some of this with customers and partners, and therefore have been fairly busy.

The temptation for any blog author who has a product that can address some or all of the problems/symptoms is to write a self-serving blog to endorse THEIR products as the holy grail for these issues. I will resist that temptation here.

Rather, let me take the higher ground – again. We are in a world of hurt when, in this day and age where we clearly have the technologies to mitigate much of this risk, we are not applying and implementing the available technologies. One has to wonder why….

Here is the stark reality. Much like our mindset pre-September 11, 2001 – we are of the mistaken belief that we are in a symmetrical battle with a distinct perimeter/battle line, bad actor clearly identified, with some degree of residual respect for the sovereignty of nations. On September 11, 2001 we learned the hard way that it is NOT business as usual. The world has changed and there is no going back.

We now know that in the physical world, our adversaries are leveraging ASYMMETRICAL advantages. The perimeter is porous. The adversary is within and without. It is more than nation states that we must defend against. Fanatical individuals and small groups have shown that they are capable of exerting immense influence and damage. Thomas Freidman does a great job of illuminating these new threats in his book Longitude and Attitudes: Exploring the World after Sept 11.

Our continuing SYMMETRICAL mindset with regard cyber risk simply will not cut it. I believe we are repeating the mistakes of the physical threat environment with our cyber mindset, creating the same, or even greater, exposure to damage and loss that we faced on September 11, 2001.

Operation Aurora (thank you McAfee) and the emerging Zeus issue (thank you NetWitness) is a clear wakeup call. Are we going to press the snooze button and go back to sleep? Or are will we say, “whew, dodged that one” and go back to business as usual?

I sincerely hope not.

Here are some of the lessons we need to learn (again):

  • Cyber Security and Assurance methods cannot assume that there is a defined perimeter that we can effectively defend.
  • Bad Actors have the advantage in so many areas. They can be anywhere, are not clearly identifiable, and have the luxury of time.
  • The stakes have never been higher. This is about corporate intellectual property and national interests (including physical and economic security). This is a war in which Cyber Security is just one critical component.
  • We cannot assume our adversaries are dumb, or that we are so smart that we can stay ahead of them with our “old” tools and technologies.
  • The problem is more than just an “outside in” issue. Some believe that If we just create taller walls, or deeper moats we’ll be ok. Wrong.

Consider this when assessing this current situation:

  • We are learning that Operation Aurora and the Google China issue were just the tip of the iceberg.
  • At least 2,500 companies and government agencies have been compromised.
  • At least 75,000 computers were (many likely still are) armed with a control botnets.
  • Our adversaries have clearly penetrated our defenses and have been comfortably hanging out IN OUR CYBER HOUSES eating from our CYBER REFRIGERATORS for 18 months in some cases. And they are likely STILL in our house. And they made copies of our house keys so they know how to get BACK IN.
  • They have had the luxury of being able to spy on us from the inside out. To observe our documents AND our behavior.
  • There is NO WAY to determine what they took, looked at, or what they have learned while squatting in our cyber houses. We will NEVER know the full extent or breadth of our loss.

How did this happen? (the simple technical primer):

  • They exploited one or more software flaws to penetrate and gain control of the systems and domains (the penetration).
  • Once in, they could hang out largely undetected in order to look at things, take things, and to create control mechanisms and backdoors (with botnets and other mechanisms).

How did this happen? (the simple social primer):

  • We were naive and underestimated our adversaries.
  • We relied on old tools and had (have!) a symmetrical mindset.

Net-net: We had a false sense of cyber security.

What do we do now?

We must learn from this. We must be able to at least detect (if not stop) these zero day threats and develop/use more effective Advanced Persistent Threat (APT) detection methods. Without revealing protected projects, SignaCert is working in cooperation with other entities on APT methods utilizing our configuration image management and whitelist capabilities.

But here is the biggest issue in my opinion:

We must be able to *actively detect* when and what has been compromised in our systems more rapidly. The fact is that we largely “stumbled” into the discovery of Aurora and Zeus.

We MUST be able to continuously monitor whether the “good and deployed” software environment is STILL good. Precise modeling of the state of system components used to create the IT infrastructure is necessary so that ANY change can be detected. Think of this as a very sensitive “motion detector” that is watching everything from “power on to cursor move”. Only prescriptive and approved changes are allowed in this environment. Advanced methods to minimize false alarms (false positive and negative detections) are crucial.

Let’s face it: Precision and continuous IT device change detection is no longer a NICE TO HAVE in this challenging IT world. It is a MUST HAVE. Coupling software supply chain integrity to these advanced methods creates even stronger intrinsic and closed-loop trust attestation.

Methods to address these challenges are available now, and must be deployed if we are going to stand a chance of keeping up with the army of bad actors (trying to wreak havoc) as well as the good actors that make mistakes (that can inadvertently wreak havoc).

We must wake up NOW, and address this risk. While it’s late, it is not too late. In the future I hope we look back at these recent incidents as “near misses” and that we take real action before we collide head on with our complacency.

Wyatt.

Advertisements

5 Responses to Operation Aurora & Zeus – A wake up call?

  1. I had stopped by the site and took a look at your ranking for some of your terms and just wondered if you’d be at all interested in having your site improved in terms of where it’s ranked on the major engines, Google Yahoo etc. with the terms you’d like as well as some I’d like to suggest. I can get your site on page 1 and have done so for about 283 people to date. Yes, I’m a real person, Yes, I actually just came back from viewing your site. I already know you get a ton of offers day to day. This is obviously different, I have plenty of references, work from home alone, have been doing this since 92 and still find time to raise 3 little girls.

    Call me at home if you want to, I work at home all day long helping people out with their traffic and sites, automating page content updates via rss feeds (google loves that), doing press releases, article creation and distribution, building one way inbound links, graphic and site design, I can even add (by the thousands) targeted social media followers (like twitter) to your account all day long, automating messeges you want to send out to them about your site. Posting ads on top various high traffic classified ad sites various cities, states etc. I have clients that are swearing by what it is I do for them and would love to show you some examples if you’re at all interested.

    Winston
    312.204.7203

  2. Hi W

    We’re your one-stop shop for Networking, Activities, Marketing and Entertainment

    Why spend hours searching for the perfect sites when you can use ours in just minutes

    N.A.M.E.–The National Alliance of Male Executives is an on-line community specializing inbusiness and social networking, discounts and perks on activities, marketing solutions and entertainment venues. N.A.M.E. recognizes male professionals who have achieved success as well as those looking to further their career, expand business opportunities and enjoy the finer things in life.
    Join today complimentary and make your life easier! http://www.name-exec.com

  3. Judge Dredd says:

    Winston Redford is a spamming nigger.

  4. Adam Weiss says:

    Hello,
    After looking at http://signacert.com, I was wondering if you would be interested in getting thousands of new business leads every day?
    If interested, please email me back and i’ll explain how I can do this for you using a totally new method that works. It will change your business!
    Thank you, and I apologize if this inquiry was a bother.
    Adam Weiss

  5. Google now using business reviews to determine business ranking!

    How does posting positive reviews help in your businesses Google ranking?

    1. Positive reviews increase your businesses rank by linking important and relevant websites to your website.
    2. A constant stream of positive reviews improves your online reputation.
    3. Positive reviews drive traffic to your business
    4. Positive reviews restore a tarnished reputation buy pushing down negative reviews and links.
    5. Helps protect against competitors or anyone else from attempting to ruin your ranking.

    Call 866-544-8456 for more information http://www.positivereviews.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: