U.S. superiority in network-centric warfighting may be in jeopardy. Join the discussion.

Network-centric Warfare has become the de facto standard for many nations, not just the U.S. Unfortunately, thanks to the exponential growth of global networks and the accompanying security vulnerabilities which seem to be infinite in number, the balance of power is no longer what it used to be and the U.S. cannot be assured of superiority in cyberspace.

Therefore, I think it's time that we had an indepth discussion on exactly how the InfoSec community can play a part in improving U.S. capabilities in Network-centric warfighting and/or U.S. covert actions rather than leaving such discussions solely to the classified world or one dominated by the Defense Industrial Base companies. As a result, I've invited 24 distinguished authorities from the DOD and the infosec world to come to San Diego and spend two days engaging in a discussion that will include the following topics, among others:

• "Operational Anonymity & Misattribution: Why you need it, how they track you, how to do it, how it fails, and best practices" - Lance Cottrell
• "Developing Offensive Cyber Tools, Techniques, and Procedures for Defending Corporate and Government Networks" - George Kurtz, Greg Hoglund, Jim Butterworth
• "Is there a place on Special Operations teams for Cyber or Information Warfare specialists?" - Thomas Dzieran, Rob DuBois, Jim Butterworth
• "Vulnerability Disclosure and ‘Cyberwar’: The Cost of Offensive Cyber Weapons" - Ryan Ellis
• Q&A with Kenneth Geers, Ph.D., Technical expert for the Tallinn Manual on the International Law applicable to Cyber Warfare
• "The Georgian Government’s cyber operation against internal political opponents" - Paul Joyal
• "The importance of international collaboration in identifying and interdicting non-state hacker groups" - Sanjay Virmani, Kenneth Geers, Michael Jaeger, Christopher Burgess
• "Projecting Geopolitically Relevant Cyber Hot-Spots" - Ali-Reza Anghaie
• "Threat Intelligence for the Enterprise on a Shoe-string Budget" - Shane MacDougall
• "Can big data and small incident response teams scale down to small and medium-sized businesses?" Steven Cobb
• "Advanced Technologies for Detecting the Insider Threat" - John Sipple
• "The State of National Cyber Intelligence" - Troy Townsend and Jay McAllister
• "All-Source Intelligence Shapes the Future of Security Operations Actions" - (to be announced)

I want to stress that while Suits and Spooks is a conference, it's not like any conference that you've attended before. We actually do have discussions because the speaker to attendee ratio is an unheard-of 1:4 or less. If you don't believe me, check out our testimonials page or ask anyone who's been to our past events.

Here's who you'll get to meet if you attend SNS La Jolla:

• Ali-Reza Anghaie: contract Security Engineer and Senior Analyst with Wikistrat
• David Burcham: President and CEO, VendorX
• Christopher Burgess: Sr. Security Consultant with Fortune 50 experience; retired national intelligence executive CIA
• Stephen Cobb: Security evangelist, ESET North America
• Chris Coleman: Vice President, LookingGlass Cyber Solutions
• Lance Cottrell: Founder / Chief Scientist of Anonymizer Inc., Chief Scientist of Ntrepid Corp.
• Robert DuBois: retired U.S. Navy SEAL, an international authority on Smart Power and the author of "Powerful Peace: A Navy SEAL's lessons on peace from a lifetime at war"
• Thomas Dzieran: retired U.S. Navy SEAL and software engineer
• Kenneth Geers, Ph.D.: U.S. Naval Criminal Investigative Service (NCIS) Cyber Subject Matter Expert
• Will Gragido: Senior Manager, RSA FirstWatch Threat Research
• Greg Hogland: Independent expert in offensive cyber strategies and tactics; former Vice President at Mantech and founder/CEO of HB Gary.
• Michael J. Jaeger (CAPT, USN): An active duty officer with the U.S. Navy Judge Advocate General's Corps
• Paul Joyal: Managing Director, NSI; Public Safety and Homeland Security Sector
• George Kurtz: Co-founder, President and CEO of Crowdstrike
• Rafal Los: Principal, Strategic Security Services, HP ESS
• Shane MacDougall: Co-founder Tactical Intelligence
• Jay McAllister: Senior Analyst, Software Engineering Institute, Carnegie Mellon University; formerly with NCIS
• Jeffrey McNeill, Ph.D.: Cyberspace Policy Analyst, STRATCOM
• John Pirc: Director, Security Intelligence, HP Security Research
• Billy Rios: Technical Director at Cylance, Inc.
• Andy Singer (USN RADM ret): Defense Intelligence Senior Leader; Deputy Director for Information Dominance Advocacy (OPNAV N2/N6)
• John Sipple: USN LT, AFRICOM J2 0166, IDC Region Wash DC
• Troy Townsend: Senior Analyst, Software Engineering Institute, Carnegie Mellon University; formerly with DIA and CYBERCOM
• Sanjay Virmani: Director, INTERPOL Digital Crime Centre; Supervisory Special Agent, FBI

Please help spread the word about this exciting and important event and join us in beautiful La Jolla on June 15-16. Register today.

