The nation and the world at large are struggling to come to grips with the fact that we are now more than ever vulnerable in our daily lives to adversarial actions in cyberspace. Digital Operatives has been working in computer/network/cyber security focused engagements since 2005. Those engagements have included penetration testing, source code auditing, cyber technology development, advanced technology research and development, and just good old fashioned technology hacking.
It’s rather hard to believe it has been so long, but as a company, we’ve learned so many things along the way. Specifically in this upcoming series of posts, I hope to share some insights with the community into what we’ve learned as a team, and how the worldwide community in general may better respond to these structural and fundamental vulnerabilities in the current and future digital age.
Having a more effective strategy
In many client engagements we are asked for advice on best practice security measures that can help counter adversarial threats. As hackers, we tend to chuckle a little inside, because the best practice security measures simply don’t work. Best practices may offer solace to CIOs and CSOs that need to feel like they are doing something, but strategically speaking, best practice makes you an easy to defeat target of opportunity.
This is why it is so important to think like hackers during these engagements and help the customer understand that strategic and asymmetric thinking are key aspects of successfully defending a computer system and network. We currently are developing and selling technologies specifically cultured around this asymmetric and strategic thought process.
Take PAINT (Process Attribution In Network Traffic) as an example. The idea for PAINT came to me one evening in November 2011. I had recently been analyzing malware communications protocols and infrastructure and had thought to myself that it seemed ridiculous that none of the current network packet analyzers that I knew about or had worked with were able to discern the source or destination of a packet on a system.
At first, it seemed obvious to me that people were already doing this analysis manually. I, in fact, have many times run the “netstat -ano” command since the release of Windows XP to see which process was handling packets on which ports. We decided to submit the idea to DARPA’s Cyber Fast Track on the basis that it would require research into what was actually possible (beyond the notion of correlating netstat output to Wireshark).
Believe it or not, the idea seemed so obvious that the initial response was rather muted. Once we started to get the prototype working the government, as our primary customer for PAINT, started to realize how cool the capability actually was. We believe this is largely due to the fact that for a rather small investment a radically more effective and efficient way to conduct malware analysis and network attribution was born.
This is one part of what we do at Digital Operatives. We develop low-cost, high-payoff technologies that help to radically change the game. We like using creativity and innovation when advising clients because at the end of the day, thinking strategically in this age is the only way to be successful.
Trust me: your adversaries are thinking that way.