The Mueller indictment: some thoughts on deterrence, OPSEC and linguistics

Unless your cave doesn’t have wifi, you probably know by now that 12 operatives from the GRU have been indicted by special counsel Robert Mueller.

The supporting document is a rare artefact, in a sense that it is the most public exposition of American cyber tradecraft ever.

Its analysis has been bolstered by an agency – the NSA, in case you are wondering – whose very DNA has been hardcoded with operational deniability. Remember, the US still issues a Glomar response on Stuxnet even when the operation has been outed by a hundred different sources.

Continue reading “The Mueller indictment: some thoughts on deterrence, OPSEC and linguistics”

An Indian cyber mercenary for hire? Bad OPSEC and global footprint

Cisco Talos has just published a report unmasking an Indian cyber actor.

The specific operation under investigation was in progress since 2015. An iPhone malware was deployed using an open-source mobile device management suite and targeted exactly 13 mobiles. This seems like a very focused effort.

But the operator is to only blame itself for getting exposed – it followed terrible OPSEC practices.

Continue reading “An Indian cyber mercenary for hire? Bad OPSEC and global footprint”

A sneak peek into the Pakistan Army’s cyber tradecraft

This seems to have gone unnoticed, so I am placeholding it here. A small ideological disclaimer: I do not *hate* Pakistan like many right-wingers do. In fact, I long visiting Lahore some day and sample its street food. Nonetheless, this is an interesting public exposure to the tradecraft – if it could be called so – of an adversarial army.

In March this year, Amnesty International released a dossier (PDF) on the intimidation and spying of human rights activists based in Pakistan, allegedly by the country’s own army operatives. Apart from the usual scare tactics, the operatives also engaged in social engineering and cyber espionage. Android and Windows based malware were used for the purpose.

Continue reading “A sneak peek into the Pakistan Army’s cyber tradecraft”

When Code Is Law – The Indian Express

Published by The Indian Express:

With the debate spurred by the revelations of Cambridge Analytica’s dealings with Facebook — and, closer to home, by Aadhaar — we may have to revisit the very foundations of the individual’s social contract with the state when it comes to privacy. Those familiar with the hacker counter-culture of the Nineties knew one thing — the most potent weapon of information warfare is availability.

Continue reading “When Code Is Law – The Indian Express”

The next war in cybersecurity would be between CapEx and OpEx – LinkedIn

Published on LinkedIn:

Anton Chuvakin, formerly a log ninja and currently a VP at Gartner, has been whipping up some emphatic commentary on the SIEMs. You know, those ugly, inflexible monoliths which have dominated the decision layer of security since a decade, just refusing to go away.

He has driven home a couple of points on the absolute operational fragmentation of the security architecture. Like, there are more security boxes within an enterprise than there are people to manage them [1]. Or the fact that there could actually be a thing called “SaaS SIEM” – though I vehemently disagree with that term (more on that later) [2].

Continue reading “The next war in cybersecurity would be between CapEx and OpEx – LinkedIn”