Thursday, April 15, 2010

Bejtlich on Visible Risk Podcast

My friend Rocky DeStefano from Visible Risk posted the video (streaming) and audio (.mp3, 124 MB) of a discussion he hosted on advanced persisten threat. Myself, Mike Cloppert, Rob Lee, and Shawn Carpenter discussed APT for about an hour on video and about an hour and a half on audio. Let Rocky know what you think as a comment here or via Twitter to @visiblerisk.

One comment -- slightly before the 24:00 mark, Rob made a remark about "what you and I respond to in the Air Force was laughable at this point, compared to what we're seeing today, actual intelligence being pulled back, potential nation state actors, potential organized crime, earning thousands or millions of dollars..." I disagree with part of that comment and agree with part of that comment. For the "disagree" part: Rob was stationed in the 609th, which was not the AFCERT. In the AFCERT we detected and responded to nation state activity of the caliber we see today. I don't know what the 609th dealt with. For the "agree" part: in 1998 it was much rarer to see organized crime operating at the level they do today. I didn't respond during the video because I didn't feel the need to interrupt any time I didn't fully agree with a speaker, and this exchange was mostly between Rob and Mike!

2 comments:

rocky said...

That was the "downside" to a live conversation like this. I caught that point as well, but considered more of a "majority of incidents" type comment.

Moving forward I'm taking advice from dozens of poeple on how to make it better next time. I'm starting with narrowing down the topcis and questions for upcoming show/podcast.

Similar topic - Did you see http://www.govinfosecurity.com/articles.php?art_id=2423 Specifically, Lt. Gen. Keith Alexander's remarks about he can only conceive of Cyberwar in the the broader context of a kinetic war. I'd like to dig a bit deeper on the context of the question and reported response on that topic. but it is interesting anyway you look at it.

Rob Lee said...

Richard, I was responding to both the 609th and the AFOSI. We met when I was in the AFOSI (98-01) as a TMT helping investigate National Level Intrusion events. I was referring to what many considered major "incidents" that really took up our time including "Solar Sunrise" and others. I stand by my statement that the incidents we investigated between 1996 and 2001, even the nation state ones, are not in the same category of complexity and scope compared to what we see today.