You are previewing Reverse Deception: Organized Cyber Threat Counter-Exploitation.
O'Reilly logo
Reverse Deception: Organized Cyber Threat Counter-Exploitation

Book Description

A complete guide to understanding and fighting advanced persistent threats—today's most destructive risk to enterprise security

Reverse Deception: Organized Cyber Threat Counter-Exploitation explains how to identify advanced persistent threats (APTs), categorize them according to risk level, and prioritize your actions accordingly by applying expert, field-tested private- and government-sector methods (NSA, FBI, and DOD).

APTs cannot be seen, spread invisibly, and then continue to live in an enterprise network, undetected. In this one-of-a-kind book, the authors explain how to get—and stay—ahead of today's well-organized and extremely persistent brand of network enemies. The book describes the characteristics of malware and botnets, how they can morph, evade detection, and spin off decoys that live in-network, while appearing to have been cleaned up and debugged. This detailed guide then reveals how to detect the appearance of malicious code, decode the types of enemies they originate from, and finally, how to extricate malcode and deflect its future entry into networks.

Reverse Deception: Organized Cyber Threat Counter-Exploitation features:

• Full coverage of the #1 feared type of network attack today, the APT

• Descriptions of cyber espionage tactics seen in the U.S. and internationally, with comparisons of the types of countermeasures permissible by law in the U.S. and Asia versus less strict countries in Europe, the Middle East, and Africa

• Enthralling case studies and true stories from the authors' FBI, DOD, NSA, and private sector work

• Foreword by Fred Feer, a security professional with 40 years’ experience with the U.S. Army counterintelligence, CIA, RAND, and independent consulting

• Complete coverage of key aspects of deception, counter-deception, behavioral profiling, and security within the cyber realm

• Cat-and-mouse strategies from the best in the game—explains how to implement deception and disinformation techniques against a variety of incoming threats aimed at enticing adversaries out into the open

• A fresh perspective on innovative, field-tested ideas for successfully countering current digital threats—plus expected characteristics of the next threats to come

• Legal explanations of capabilities, limitations, and requirements for assisting law enforcement investigations

Coverage includes:

Deception Throughout History to Today; The Applications & Goals of Cyber Counterintelligence; The Missions and Outcomes of Criminal Profiling; Legal & Ethical Aspects of Deception; Attack Tradecraft; Operational Deception; Tools, Tactics & Procedures; Attack Attribution; Black Hat Motivators; Understanding Advanced Persistent Threats; When & When Not to Act; Implementation & Validation Tactics

