jump to navigation

I am back ;) “The Markerian Heptad and Understanding Attacker Motivations” February 24, 2020

Posted by Chris Mark in cybersecurity.
Tags: , , , , , , , , ,
add a comment

It has been a bit of time since I have posted.  I am back with a blog post I wrote for AT&T CyberSecurity Blog. Titled, “Understanding CyberAttacker Motivations”  It discusses what I call the “Markerian Heptad” (Yes..I named it after myself 🙂 and describes the 7 basic motivations that underpin why an attacker would target a particular person, company, organization, etc.

“Implementing a risk based security program and appropriate controls against adaptive cyber threat actors can be a complex task for many organizations. With an understanding of the basic motivations that drive cyber-attacks organizations can better identify where their own assets may be at risk and thereby more efficiently and effectively address identified risks.  This article will discuss the Rational Actor Model (RAM) as well as the seven primary intrinsic and extrinsic motivations for cyber attackers.

Deterrence and security theory fundamentally rely upon the premise that people are rational actors. The RAM is based on the rational choice theory, which posits that humans are rational and will take actions that are in their own best interests.  Each decision a person makes is based upon an internal value calculus that weighs the cost versus the benefits of an action.  By altering the cost-to-benefit ratios of the decisions, decisions, and therefore behavior can be changed accordingly. 

It should be noted at this point that ‘rationality’ relies upon a personal calculus of costs and benefits.  When speaking about the rational actor model or deterrence, it is critical to understand that ‘rational’ behavior is that which advances the individual’s interests and, as such, behavior may vary among people, groups and situations.”..READ MORE HERE!

超限战 – “Warfare without Bounds”; China’s Hacking of the US February 24, 2020

Posted by Chris Mark in cyberespionage, cybersecurity, Politics, weapons and tactics.
Tags: , , , , , , , , ,
add a comment

Unconditional_warfare

“Pleased to meet you…hope you guessed my name…But what’s puzzling you is the nature of my game.”
– The Rolling Stones; Sympathy for the Devil

UPDATE:  On Feb 10, 2020 The US Government charged 4 Chinese Military Officers with hacking in the 2017 Equifax breach.  On January 28th, the FBI arrested a Harvard professor of lying about ties to a Chinese recruitment effort and receiving payment from the US Government.  The attacks, subterfuge and efforts continue against the US.  Why?  Read the original post form 2016 and learn about Unlimited Warfare.

Original post from 2016: More recently, the With the recent US Government’s acknowledgement of China’s hacking of numerous government websites and networks, many are likely wondering why China would have an interest in stealing employee data?  To answer this question, we need to look back at the 1991 Gulf War. You can read my 2013 Article (WorldCyberwar) in the Counter Terrorist Magazine on this subject.

In 1991, a coalition led by the United States invaded Iraq in defense of Kuwait.  At the time Iraq had the 5th largest standing army in the world.  The US led coalition defeated the Iraqi army in resounding fashion in only 96 hours.  For those in the United States the victory was impressive but the average American civilian did not have an appreciation for how this victory was accomplished.

The Gulf War was the first real use of what is known as C4I.  In short, C4I is an acronym for Command, Control, Communications, Computers, and Intelligence. The Gulf War was the first use of a new technology known as Global Positioning Systems (GPS).  The Battle of Medina Ridge was a decisive tank battle in Iraq fought on February 26, 1991 and the first to use GPS.  In this 40 minute battle, the US 1st Armored Division fought the 2nd Brigade of the Iraqi Republican Guard and won decisively. While the US lost 4 tanks and had 2 people killed, the Iraqis suffered a loss of 186 tanks, 127 Infantry Fighting Vehicles and 839 soldiers captured.  The Chinese watched the Gulf War closely and came away with an understanding that a conventional ‘linear’ war against the United States was unwinnable.

After the Gulf War the Chinese People’s Liberation Army tasked two PLA colonels (Qiao Liang and Wang Xiangsui) with redefining the concept of warfare.  From this effort came a new model of Warfare that is published in the book “Unrestricted Warfare” or “Warfare without Bounds”.  Unrestricted Warfare is just what it sound like.  The idea that ‘pseudo-wars’ can be fought against an enemy.  Information warfare, PR efforts and other tactics are used to undermine and enemy without engaging in kinetic, linear battle.  Below is a quote from the book:

“If we acknowledge that the new principles of war are no longer “using armed force to compel the enemy to submit to one’s will,” but rather are “using all means including armed force and non-armed force, military and non-military, lethal and non-lethal means to compel the enemy to accept one’s interests.”

