Welcome!

Government Cloud Authors: Pat Romanski, Liz McMillan, Elizabeth White, Kevin Jackson, Bob Gourley

Related Topics: Cloud Security, Government Cloud

Cloud Security: Blog Post

Burning Down the House for Fun and Profit

The Pros and Cons of Naming and Shaming

In October of 1962, during the buildup to the Cuban Missile Crisis, a debate between Adlai Stevenson and Valerian Alexandrovich Zorin at the United Nations Security Council, revealed how far the U.S. was willing to go to produce evidence that the Soviet Union was indeed stockpiling tactical nuclear weapons and ballistic missiles in North America. The Soviets, reluctance to be truthful "in the court of world opinion", forced the hand of the U.S. to produce the very intelligence that the Soviets' claimed the U.S. did not have. Once the overhead photos of the missiles were shared publicly, the Soviets immediately countered that the imagery was fake. We knew the truth then and we know it today, the Soviets had been caught in their lie.

What we saw this week was very similar to what we saw in 1962.  What is most interesting in this case is that the bombshell was not dropped in a stuffy chamber full of wrinkly policy makers, nor was it used by the administration to draw a hard line under Executive Order 13636 that President Obama signed last week. No, the story was brought to light by a single, private sector entity using unclassified information that was publicly available for anyone to put together. By doing so, a precedent has been set. Finally, the veil has been lifted. Now, the public was able take a glimpse at an unseen threat that many within the security industry have been following closely for nearly a decade.  A complex, intangible idea has a face, or rather a building, attached to it.

So what does this mean? Is this good, bad or somewhere in the middle?

Operational Caveat:
Since 13 February, Cyber Squared's ThreatConnect.com has detected an unknown security research group, (believed to be Mandiant) sink-holing known "Comment Group" command and control infrastructure to a variety of named Virtual Private Servers (VPS) ahead of their 19 February report release. All "Comment Group" infrastructure has been freely available to vetted ThreatConnect users since November 2012.

The Pros:
Unfortunately, there are no lanes in the road that point out clear-cut standards by which organizations can measure if they are responsibly or irresponsibly disclosing cyber threat information. While not everyone supports public disclosures of this nature, we can look at both sides of what has occurred and find the benefits and cost of this massive disclosure.

PRO1: Finally an organization has developed a public attribution picture, publicly naming and shaming China for behavior that many have observed internationally for over a decade.

PRO2: A precedent has now been set for the entire security community; there are many others who have chosen to hold off on disclosing details of attacks or operationalizing infrastructure take downs out of concerns with tipping the threat actors and forcing them to change their TTPs and operational security. Now a green-light has been given to disclose similar details and to unilaterally act to take down large chunks of malicious infrastructure associated with APT's.

PRO3: The United States Government (USG) appears to have handed over the issue of Chinese cyber espionage to commercial industry. Some may argue that this level of disclosure should only be part of an official USG response. However, allowing industries to self-regulate and establish norms of internet behavior may serve as a more efficient way to manage threats of this nature.

PRO4: This now gives the security industry something to measure against.  Not only can the industry observe and measure how "Comment Group" will respond to the disclosure, but also their reactions to sweeping sinkhole operations in addition to target reacquisition efforts.  The industry can also pay attention to general responses from other Chinese APT groups.

PRO5: A disclosure at this level raises the issue of nation state sponsored or sanctioned cyber espionage to a larger audience, keeping the issue in the spotlight and increasing overall global awareness of the threat posed by Chinese cyber espionage.

The Cons:
On the flipside, despite the new opportunities that this may present the industry, there are untold numbers of secondary effects that could come to light because of this disclosure.

CON1: The USG appears to be sidestepping a strategic national policy issue by allowing a commercial entity to assume all of the risk by acting as the mouthpiece that may influence U.S.-China relations. If the USG is to send a message, it needs to send it unequivocally with no appearance of a puppet.

CON2: This may increase the precedent for foreign governments or non-U.S. companies that wish to embarrass the U.S. or western allies by attributing details of other sophisticated threats to western powers.