Table of Contents

  1. Cover 
  2. Copyright
  3. About the Author
  4. Contents 
  5. Foreword
  6. Acknowledgments
  7. Introduction
  8. Chapter 1 State of the Advanced Cyber Threat
    1. Have You Heard About the APT?
    2. APT Defined
    3. What Makes a Threat Advanced and Persistent?
    4. Examples of Advanced and Persistent Threats
      1. Moonlight Maze
      2. Stakkato
      3. Titan Rain
      4. Stormworm
      5. GhostNet
      6. Byzantine Hades/Foothold/Candor/Raptor
      7. Operation Aurora
      8. Stuxnet
      9. Russian Business Network
      10. New Generation of Botnets and Operators
      11. Operation Payback
    5. Conclusion
  9. Chapter 2 What Is Deception?
    1. How Does Deception Fit in Countering Cyber Threats?
    2. Six Principles of Deception
      1. Focus
      2. Objective
      3. Centralized Planning and Control
      4. Security
      5. Timeliness
      6. Integration
    3. Traditional Deception
      1. Feints—Cowpens
      2. Demonstrations—Dorchester Heights
      3. Ruses—Operation Mincemeat (the Unlikely Story of Glyndwr Michael)
      4. Displays—A Big Hack Attack
    4. Why Use Deception?
      1. The First US Army Group Deception
      2. Russian Maskirovka
    5. Deception Maxims
      1. “Magruder’s Principle”—Exploitation of a COG’s Perception or Bias
      2. “Limitations to Human Information Processing”
      3. “Multiple Forms of Surprise”
      4. “Jones’ Dilemma”
      5. “Choice of Types of Deception”
      6. “Husbanding of Deception Assets”
      7. “Sequencing Rule”
      8. “Importance of Feedback”
      9. “Beware of Possible Unwanted Reactions”
      10. “Care in the Design of Planned Placement of Deceptive Material”
    6. Understanding the Information Picture
      1. Half-Empty Version
      2. Half-Full Version
      3. A Question of Bias
      4. Totally Full Version
      5. Step-Beyond Version
      6. Two-Steps-Beyond Version
    7. Conclusion
  10. Chapter 3 Cyber Counterintelligence
    1. Fundamental Competencies
    2. Applying Counterintelligence to the Cyber Realm
    3. Sizing Up Advanced and Persistent Threats
      1. Attack Origination Points
      2. Numbers Involved in the Attack
      3. Risk Tolerance
      4. Timeliness
      5. Skills and Methods
      6. Actions
      7. Objectives
      8. Resources
      9. Knowledge Source
    4. Conclusion
  11. Chapter 4 Profiling Fundamentals
    1. A Brief History of Traditional Criminal Profiling
    2. The Emergence of Cyber Profiling
    3. Acquiring an Understanding of the Special Population
    4. The Objectives of Profiling
    5. The Nature of Profiling
    6. Basic Types of Profiling
    7. Two Logical Approaches to Profiling: Inductive vs. Deductive
    8. Information Vectors for Profiling
      1. Time
      2. Geolocation
      3. Skill
      4. Motivation
      5. Weapons and Tactics
      6. Socially Meaningful Communications and Connections
    9. Conclusion
    10. References
  12. Chapter 5 Actionable Legal Knowledge for the Security Professional
    1. How to Work with a Lawyer
    2. What You Should Know About Legal Research
      1. Online Legal Resources
      2. Common Legal Terms
      3. The Role of Statutes in Our Legal System
      4. How to Find a Law
      5. Do Your Background Homework
    3. Reading the Law
    4. Communicating with Lawyers
    5. Ethics in Cyberspace
    6. Conclusion
  13. Chapter 6 Threat (Attacker) Tradecraft
    1. Threat Categories
      1. Targeted Attacks
      2. Opportunistic Attacks
      3. Opportunistic Turning Targeted
    2. Evolution of Vectors
    3. Meet the Team
    4. Criminal Tools and Techniques
      1. Tailored Valid Services
      2. Academic Research Abuse
      3. Circles of Trust
      4. Injection Vectors
    5. Conclusion
  14. Chapter 7 Operational Deception
    1. Deception Is Essential
    2. Tall Tale 1
      1. Postmortem
    3. Tall Tale 2
      1. Postmortem
    4. Tall Tale 3
      1. Postmortem
    5. Tall Tale 4
      1. Honeypot 1
      2. Postmortem
    6. Conclusion
  15. Chapter 8 Tools and Tactics
    1. Detection Technologies
    2. Host-Based Tools
      1. Antivirus Tools
      2. Digital Forensics
      3. Security Management Tools
    3. Network-Based Tools
      1. Firewalls
      2. Intrusion Detection/Prevention Systems
    4. Deception Technologies
      1. Honeywalls
      2. Honeynets as Part of Defense-in-Depth
      3. Research vs. Production Honeynets
      4. Honeynet Architectures
      5. Honeywall Accreditation
      6. Content Staging
      7. Content Filling
      8. Honeynet Training
      9. Honeynet Objectives
      10. Honeynet Risks and Issues
    5. Check Yourself Before You’re Wrecked
      1. What’s the Status of Your Physical Security?
      2. How Does Your Wireless Network Look?
      3. What’s Traveling on Your Network?
      4. What About Your Host/Server Security?
      5. How Are Your Passwords?
      6. How’s Your Operational Security?
    6. Crimeware/Analysis Detection Systems
      1. What Happened on Your Box?
      2. What Did That Malicious Software Do?
    7. Conclusion
  16. Chapter 9 Attack Characterization Techniques
    1. Postincident Characterization
    2. Another Tall Tale
      1. Discovery
      2. Malware
      3. Aftermath
    3. Real-World Tactics
      1. Engaging an Active Threat
      2. Traffic, Targets, and Taxonomy
      3. Aftermath
    4. Conclusion
  17. 10 Attack Attribution
    1. A Brief Note About Levels of Information Present in Objects
    2. Profiling Vectors
      1. Time
      2. Motivations
      3. Social Networks
      4. Skill Level
      5. Vector Summary
    3. Strategic Application of Profiling Techniques
    4. Example Study: The Changing Social Structure of the Hacking Community
    5. Micro- and Macro-Level Analyses
    6. The Rise of the Civilian Cyber Warrior
      1. The Balance of Power
      2. Potential Civilian Cyber Warrior Threats
    7. Conclusion
    8. References
  18. 11 The Value of APTs
    1. Espionage
    2. Costs of Cyber Espionage
    3. Value Network Analysis
    4. APTs and Value Networks
      1. The RSA Case
      2. The Operation Aurora Case
      3. APT Investments
    5. APTs and the Internet Value Chain
      1. It’s All Good(s)
      2. Bitcoin in the Future?
    6. Conclusion
  19. 12 When and When Not to Act
    1. Determining Threat Severity
      1. Application Vulnerability Scenario
      2. Targeted Attack Scenario
    2. What to Do When It Hits the Fan
      1. Block or Monitor?
      2. Isolating the Problem
      3. Distinguishing Threat Objectives
      4. Responding to Actionable Intelligence
    3. Cyber Threat Acquisition
      1. Distinguishing Between Threats
      2. Processing Collected Intelligence
      3. Determining Available Engagement Tactics
    4. Engaging the Threat
      1. Within Your Enterprise
      2. External to Your Enterprise
      3. Working with Law Enforcement
    5. To Hack or Not to Hack (Back)
      1. To What End?
      2. Understanding Lines (Not to Cross)
    6. Conclusion
  20. 13 Implementation and Validation
    1. Vetting Your Operations
      1. Vetting Deceptions
      2. Vetting Perceptual Consistency in a Deception
      3. Vetting Engagements
    2. Putting This Book to Use with Aid from Professionals
    3. How to Evaluate Success
    4. Getting to the End Game
    5. Conclusion
  21. Glossary
  22. Index