Add to Cart View detail

Debate: "Private Companies Should Be Authorized To Take Measured Offensive Action Against Attackers"

On Feb. 8-9, 2013, up to 100 people including some of the world's leading experts in law, incident response, reverse-engineering and intelligence will meet in Washington DC to debate the topic: "Private Companies should be Authorized to take Measured Offensive Actions against Attackers". The list of speakers includes CrowdStrike's Dmitri Alperovich, Mandiant's Richard Bejtlich, Microsoft's Dave Aucsmith, Dambala Labs' Gunter Ollmann, CrySys Labs' Boldi Bencsath, ReVuln's Donato Ferrante, INTERPOL's new Digital Crime Center's director, the ITU's Marco Obiso, The Grugq, The Jester, and many more.

The Agenda of Suits and Spooks DC will feature the most intriguing panel discussions every held on the highly controversial issue of "striking back" at those responsible for cyber attacks as well as how offensive markets for malware are changing the world of vulnerability exploits. The second day will include breakout sessions as well as an afternoon debate between two teams consisting of 12 volunteers from our attendees along with time for research and strategizing over a working lunch.

Friday, February 8, 2013 - Waterview Conference Center

9:00am - Registration and Continental Breakfast

9:45am - Welcome and Briefing on the Day's Activities

10:00am - 12:00pm: Panel Discussion - Offensive Tactics and Takedowns by Security Vendors

Featuring Mr. Dmitri Alperovich (CTO and Co-Founder, Crowdstrike), Mr. Richard Bejtlich (CSO, Mandiant), Mr. David Aucsmith (Sr. Director, Microsoft Institute of Advanced Technologies for Governments), and Mr. Nick Selby (Police Officer, DFW Area Department of Public Safety; Partner, Enterprise Security at N4Struct, Inc.).

12:00pm - 1:00pm: How Duqu, Flame, Gauss, and Shamoon can be reconfigured and reused against different victims

Featuring Dr. Boldizsár “Boldi” Bencsáth (Associate Professor, Laboratory of Cryptography and Systems Security (CrySyS), Department of Telecommunications, Budapest University of Technology and Economics)

1:00pm - 1:45pm LUNCH (provided on-site)

1:45pm - 3:45pm: Panel Discussion - Finding Exploitable Loopholes in the Computer Fraud and Abuse Act and International Law for Offensive Actions in Cyberspace

Featuring Dr. Catherine Lotrionte (Director of the Institute for Law, Science + Global Security, Georgetown University),  Mr. Stewart A. Baker (Partner, Steptoe & Johnson), Mr. Frank J. Cilluffo, Director, Homeland Security Policy Institute at George Washington University, and Mr. Marco Obiso (Cybersecurity Coordinator, International Telecommunications Union (ITU)

3:45pm - 4:00pm BREAK

4:00pm-6:00pm: Panel Discussion - Offensive Markets for Vulnerability Research - Pros and Cons

Featuring Mr. Donato Ferrante (Co-Founder and Security Researcher, ReVuln), The Grugq (a security engineer who specializes in reverse-engineering and anti-forensics), Mr. Gunter Ollmann (Chief Technology Officer, Damballa Labs)

Saturday, February 9, 2013 - Waterview Conference Center

9:00am Continental Breakfast

9:30am Welcome and Briefing on the Day's Activities

9:45am - 10:45am (Classroom A): Calculating The Adversary's Return-On-Investment and How That Can Inform Defense

Featuring Mr. Josh Corman (Director of Security Intelligence, Akamai)  and Mr. David Etue (Vice President, Corporate Development Strategy at SafeNet)

9:45am - 10:45am: (Classroom B): (topic to be announced)

Featuring Mr. Spencer Wilcox (Lead Security Strategist and Special Assistant to the Vice President of Corporate and Information Security Services for Exelon Corporation)

9:45am - 10:45am: (Classroom C): Q&A with The Jester via IRC "Is Offense The Best Defense, and Who Should Conduct It?"

This will be a moderated discussion with The Jester via IRC chat. Attendees will be able to pass their questions to the moderator and The Jester will respond in real-time.

 10:45am - 12:45pm: What's the Downside of Private Sector Offensive Engagement?

Featuring Dr. Anup Ghosh (Founder and CEO at Invincea), Mr. Jeffrey Carr (Founder and CEO, Taia Global, Inc.), Mr. Gunter Ollmann (Chief Technology Officer, Damballa Labs), and Mr. Josh Corman (Director of Security Intelligence, Akamai)

12:45pm-2:00pm: Working Lunch

12 attendees will volunteer to debate the proposition (6 per team). The working lunch will be spent dividing into teams and assisting the debaters in preparing research and debate strategies.

2:00pm - 3:30pm: Debate the Proposition "Private Companies Should be Authorized to Take Measured Offensive Actions Against Attackers"

The debate will be judged by a panel of 5 of our speakers

3:30pm - Closing Remarks

The Waterview Conference Center is one of Washington D.C.'s most beautiful and exclusive facilities but it has a capacity of only 100 people so don't miss out. Register today and be a part of one of 2013's most important events.

We are also still looking for companies to join Basis Technology in sponsoring this important event. Please contact me for more information.

Add to Cart View detail

Where's the "Strike" in CrowdStrike?

I've had mixed feelings about CrowdStrike from the moment that it launched in stealth status last February. On the one hand, I'm a big fan of how Shawn Henry (President of CrowdStrike Services) helped move the FBI from a terribly incompetent position vis a vis cyber investigations (circa 2005-06) to one of the world's premiere cyber investigative bodies in just a few short years. On the other hand, I detest McAfee and I've openly ridiculed their so-called "reports" on more than one occasion. As an Israeli friend of mine put it, Anti-Virus companies aren't security companies. And I might add, they aren't intelligence organizations either. The one thing that McAfee does have are rich executives, including CrowdStrike co-founders Gregg Marston, Dmitri Alperovich, and George Kurtz who arranged CrowdStrike's $26 million Series A funding from Warburg Pincus where Kurtz was an Executive-in-Residence after McAfee was acquired by Intel for $7.86 Billion in cash.

A LinkedIn search shows that the company has been attracting/recruiting lots of talent but so far they haven't announced much in the way of a product line. They did launch an open source reverse-engineering portal called CrowdRE which lets anyone play with a highly regarded Disassembler called IDAPro in a cloud-based server. The benefit to CrowdStrike is that in exchange for providing the portal, it can quickly grow a database of reverse-engineered malware that it can utilize on behalf of its paying customers.

The question that I and others have been asking since last February's launch has to do with the "offensive" hook that CrowdStrike advertises via its tag line "You don't have a malware problem. You have an adversary problem"(tm). The company website claims to offer "Enterprise Adversary Assessment" where "we identify the adversary and find out what they're after." And how do they do that? Back to the website: "Through hunting operations, including host-based detection, threat-specific network analysis, and victim threat profiling".

In case you have any doubt as to who the adversary is, their cool t-shirt makes it pretty clear:

Gee, what a surprise. CrowdStrike has determined that the adversary is China. And that's a continuation of the piss-poor intelligence that Dmitri Alperovich published while at McAfee: Operation Shady Rat (China), Operation Aurora (China) and Operation Night Dragon (China). There's over 30 nation states developing computer network attack, defense, and exploitation capabilities and at least a dozen that are highly proficient and actively conducting cyber espionage yet somehow McAfee's "intelligence analysts" only see China. Not Israel, Russia, Taiwan, France, Germany, or South Korea - just the PRC. In a video interview, CrowdStrike's Director of Intelligence Adam Meyers talks about identifying adversaries via toolmarks and the usual TTPs that every so-called cyber intelligence firm narrowly focuses their attention on but that's not analysis (See Michael Tanji's recent article on the subject "Malware Analysis: The Danger of Connecting The Dots"). In the intelligence community, that's a cognitive trap known as target fixation. If after looking at all of the technical parameters, the only nation state that you see is China, you need to find another job because you suck as an intelligence analyst.

Getting back to CrowdStrike's "offensive" marketing theme, in Shawn Henry's keynote at BlackHat last summer, he made it clear that CrowdStrike wasn't advocating hacking back; that such activities were still illegal. CrowdStrike's latest high profile FBI hire Steven Chabinsky has also made it clear that the laws currently don't support even something as mild as a company encrypting its own data found on a foreign server. So what's the point in promoting a "take the fight to the adversary" approach when it's impossible to do in the current legal climate?

The bottom line is that, in my opinion, CrowdStrike cannot currently deliver anything unique in the infosec space that Mandiant and other companies aren't already doing unless it significantly improves its sources and methods regarding identifying adversary state and non-state actors and pushes the envelope on active defense. It's not enough to have a cool t-shirt that says "Change the Game". They literally have to do it.

Add to Cart View detail