“As we see it, a single man-made stock-market crash, a single computer virus invasion, or a single rumor or scandal that results in a fluctuation in the enemy country’s exchange rates or exposes the leaders of an enemy country on the Internet, all can be included in the ranks of new-concept weapons.”

It further stated: “… a single rumor or scandal that results in fluctuation in the enemy country’s exchange rates…can be included in the ranks of new concept weapons.”

On April 15, 2011, the US Congressional Subcommittee on Oversight and Investigations conducted a hearing on Chinese cyber-espionage. The hearing revealed the US government’s awareness of Chinese cyberattacks. In describing the situation in his opening remarks, subcommittee chairperman Dana Rohrbacher* astutely stated:

“[The]United States is under attack.”

“The Communist Chinese Government has defined us as the enemy. It is buying, building and stealing whatever it takes to contain and destroy us. Again, the Chinese Government has defined us as the enemy.”

Given the Chinese perspective on Unlimited Warfare, it becomes much more clear that what we are seeing with the compromises are examples of ‘pseudo wars’ being fought by the Chinese.  It will be interesting to see how or if the US responds.

*thank you to the reader who corrected my referencing Mr. Rohrbacher as a female.  My apologies to Chairman Rohrbacher!

HR 4036, the “Hack Back Bill”; Understanding Active & Passive Deterrence and the Escalation of Force Continuum. October 22, 2017

Posted by Chris Mark in cybersecurity, Uncategorized.
Tags: , , , , , , , , , ,
2 comments

SMallPirI wrote this original post several years ago but it seems to be more relevant now.   As CNN reports HR4036…”…formerly called the Active Cyber Defense Certainty (ACDC) Act and informally called the hack-back bill – was introduced as an amendment to the Computer Fraud and Abuse Act (CFAA) last week. Its backers are US Representatives Tom Graves, a Georgia Republican, and Kyrsten Sinema, an Arizona Democrat.”

This is a bill that is sound in theory and terrible in practice.  According to the Bill, (named ACDC) it would enable a company to take “..active defensive measures..” to access an attacker’s computer.  This is only applicable in the US…Think about this for a minute.  What is the evidence that I was the attacker of company A?  Maybe (quite possibly…almost certainly) a hackers is using my system as a proxy.  So some company can now attack my personal computer?  What happened to “due process”?.  If company X simply believes I am a hacker, they can access my personal data without a court order or any due process.  More profoundly, the issues it raises pose very real and very direct risks to employees of the company who ‘hacks back’.  This, I think, is unacceptable.

Having performed physical security in very real and very dangerous environments, I can personally attest to the fact that physical threats are real and difficult to prevent.  By allowing a ‘hack back’ the company faces a very real risk of escalating the situation from the cyber domain into the physical domain.  There is NO corporate data that is worth risking a human life.

Too often cybersecurity professionals forget that they are SECURITY professionals first and the  same rules of deterrence, escalation of force and other aspects apply.  Given this new Bill,  I felt this was a good time to again discuss deterrence (active and passive) and once again talk about the Escalation of Force Cycle.  So, what is deterrence? (warning…long post)..pic of the author off the cost of Somalia doing anti-piracy operations)

The History of Deterrence Theory:

The concept of deterrence is relatively easy to understand and likely extends to the earliest human activities in which one early human dissuaded another from stealing food by employing the threat of violence against the interloper.  Written examples of deterrence can be attributed as far back as the Peloponnesian War, when Thucydides wrote that there were many conflicts in which one army maneuvered in a manner that convinced the opponent that beginning or escalating a war would not be worth the risk.[1]  In the 4th Century BC, Sun Tzu wrote: “When opponents are unwilling to fight with you, it is because they think it is contrary to their interests, or because you have misled them in to thinking so.”[2]  While most people seem to instinctively understand the concept at the individual level, contemporary deterrence theory was brought to the forefront of political and military affairs during the Second World War with the deployment of nuclear weapons against Nagasaki and Hiroshima.[3]

The application of deterrence during WWII was the beginning of understanding that an internal value calculus drives human behavior and that behavior could be formally modeled and predicted with some degree of accuracy.  (more…)

The “Deep Web” in Tactics & Preparedness Magazine May 15, 2017

Posted by Chris Mark in cybersecurity, Uncategorized.
Tags: , , , , , , ,
add a comment

TacticsPrepDeepweb_smallDeveloped by the Naval Research Laboratory in 1994, The Onion Routing (TOR) protocol was originally designed to allow spies to communicate securely.  It is this protocol that ushered in the “Deep Web” which enabled Edward Snowden to bypass the NSA using an operating system called TAILS.  If you want to know more about the Deep web and how to gain access, please read my latest article in Tactics & Preparedness magazine.

