Reverse Deception: Organized Cyber Threat Counter-Exploitation

Book Description

In-depth counterintelligence tactics to fight cyber-espionage

"A comprehensive and unparalleled overview of the topic by experts in the field."--Slashdot

Expose, pursue, and prosecute the perpetrators of advanced persistent threats (APTs) using the tested security techniques and real-world case studies featured in this one-of-a-kind guide. Reverse Deception: Organized Cyber Threat Counter-Exploitation shows how to assess your network’s vulnerabilities, zero in on targets, and effectively block intruders. Discover how to set up digital traps, misdirect and divert attackers, configure honeypots, mitigate encrypted crimeware, and identify malicious software groups. The expert authors provide full coverage of legal and ethical issues, operational vetting, and security team management.

  • Establish the goals and scope of your reverse deception campaign
  • Identify, analyze, and block APTs
  • Engage and catch nefarious individuals and their organizations
  • Assemble cyber-profiles, incident analyses, and intelligence reports
  • Uncover, eliminate, and autopsy crimeware, trojans, and botnets
  • Work with intrusion detection, anti-virus, and digital forensics tools
  • Employ stealth honeynet, honeypot, and sandbox technologies
  • Communicate and collaborate with legal teams and law enforcement

Table of Contents

  1. Cover 
  2. Copyright
  3. About the Author
  4. Contents 
  5. Foreword
  6. Acknowledgments
  7. Introduction
  8. Chapter 1 State of the Advanced Cyber Threat
    1. Have You Heard About the APT?
    2. APT Defined
    3. What Makes a Threat Advanced and Persistent?
    4. Examples of Advanced and Persistent Threats
      1. Moonlight Maze
      2. Stakkato
      3. Titan Rain
      4. Stormworm
      5. GhostNet
      6. Byzantine Hades/Foothold/Candor/Raptor
      7. Operation Aurora
      8. Stuxnet
      9. Russian Business Network
      10. New Generation of Botnets and Operators
      11. Operation Payback
    5. Conclusion
  9. Chapter 2 What Is Deception?
    1. How Does Deception Fit in Countering Cyber Threats?
    2. Six Principles of Deception
      1. Focus
      2. Objective
      3. Centralized Planning and Control
      4. Security
      5. Timeliness
      6. Integration
    3. Traditional Deception
      1. Feints—Cowpens
      2. Demonstrations—Dorchester Heights
      3. Ruses—Operation Mincemeat (the Unlikely Story of Glyndwr Michael)
      4. Displays—A Big Hack Attack
    4. Why Use Deception?
      1. The First US Army Group Deception
      2. Russian Maskirovka
    5. Deception Maxims
      1. “Magruder’s Principle”—Exploitation of a COG’s Perception or Bias
      2. “Limitations to Human Information Processing”
      3. “Multiple Forms of Surprise”
      4. “Jones’ Dilemma”
      5. “Choice of Types of Deception”
      6. “Husbanding of Deception Assets”
      7. “Sequencing Rule”
      8. “Importance of Feedback”
      9. “Beware of Possible Unwanted Reactions”
      10. “Care in the Design of Planned Placement of Deceptive Material”
    6. Understanding the Information Picture
      1. Half-Empty Version
      2. Half-Full Version
      3. A Question of Bias
      4. Totally Full Version
      5. Step-Beyond Version
      6. Two-Steps-Beyond Version
    7. Conclusion
  10. Chapter 3 Cyber Counterintelligence
    1. Fundamental Competencies
    2. Applying Counterintelligence to the Cyber Realm
    3. Sizing Up Advanced and Persistent Threats
      1. Attack Origination Points
      2. Numbers Involved in the Attack
      3. Risk Tolerance
      4. Timeliness
      5. Skills and Methods
      6. Actions
      7. Objectives
      8. Resources
      9. Knowledge Source
    4. Conclusion
  11. Chapter 4 Profiling Fundamentals
    1. A Brief History of Traditional Criminal Profiling
    2. The Emergence of Cyber Profiling
    3. Acquiring an Understanding of the Special Population
    4. The Objectives of Profiling
    5. The Nature of Profiling
    6. Basic Types of Profiling
    7. Two Logical Approaches to Profiling: Inductive vs. Deductive
    8. Information Vectors for Profiling
      1. Time
      2. Geolocation
      3. Skill
      4. Motivation
      5. Weapons and Tactics
      6. Socially Meaningful Communications and Connections
    9. Conclusion
    10. References
  12. Chapter 5 Actionable Legal Knowledge for the Security Professional
    1. How to Work with a Lawyer
    2. What You Should Know About Legal Research