CON3: "Comment Group", while quite effective, could be considered "low hanging fruit".  There were many "eyes on" from across the global security community which were actively monitoring the threat. Many organizations that had adequate visibility of "Comment Group" infrastructure, capabilities and operations now find themselves exposed to the unknown.  Assuming a Chinese military intelligence unit isn't just going to give up and go home, everyone is now equally vulnerable to whatever they use next.

CON4: A single Chinese APT group out of an average of approximately 20 APT groups would only address 5% of the overall problem. By disclosing details of just one threat group, the effect to Chinese cyber espionage operations would be minimal.

CON5: A detailed disclosure at this level reveals a laundry list of specific items that the Chinese can now use as lessons learned to improve upon overall tradecraft. This increases the probability of Chinese counter intelligence operations, operations security, oversight and an overall process improvement which will diminish the security industries ability to effectively combat the threat of Chinese APT's in the future.

Conclusion
Only time will tell if the gains outweigh any losses associated with the disclosure.  Despite growing evidence that this is the work of the Chinese, the official response has been no different than what we have seen before.  A poor embassy spokesperson, followed by spokespeople for the Ministry of Foreign Affairs and Defense, are forced to respond with the standard canned and reflexive denial stating that accusing China without evidence is "irresponsible" and "unprofessional" or that China is ultimately the victim and would never do such a thing. What this spokespersons probably doesn't understand, through the layers of party bureaucracy, is how "irresponsible" and "unprofessional" the Chinese Computer Network Exploitation (CNE) machine actually is. If this is the case, it highlights how intentionally deceptive the PRC is or that the left hand has no idea what the right hand is doing in the shadows.

Ultimately, what is truly "irresponsible" and "unprofessional" is targeting the same individual four times a day through emails written in broken English with an attached implant embedded in a self extracting archive. For those who bear the scars of APT attacks or organizations who specialize in protecting customers from such threats, it becomes quite clear, the Chinese, in their hunger to support their modernization and economic rise, have compromised themselves before a global economy.

More Stories By Rich Barger

Rich is the Chief Intelligence Officer for Cyber Squared and the ThreatConnect Intelligence Research Team (TCIRT) Director.