US Government Failing us on Terrorism June 15, 2016

Posted by Chris Mark in cybersecurity, Uncategorized.
Tags: , , , , , ,
add a comment

the dunceAs we learn more and more about the Orlando killer I am increasingly appalled at the incompetence and indifference shown by our own government.  First our own president referred to ISIS as “Junior Varsity”. Omar Mateen was investigated twice by the FBI with the investigations lasting at least 10 months.   After the investigation the FBI ‘closed’ the case.  The officials in DC had the opportunity to re-open or continue the investigation…they did not.

Even Attorney General Lynch said she would open an inquiry to see: “if there are lessons we can learn to prevent another tragedy.” Didn’t we hear similar comments after Boston and San Bernardino. In fact, Lynch stated after San Bernardino:

“We’re at the point where these issues have come together really like never before in law enforcement thought and in our nation’s history and it gives us a wonderful opportunity and a wonderful moment to really make significant change,” – What ‘wonderful opportunity did this provide?

Let us not forget that President Obama called the Boston Bombings: “Two brothers and a crackpot”  Let that sink in for a moment after knowing what we know about San Bernardino and Oralando.

Considering we have now seen the Boston Bombing and San Bernadino shootings from the same terrorists…each of which were investigated and cleared…I would say the government FAILED miserably to protect those in Orlando  and is failing to protect us.

Omar Mateen’s father is know to publicly support the Taliban and his parents are from Afghanistan.  Omar Mateen’s “wife” is actually Palestinian.  Interestingly, there is no evidence they were actually married.  Then, we find that Omar Mateen took 2 separate trips to Saudi Arabia for “unknown” reasons. (shouldn’t this have raised numerous red flags?)

Clearly there was something that compelled the FBI to investigate Mateen for over 10 months.  Closing the case should not mean ignoring the individual.  When coupled with the trips to Saudi Arabia and Mateen’s father’s support of the Taliban, you would think it would have re-energized the investigation.  Even if Mateen could legally purchase a firearm, how could his purchasing of a firearm AFTER being investigated for 10 months, taking 2 trips to Saudi Arabia in 1 year, ‘marrying’ a Palestinian woman, and having a father who is pro Taliban NOT compel the US Government to at least watch this guy?

Predictive Analysis is about taking desperate bits of information and predicting behavior.  Using historical information we can identify how people act given certain actions.  How in the f…’hell’ did all of these data points NOT point to a ‘re look’ at Mateen?  I often say “security is indelicate”.  Here is a game?

  • Does being a Middle Eastern person make you a terrorist?  Probably not.  Does being a Middle Eastern Male make you a terrorist? probably not. 
  • Does being a Middle Eastern Male between the ages of 18 and 29 make you a terrorist?  Probably not.
  • Does being a Middle Eastern Male between the ages of 18 and 29 who is also Muslim make you a terrorist? Probably not.  Does being a Middle Eastern Male between the ages of 18 and 29, and Muslim who attends a Mosque known to preach an extremist view of Islam make you a terrorist...hopefully (notice the language change) not…
  • Does being a Middle Eastern Male between the ages of 18 and 29, and Muslim who attends a Mosque known to preach an extremist view of Islam, and who has visited Saudi Arabia in the past year for unknown reasons make you a terrorist?….ummm…maybe…not?
  • Does being a Middle Eastern Male between the ages of 18 and 29, and Muslim who attends a Mosque known to preach an extremist view of Islam, and who has visited Saudi Arabia in the past year for unknown reason, and has published numerous anti American posts on Facebook  make you a terrorist?…Yeah..we hope not? 
  • Does being a Middle Eastern Male between the ages of 18 and 29, and Muslim who attends a Mosque known to preach an extremist view of Islam, and who has visited Saudi Arabia in the past year for unknown reason, and has published numerous anti American posts on Facebook…and recently purchased numerous guns make you a terrorist?…What do you think?

This is PA 101.  Our Government is failing us on a basic level.

As more and more terrorists attack the United States, the current administration’s position is simply to divert blame. He intimates that by calling the terrorists “Islamic radicals” that we are encouraging them and, of course, places the blame on guns.

It is not a ‘gun problem’ it is apathy,  indifference, and disrespect for a very capable, and motivated enemy that is providing an environment that is ripe for these types of attacks.

DO YOUR JOB….

%d bloggers like this: