An Indian cyber mercenary for hire? Bad OPSEC and global footprint

Cisco Talos has just published a report unmasking an Indian cyber actor.

The specific operation under investigation was in progress since 2015. An iPhone malware was deployed using an open-source mobile device management suite and targeted exactly 13 mobiles. This seems like a very focused effort.

But the operator is to only blame itself for getting exposed – it followed terrible OPSEC practices.

Continue reading “An Indian cyber mercenary for hire? Bad OPSEC and global footprint”

A sneak peek into the Pakistan Army’s cyber tradecraft

This seems to have gone unnoticed, so I am placeholding it here. A small ideological disclaimer: I do not *hate* Pakistan like many right-wingers do. In fact, I long visiting Lahore some day and sample its street food. Nonetheless, this is an interesting public exposure to the tradecraft – if it could be called so – of an adversarial army.

In March this year, Amnesty International released a dossier (PDF) on the intimidation and spying of human rights activists based in Pakistan, allegedly by the country’s own army operatives. Apart from the usual scare tactics, the operatives also engaged in social engineering and cyber espionage. Android and Windows based malware were used for the purpose.

Continue reading “A sneak peek into the Pakistan Army’s cyber tradecraft”

When Code Is Law – The Indian Express

Published by The Indian Express:

With the debate spurred by the revelations of Cambridge Analytica’s dealings with Facebook — and, closer to home, by Aadhaar — we may have to revisit the very foundations of the individual’s social contract with the state when it comes to privacy. Those familiar with the hacker counter-culture of the Nineties knew one thing — the most potent weapon of information warfare is availability.

Continue reading “When Code Is Law – The Indian Express”

The next war in cybersecurity would be between CapEx and OpEx – LinkedIn

Published on LinkedIn:

Anton Chuvakin, formerly a log ninja and currently a VP at Gartner, has been whipping up some emphatic commentary on the SIEMs. You know, those ugly, inflexible monoliths which have dominated the decision layer of security since a decade, just refusing to go away.

He has driven home a couple of points on the absolute operational fragmentation of the security architecture. Like, there are more security boxes within an enterprise than there are people to manage them [1]. Or the fact that there could actually be a thing called “SaaS SIEM” – though I vehemently disagree with that term (more on that later) [2].

Continue reading “The next war in cybersecurity would be between CapEx and OpEx – LinkedIn”

For Enterprises Giving Up on Cybersecurity Vendors: Abstraction Is the Future – LinkedIn

Published on LinkedIn:

An interesting development marked the conclusion of the Borderless Cyber USA 2017 conference last week. A representative from the National Security Agency (NSA) announced the launch of OpenC2 – a “standardised computer language” that creates a layer of abstraction to facilitate cyber response across product and organisational boundaries at machine speed.

The future of cyber, and homeland security in general, would be these layers of abstraction which introduce machine-to-machine inter-operability and seamlessness in a highly fragmented ecosystem. This is probably the second such strategic initiative that is not driven by vendors, but standardisation bodies. The first layer of abstraction which paved the way for OpenC2 was STIX-TAXII.

Continue reading “For Enterprises Giving Up on Cybersecurity Vendors: Abstraction Is the Future – LinkedIn”