Between Christmas and New Year, I spoke at the Chaos Communications Congress in Berlin on targeted attacks. Some basic findings included:
A number of people approached me afterwards telling me that most of what they learned about the issue so far came from the media, not from their peers. When I started studying the phenomenon, my approach was to contact groups that had reported very similar attacks, such as the Falun Gong community. Information and samples from these groups allowed me to gain a better understanding of the attacks.
Targeted attacks evolve based on economies built around the information that is targeted. When information is valuable to the attacker, he will take commensurate effort to compromise it. Depending on the value, this encourages the use of novel, untested techniques. Such techniques tend to be unreliable and fail disproportionately. Failures can be detected, understood and shared. This type of sharing is part of what I refer to as security intelligence.
If you’re worried about this type of compromise, join one of the many information sharing mechanisms your industry may offer: the United States has a fair amount of ISACs (Information Sharing and Analysis Centers), and the UK offers its WARPs (Warning, Advice and Reporting Points). These organizations allow you to share information and still rest assured it is anonymized appropriately.
We are also very interested in hearing about your experiences. The Storm Center takes your confidentiality very seriously, so please do identify what we can post and what should remain private or should only refer to as generic techniques. We appreciate your contribution.
Jan 15th 2008
Jan 15th 2008
1 decade ago