      1. Online Legal Resources
      2. Common Legal Terms
      3. The Role of Statutes in Our Legal System
      4. How to Find a Law
      5. Do Your Background Homework
    3. Reading the Law
    4. Communicating with Lawyers
    5. Ethics in Cyberspace
    6. Conclusion
  13. Chapter 6 Threat (Attacker) Tradecraft
    1. Threat Categories
      1. Targeted Attacks
      2. Opportunistic Attacks
      3. Opportunistic Turning Targeted
    2. Evolution of Vectors
    3. Meet the Team
    4. Criminal Tools and Techniques
      1. Tailored Valid Services
      2. Academic Research Abuse
      3. Circles of Trust
      4. Injection Vectors
    5. Conclusion
  14. Chapter 7 Operational Deception
    1. Deception Is Essential
    2. Tall Tale 1
      1. Postmortem
    3. Tall Tale 2
      1. Postmortem
    4. Tall Tale 3
      1. Postmortem
    5. Tall Tale 4
      1. Honeypot 1
      2. Postmortem
    6. Conclusion
  15. Chapter 8 Tools and Tactics
    1. Detection Technologies
    2. Host-Based Tools
      1. Antivirus Tools
      2. Digital Forensics
      3. Security Management Tools
    3. Network-Based Tools
      1. Firewalls
      2. Intrusion Detection/Prevention Systems
    4. Deception Technologies
      1. Honeywalls
      2. Honeynets as Part of Defense-in-Depth
      3. Research vs. Production Honeynets
      4. Honeynet Architectures
      5. Honeywall Accreditation
      6. Content Staging
      7. Content Filling
      8. Honeynet Training
      9. Honeynet Objectives
      10. Honeynet Risks and Issues
    5. Check Yourself Before You’re Wrecked
      1. What’s the Status of Your Physical Security?
      2. How Does Your Wireless Network Look?
      3. What’s Traveling on Your Network?
      4. What About Your Host/Server Security?
      5. How Are Your Passwords?
      6. How’s Your Operational Security?
    6. Crimeware/Analysis Detection Systems
      1. What Happened on Your Box?
      2. What Did That Malicious Software Do?
    7. Conclusion
  16. Chapter 9 Attack Characterization Techniques
    1. Postincident Characterization
    2. Another Tall Tale
      1. Discovery
      2. Malware
      3. Aftermath
    3. Real-World Tactics
      1. Engaging an Active Threat
      2. Traffic, Targets, and Taxonomy
      3. Aftermath
    4. Conclusion
  17. 10 Attack Attribution
    1. A Brief Note About Levels of Information Present in Objects
    2. Profiling Vectors
      1. Time
      2. Motivations
      3. Social Networks
      4. Skill Level
      5. Vector Summary
    3. Strategic Application of Profiling Techniques
    4. Example Study: The Changing Social Structure of the Hacking Community
    5. Micro- and Macro-Level Analyses
    6. The Rise of the Civilian Cyber Warrior
      1. The Balance of Power
      2. Potential Civilian Cyber Warrior Threats
    7. Conclusion
    8. References
  18. 11 The Value of APTs
    1. Espionage
    2. Costs of Cyber Espionage
    3. Value Network Analysis
    4. APTs and Value Networks
      1. The RSA Case
      2. The Operation Aurora Case
      3. APT Investments
    5. APTs and the Internet Value Chain
      1. It’s All Good(s)
      2. Bitcoin in the Future?
    6. Conclusion
  19. 12 When and When Not to Act
    1. Determining Threat Severity
      1. Application Vulnerability Scenario
      2. Targeted Attack Scenario
    2. What to Do When It Hits the Fan
      1. Block or Monitor?
      2. Isolating the Problem
      3. Distinguishing Threat Objectives
      4. Responding to Actionable Intelligence
    3. Cyber Threat Acquisition
      1. Distinguishing Between Threats
      2. Processing Collected Intelligence
      3. Determining Available Engagement Tactics
    4. Engaging the Threat
      1. Within Your Enterprise
      2. External to Your Enterprise
      3. Working with Law Enforcement
    5. To Hack or Not to Hack (Back)
      1. To What End?
      2. Understanding Lines (Not to Cross)
    6. Conclusion
  20. 13 Implementation and Validation
    1. Vetting Your Operations
      1. Vetting Deceptions
      2. Vetting Perceptual Consistency in a Deception
      3. Vetting Engagements
    2. Putting This Book to Use with Aid from Professionals
    3. How to Evaluate Success
    4. Getting to the End Game
    5. Conclusion
  21. Glossary
  22. Index

Product Information

  • Title: Reverse Deception: Organized Cyber Threat Counter-Exploitation
  • Author(s): Sean Bodmer, Dr. Max Kilger, Gregory Carpenter, Jade Jones
  • Release date: July 2012
  • Publisher(s): McGraw-Hill
  • ISBN: 9780071772501