@ThingsExpo Stories
WebRTC is bringing significant change to the communications landscape that will bridge the worlds of web and telephony, making the Internet the new standard for communications. Cloud9 took the road less traveled and used WebRTC to create a downloadable enterprise-grade communications platform that is changing the communication dynamic in the financial sector. In his session at @ThingsExpo, Leo Papadopoulos, CTO of Cloud9, will discuss the importance of WebRTC and how it enables companies to fo...
Designing IoT applications is complex, but deploying them in a scalable fashion is even more complex. A scalable, API first IaaS cloud is a good start, but in order to understand the various components specific to deploying IoT applications, one needs to understand the architecture of these applications and figure out how to scale these components independently. In his session at @ThingsExpo, Nara Rajagopalan is CEO of Accelerite, will discuss the fundamental architecture of IoT applications, ...
SYS-CON Events announced today TechTarget has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY, and the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. TechTarget is the Web’s leading destination for serious technology buyers researching and making enterprise technology decisions. Its extensive global networ...
Korean Broadcasting System (KBS) will feature the upcoming 18th Cloud Expo | @ThingsExpo in a New York news documentary about the "New IT for the Future." The documentary will cover how big companies are transmitting or adopting the new IT for the future and will be filmed on the expo floor between June 7-June 9, 2016, at the Javits Center in New York City, New York. KBS has long been a leader in the development of the broadcasting culture of Korea. As the key public service broadcaster of Korea...
As cloud and storage projections continue to rise, the number of organizations moving to the cloud is escalating and it is clear cloud storage is here to stay. However, is it secure? Data is the lifeblood for government entities, countries, cloud service providers and enterprises alike and losing or exposing that data can have disastrous results. There are new concepts for data storage on the horizon that will deliver secure solutions for storing and moving sensitive data around the world. ...
In his session at 18th Cloud Expo, Bruce Swann, Senior Product Marketing Manager at Adobe, will discuss how the Adobe Marketing Cloud can help marketers embrace opportunities for personalized, relevant and real-time customer engagement across offline (direct mail, point of sale, call center) and digital (email, website, SMS, mobile apps, social networks, connected objects). Bruce Swann has more than 15 years of experience working with digital marketing disciplines like web analytics, social med...
What a difference a year makes. Organizations aren’t just talking about IoT possibilities, it is now baked into their core business strategy. With IoT, billions of devices generating data from different companies on different networks around the globe need to interact. From efficiency to better customer insights to completely new business models, IoT will turn traditional business models upside down. In the new customer-centric age, the key to success is delivering critical services and apps wit...
The essence of data analysis involves setting up data pipelines that consist of several operations that are chained together – starting from data collection, data quality checks, data integration, data analysis and data visualization (including the setting up of interaction paths in that visualization). In our opinion, the challenges stem from the technology diversity at each stage of the data pipeline as well as the lack of process around the analysis.
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York and Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty ...
The 19th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit y...
There are several IoTs: the Industrial Internet, Consumer Wearables, Wearables and Healthcare, Supply Chains, and the movement toward Smart Grids, Cities, Regions, and Nations. There are competing communications standards every step of the way, a bewildering array of sensors and devices, and an entire world of competing data analytics platforms. To some this appears to be chaos. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will discuss the vast to...
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 19th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo New York Call for Papers is now open.
SYS-CON Events announced today that Enzu, a leading provider of cloud hosting solutions, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive advantage. By offering a suite of proven hosting and management services, Enzu wants companies to foc...
SYS-CON Events announced today the How to Create Angular 2 Clients for the Cloud Workshop, being held June 7, 2016, in conjunction with 18th Cloud Expo | @ThingsExpo, at the Javits Center in New York, NY. Angular 2 is a complete re-write of the popular framework AngularJS. Programming in Angular 2 is greatly simplified. Now it’s a component-based well-performing framework. The immersive one-day workshop led by Yakov Fain, a Java Champion and a co-founder of the IT consultancy Farata Systems and...
Customer experience has become a competitive differentiator for companies, and it’s imperative that brands seamlessly connect the customer journey across all platforms. With the continued explosion of IoT, join us for a look at how to build a winning digital foundation in the connected era – today and in the future. In his session at @ThingsExpo, Chris Nguyen, Group Product Marketing Manager at Adobe, will discuss how to successfully leverage mobile, rapidly deploy content, capture real-time d...
IoT generates lots of temporal data. But how do you unlock its value? How do you coordinate the diverse moving parts that must come together when developing your IoT product? What are the key challenges addressed by Data as a Service? How does cloud computing underlie and connect the notions of Digital and DevOps What is the impact of the API economy? What is the business imperative for Cognitive Computing? Get all these questions and hundreds more like them answered at the 18th Cloud Expo...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, will provide an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life ...
SYS-CON Events announced today that ContentMX, the marketing technology and services company with a singular mission to increase engagement and drive more conversations for enterprise, channel and SMB technology marketers, has been named “Sponsor & Exhibitor Lounge Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York City, New York. “CloudExpo is a great opportunity to start a conversation with new prospects, but what happens after the...
SYS-CON Events announced today that 24Notion has been named “Bronze Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. 24Notion is full-service global creative digital marketing, technology and lifestyle agency that combines strategic ideas with customized tactical execution. With a broad understand of the art of traditional marketing, new media, communications and social influence, 24Notion uniquely understands how to con...
The demand for organizations to expand their infrastructure to multiple IT environments like the cloud, on-premise, mobile, bring your own device (BYOD) and the Internet of Things (IoT) continues to grow. As this hybrid infrastructure increases, the challenge to monitor the security of these systems increases in volume and complexity. In his session at 18th Cloud Expo, Stephen Coty, Chief Security Evangelist at Alert Logic, will show how properly configured and managed security architecture can...