Presentation on theme: "Advance Persistent Threat Lessons from C.S. Lewis Marcus J. Carey."— Presentation transcript:
Advance Persistent Threat Lessons from C.S. Lewis Marcus J. Carey
Credibility C.S. Lewis - Secular guys with Kingdom business // similar like HackFormers Known in Security – but I came from nowhere Marlin, TX - Burn oil lamps for light Borrow water from the neighbors Went to school to get food - free lunch Became obsessed with money – blessed with intellect Join the Navy – R.A.F. Edzell – Cryptology career Scotland, spying on the Russians) HFDF – High Frequency Direction Finder - on U.S.S. Ingersoll – spying on Subs CSC – supporting NSA – at the defense cybercrime center – paid to imitate APTs – to break into cyberlabs Met Johnny Long there – learnt hacking stuff from Johnny
Whats crazy about Johnny Long – Johnnys office was like a hacking cathedral Johnny said He wants you! – God knows unspoken prayers You can be cool and be a believer – Johnny steps in CMS – security contractor Now Security Researcher at Rapid7 – work with Metasploit Team (Press releases)
Excelsior College – 135 credits cleped M.S in Network Security – Capitol College (did not hack my Masters degree) Motivation for life – Money, Money, Money – No different from drug dealers and porn stars
Screw Tape Letters by C.S. Lewis Focus of the family series APT – a concerted effort by high paid professionals to break in; cyber espionage About the book – Senior demon Screwtape – Nephew Wormwood (junior tempter) – Lowerarchy of hell – Mission: damnation of patient – APT – will not stop until they 0wn your org.
Most PTs get in and it is not that hard – Demons 0wn the heck out of us everyday and it is not that hard – Sin knocking on the door - Persists – Genesis 4:7 Lowerarchy world view – Morally Reversed World – //ar to the InfoSec perspective – APTs; Flame/StuxNet (end justifies the means; all is fair in love and war) – For the devil, it is all war (be it your birthday or not)
Wormwoods strategy Tempt with wicked and deplorable sins – Hacktivist (lulzsec/anonymous) awesome hacks and brag about it) They did not encrypt their database May die during the War – 0 day, take down – Cyberwar strategy According to Screwtape is wrong
Screwtapes strategy Safest path to hell is gradual one – Exploit him first – Need not murder; let him just hate (little bitty things) Corrupt – Dont do ; DROP TABLE BOBBY_TABLES – Just do ; INSERT and UPDATE When you are confused and befuddled – you wont know what to defend – APTs: steal slow and low; go undetected – Devil wants us to be wishy washy – no little sins, all lead to eventual doom
High profile virus take advantage of old exploits; Patch mgmt. Patch mgmt > (incident mgmt.) – Repent; Sin -> Repent – Sin > Repent Root cause > eliminate it (Problem mgmt) People/Orgs recover even if the enemy is successful – Sony breach No org. is perfect. No human is. Even a murderer has forgiveness
Letter VI Lulzsec etc want you to be scared Devil – our business to keep them thinking about what will happen to them; God wants them to be concerned with what they need to do.
Letter XXII Iron sharpens Iron Info sharing in security industry – Govt. and Pvt. Security (Security community have to work together)
C.S. Lewis had to put himself in the mind of a demon – Excellent personal life security policy To deal with APTs we need to think like an attacker – You will end up with a good security policy
All sinners (Romans 3:23) No org is perfect. All orgs is going to be breached if not already
Energizer Born without a battery Fill the void – Money (needs rechargeable) – Kevin Luke – Power of God in us