Category Archives: Security

CyberWarfare against dissent

In my “Top 10 Breaches” webinar this past Tuesday I placed the DDoS attack on the Republic of Georgia at number 3. This was for several reasons, which I try to explain in the presentation. Here is a bit more detail:

First of all, the attack was orchestrated under a cohesive and large group. Groups involved in financial attacks usually have to be small (for margins as well as leak prevention) and are only held together long enough to make a profit. However a nationalist movement has far greater threat potential as it can spread based on pride alone.

Second, the sophistication of the organization, advance planning, tests, and forum communication show that geography currently does not provide much of an obstacle for talent or resources to stage an attack. Whereas “bot-herder” tests started in the US the eventual operation against Georgia came from within Russia.

Third, the attacks targeted sources of information such as blogs and news stations. Jose Nazario has just posted an interesting review of this effect. He explains that botnets are increasingly being used as a weapon against dissent and free speech. This expands the concept of a group threat to be much larger than nations and further emphasizes the importance of this type of breach.

Thank you for listening

Well, it looks like already this year I have presented eight webcasts (covering HIPAA, IT Governance, NERC CIP, PCI DSS, Red Flags, and Security Breaches). I wanted to say thank you to everyone who has listened. My ninth webinar this year will be Thursday, again on NERC CIP.

Today’s webinar, “Top 10 Security Breaches” with over 500 in the audience, was especially fun. I tried to weave political, historical, legal, and economic considerations into the technical details of recent security breaches.

I also am starting this week to spin up some podcasts to provide a more in-depth look with an extended Q&A format. Today’s podcast will take a look at the WorldPay breach in detail. Hope to see you there.

Thanks again. Feel free to send me questions or comments especially if you would like more information or a topic covered in the future.

The Best Tactics in the World Don’t Matter if the Strategy is Wrong

Wired has posted an interview with Craig Mullaney that explains his experience and lessons from Afghanistan, as documented in “Unforgiving Minute”.

…in 2003, at a time when we didn’t officially recognize that there was an insurgency in Afghanistan, the strategy was wrong…like throwing darts in a dark room. Sometimes you hit the bulls eye, but you don’t deserve to.