Robert J. Hansen
rjh at sixdemonbag.org
Tue Apr 11 13:21:59 CEST 2017
> What if it's your business that's the target of tier 1 Western
> Intelligence actors who are interested in collecting intelligence on
> said target so as to bestow competitive advantage to your competitors
> for whatever the reason may be?
I'm going to give two answers here, one human-readable and one which
will require a fairly high level of technical knowledge.
You haven't heard me talk about intelligence agencies for a simple
reason: the capabilities of private sector groups match or exceed those
of nation-states. For instance, Google's been defending their networks
against sophisticated Chinese attacks for so long that it wouldn't
surprise me one bit if Google had an in-house team capable of playing
the game with anyone.
That said: effective defense is built upon knowledge. Knowledge informs
your threat model and helps guide your responses. Extremely serious
attackers will be single-mindedly obsessed with denying you this
knowledge. That's part of what makes defending against them so
difficult: if you don't know you're under attack, you're extremely
ill-equipped to defend.
I am not especially worried about so-called "advanced persistent
threats". When I hear someone say their IDS is going off hundreds of
times a day with IP addresses resolving to China, I yawn. That's not an
advanced threat. (Persistent, maybe. Not advanced.) An advanced
threat is one that doesn't set off the IDS, one you don't see coming,
one you don't get the opportunity to stage active measures against.
Now for the technically challenging stuff: Lockheed Martin wrote a
*fantastic* whitepaper on defending against advanced threats.
"Intelligence-Driven Computer Network Defense Informed by Analysis of
Adversary Campaigns and Intrusion Kill Chains". Read it.
My explicit assumptions for such a
> situation is that they don't want their target to know they are under
> surveillance and as result they aren't going to be knee-capping the
> target's employees to get their desired information. Business
> premises and data at rest and in transit is fair game as is the use of
> malware, root kits, warrantless wiretaps, etc.
> Perhaps the situation is that you're a Canadian jet engine
> manufacturer that has come up with a prototype for super efficient
> mach 2 capable engines for commercial aircraft :-D Of course you want
> to make sure that you and your engineers and other employees with
> access to sensitive data employ whatever measures you can to avoid a
> data compromise. :-D
> Obviously I'm trying to lighten the mood a little and still explore
> what the possibility is, if any, of protecting data from the prying
> eyes of tier 1 actors who might not think that what you have is
> important enough to kill or injure you for but that they would try
> very hard to get by employing other efforts. I'm not saying having a
> smart card reader and a pin pad here is going to be the magic amulet
> to protect your interests.
> <<Flame retardant suit on, fire away :-D >>
> Best Regards,
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
More information about the Gnupg-users