-
Iran’s Lame Cyber Aspirations Revealed
A brief discussion of this report from Sky News on some Iranian cyber research reports. https://news.sky.com/story/irans-secret-cyber-files-on-how-cargo-ships-and-petrol-stations-could-be-attacked-12364871 This reports are clearly first stage fact-finding and brainstorming, the very earliest stage of capability development. They reveal only initial cursory preliminary analysis of potential vulnerabilities to exploit for cyber effects operations. Comprehensive actual hands-on testing of the target… Read more
-
Regarding the Kaseya Attack, Some Answers
Another spectacular raid by Russian ransom where gangs prompted a series of interesting questions by Catalin. I thought it would be worthwhile to address them. Here is the thread with the questions. I have inlined them below with my responses. Some questions in regards to the Kaseya incident: -How did REvil learn of the VSA… Read more
-
Not all exploits are “grey in the dark”
Capabilities are not interchangeable, nor are they all equal. This seems obvious, and yet not everyone agrees (apparently). In this article about the six 0day exploits patched on June 7 2021, we have the following line: Kevin Breen, director of cyber threat research at Immersive Labs, said elevation of privilege flaws are just as valuable… Read more
-
ransomware, real resolutions
Some quick thoughts on ransomware as a tractable problem. Create a superfund to hire ransomware developers and support staff. Pay them to do something productive, or at least non criminal. The only people with power over ransomware gangs are the protectors providing the safe havens they reside in. If you cannot make North Korea, China,… Read more
-
SVR snaps back at Biden
On April 15th the US dropped a load of sanctions on Russia for election interference, and hacking, and generally being Russia. There is a lot of good info to unpack from the sanctions, but for now let’s look at the way Russia’s foreign intelligence service, the SVR, has responded to being called Cozy Bear. (Hint:… Read more
-
SolarWind, enough with the password already!
This is a much delayed discussion on the complexity and nuance of the SolarWind hack. The simplistic and wrong messaging from some quarters of the infosec community has resulted in an atrocious misunderstanding of the hack in the public sphere. This has extended into the policy world as these bad takes are treated as cogent… Read more
-
Why Backdoor the Golden Goose?
Why I don’t think Huawei will install back doors in 5G telco equipment — it would be a forced error when they are poised to achieve a win that will give them a strategic advantage for years and maybe decades to come. I don’t think they want to backdoor everything. That’s a sort of crude… Read more
-
On Pre Op Hackers
Proper Planning and Preparation Prevents Piss Poor Penetrations I was asked for good references on pre-operation phases of hacking. I recommended Matt Monte’s “network attacks and exploitation: a framework”, and Bill McRaven’s “Spec Ops: Case Studies in Special Operations Warfare: Theory and Practice”. The Monte book is the best book on cyber written so far.… Read more
-
The Network is not the Issue Dude
Ageism is never a good look There is an argument that goes “the Internet is not secure because it was designed in the 60s (or 70s, or whenever) and back then security wasn’t part of the plan. Now we’ve inherited that legacy of no security, and it haunts us still.” For some reason this has… Read more
-
Cyber Events
There is a constant need to label cyber operations as “cyber ${battle from history}.” The most recent one, indeed the one that inspired me to write about this phenomenon, is the spectacularly insane “cyber Cuban missile crisis.” The exact quote is from some fraudulent “cyber security experts” apparently: Experts are telling me that the solar… Read more