Friday Security Highlights: Black Hat, DefCon and Operation Shady RAT

As several of our contributors mentioned in our July #SecChat, the only way to learn is to stay current on the latest trends in cyber security. In honor of those suggestions, this week we are introducing a new segment: Friday Security Highlights. Each Friday, we’ll be wrapping up some of the week’s most talked, tweeted and blogged-about cyber security news and events.

This week’s post begins with a recap from the Black Hat cyber security conference, which kicked off last Wednesday with a patriotic call to action.

“My world of terrorism has gone,” said Cofer Black, reaching out to the thousands of infosec leaders in the audience before him. “Now it’s your turn.”

Black, chief of the CIA’s counterterrorism group during 9/11, raised concerns during his Black Hat keynote about what he called an impending “Code War”. He pointed to Stuxnet, the cyberweapon discovered in July 2010 designed to sabotage the uranium enrichment infrastructure in Iran, and its unique ability to impact real-world infrastructure. Since its discovery, the traditional top three terrorist threats – chemical, bacteriological, radiological – have shifted to KBC: kinetic, bacteriological and cyber.

“I am here to tell you, and you can quote me on this: The Stuxnet attack is the Rubicon of our future,” he said. “Your world, which people thought was college pranks cubed and squared, has now morphed into physical destruction. This is huge.”

Black’s words carried particular weight, as they came the same day that McAfee published a detailed report that uncovered Operation Shady RAT: a hacking group that penetrated 72 companies and organizations in 14 countries, a massive operation that stole national secrets, business plans and other sensitive information. And, like Stuxnet, it appears to be the work of a state actor.

Dmitri Alperovitch, Vice President of Threat Research at McAfee, stated that the goal of making these attacks public was to raise awareness about the scale and impact of cyberespionage, helping people to realize that these sophisticated penetrations are not just a concern for government agencies or defense contractors.

Similarly, Cofer Black discussed the United States’ counterterrorism strategy with an eye towards raising awareness, and for good reason. The former US ambassador for counter-terror was credited with warning the Bush administration about an al Qaeda terrorist attack in August 2001. As he told his audience, while the threat was real, there was a delayed validation from world leaders who lacked the experience and understanding to prepare for such attacks.

“They didn’t understand it. They had no personal experience with it,” he said. “The decision-makers of today are in the same boat [with cyberattacks]. They hear it, but they don’t understand it.”

With this gap in intelligence between threat researchers and decision makers, collaborative, educational events like Black Hat have risen to critical importance across all industries. And as if in fulfillment of this need, a second cyber security conference descended upon Las Vegas last week: Defcon. Dubbed “The event that scares hackers”, Defcon is perhaps the best place on earth to get a healthy dose of security awareness. (An e-mail sent to attendees before the conference advised: “Do not use the ATM machines anywhere near the conference” – most will have already been hacked.)

Considered side by side, the conferences appear to represent two polar opposites of security culture. The difference is literally palpable; as Black Hat attendees button up their collars and iron their slacks, the typical hacker or cracker at Defcon is throwing on a wrinkled black t-shirt, accented tastefully by a head of neon purple hair.

Even Dave Marcus, Director of Security Research at McAfee Labs, couldn’t help but join in on the Defcon fun:

Yet, despite their differences, all of these events, Black Hat, Defcon, and the revelation of Operation Shady RAT, were undertaken for a singular purpose: to promote awareness and unity of action by exposing existing vulnerabilities.

“This is a problem of massive scale that affects nearly every industry and sector of the economies of numerous countries,” Alperovitch concluded in his blog post detailing the RAT. “The only organizations that are exempt from this threat are those that don’t have anything valuable or interesting worth stealing.”

Stay tuned for another wrap up next Friday, and feel free to tweet @IntelSec_Biz with blog posts, tweets, or other insightful commentary for us to include in the next summary.

Leave a Comment

15 − 2 =