TaoSecurity Blog

I'd like to make a quick note on strategy, after reading  After high-profile hacks, many companies still nonchalant about cybersecurity in the Christian Science Monitor today. The article says: In a survey commissioned by defense contractor Raytheon of 1,006 chief information officers, chief information security officers, and other technology executives, 78 percent said their boards had not been briefed even once on their organization’s cybersecurity strategy over the past 12 months... The findings are similar to those reported by PricewaterhouseCoopers in its Global State of Information Security Survey last year in which fewer that 42 percent of respondents said their board actively participates in overall security strategy . Does this worry you? Do you want to introduce strategic thinking into your board discussion? If the answer is yes, consider these resources. 1. Check out my earlier blog posts on strategy , especially the first two articles. 2. Wa...

I am not a fan of the way many media sources cite "statistics" on digital security incidents. I've noted before that any "statistic" using the terms "millions" or "billions" to describe "attacks" is probably worthless. This week, two articles on security incidents caught my attention. First, I'd like to discuss the story at left, published 17 February in The Japan Times, titled  Cyberattacks detected in Japan doubled to 25.7 billion in 2014 . It included the following: The number of computer attacks on government and other organizations detected in Japan doubled in 2014 from the previous year to a record 25.66 billion , a government agency said Tuesday. The National Institute of Information and Communications Technology used around 240,000 sensors to detect cyberattacks... Among countries to which perpetrators’ Internet Protocol addresses were traced, China accounted for the largest share at 40 percent, while South K...

Butler's Interception (left) Made Brady's Touchdowns (right) Count In Kara Swisher's interview on cyber security with President Obama , he makes the following comment: "As I mentioned in the CEO roundtable, a comment that was made by one of my national security team — this is more like basketball than football in the sense that there’s no clear line between offense and defense. Things are going back and forth all the time,” he said. I understand why someone on the President's national security team would use a basketball analogy; we all know the President is a big hoops fan. In this post I will take exception with the President's view, although I am glad he is involved in this topic. The following are five reasons why digital security is like American football, not basketball. 1. Different groups of athletes play offense, defense, and special teams in football. It is rare to see a single player appear on more than one squad. (It does happen, though....

Source: The Economist, 31 Jan 2015 TaoSecurity Blog readers know I am a fan of Edward Tufte . When I see a diagram that I believe captures the tenets of his philosophy of presenting information, I try to share it with readers. Two weeks ago in its 31 January 2015 edition, The Economist newspaper published Saudi Arabia: Keeping It in the Family . The article discussed the ascension of King Salman to the Saudi crown. The author emphasized the advanced age of Saudi kings since the founding of the monarchy in 1932. To make the point graphically, the article included the graphic at left. It captured the start and end of the reigns of the monarchs, their ages at the beginning and end of their reigns, and the median age of the population. Readers are able to quickly compare the duration of each monarch's reign, the monarch's ages, and the trend toward older monarchs. Readers can see the traditional widening gap in ages of rulers compared to the population, as well as the r...

Thief Retrieves Cash, from Bloomberg Businessweek The February 2nd issue of Bloomberg Businessweek featured a story titled Boom: Inside a British Bank-Bombing Spree . The article describes how "five men, dressed all in black" used "crowbars, power tools, coils of flexible tubing, and two large tanks of explosive gas" to blow apart ATMs in the UK, then retrieve cash inside. The story opens by describing a raid that netted "almost £250,000, or about $375,000" and was the group’s biggest score in a single night yet. Their MO, using cheap, common, and legal gas, was nearly impossible to trace, and they left precious little forensic evidence for the police. To stop the rampage, there was little Britain’s banks could do. What is the history of this sort of attack? The article states: Bank security experts think the first ATM gas attack may have been in Italy in 2001. Early statistics are shaky, but by 2005 there were almost 200 across the continent...

Last week the Christian Science Monitor published a story titled  How North Korea built up a cadre of code warriors prepared for cyberwar . It contained the following section: North Korea is faced with tremendous limitations. All of its Internet connections go through servers in China, for example. But it soon may find other ways to connect to the outside world. North Korean leader Kim Jong-Un is expected to meet with Russian President Vladimir Putin later this year in a bid to, among other things, begin running networks through Russia, too. This caught my attention. Years ago I bought a giant map of Asia for my office at Mandiant. I was fascinated by the small part of the world where Russia and North Korea share a border, shown below. If you zoom into that area, you see the following. China, Russia, and North Korea share a common border near the Russian town of Khasan . From that location, Russia and North Korea share a border dividing the Tumen River, approximately...

If you've read TaoSecurity Blog for a while, you remember me being a fan of companies like Renesys (now part of Dyn Research ) and BGPmon . These organizations monitor Internet-wide routing by scrutinizing BGP announcements, plus other techniques. (I first posted on the topic almost 12 years ago.) I am well aware that an organization, from its own Internet viewpoint , cannot be absolutely sure that the other end of a conversation truly represents the IP address that it seems to be. The counterparty may be suffering a BPG hijack. An attacker may have temporarily positioned itself in BGP routing tables such that the legitimate IP address owner is not the preferred route. There have been many examples of this, and on Thursday Dyn Research posted a great new blog titled The Vast World of Fraudulent Routing that describes six recent examples. A Tweet by Space Rogue about Dyn's post caught my attention. He said: You really want to tell me that an IP Address is enough fo...