![]() Fortunately, the FBI got involved and convinced his boss to keep the investigation open for a little while longer. Cliff fails to convince him otherwise and begins a plan to change the password for all 1200 users in the network. They discovered an account that appears to be compromised and are going to start monitoring it for the next time the attacker comes back.Ĭliff’s boss comes in and tells him that it is time to end the investigation. Meanwhile, the Bundespost gets back in touch and shares that the source of the call is a VAX computer at the University of Bremen. This includes the Ballistic Research Laboratory and TRW, a company developing US keyhole spy satellites. Search for an IP and Domain on Alienvault OTX and see if you can find related malicious infrastructure.Ĭliff discovers additional victims of the attackers. Find one of the file hashes from and search for it on VirusTotal.Read a few of the blog posts and explore the available information. Sign up for an Alienvault OTX account and familiarize yourself with the interface.Diamond Model meets Star Wars from ThreatConnect:.The Original Diamond Model of Intrusion Analysis Paper:.I also discussed the Diamond Model as a method of assimilating and characterizing collected information to form a clear picture of events that have transpired. I discussed sources of OSINT and demonstrated pivoting based on indicators from a real investigation. The power of collective intelligence is vast and is something many security practitioners rely on when conducting investigations. Open Source Intelligence and the Diamond ModelĬliff’s examination of Usenet threads related to the breach he was investigating is an example of open source intelligence (OSINT) investigation. It turns out these same usernames were observed during a Stanford breach. They went by the aliases Hagbard and Pengo. Bob tells Cliff that attackers from the German Chaos Computer Club broke into his network through CERN, and they had also been in the Fermilab computers as well. He comes into contact with Bob at the University of Toronto. Can you identify biases in each other?Ĭliff spends time searching Usenet for news about hackers that might be related. Pair up with a friend and review the list of biases.Can you think of a time you’ve been subject to that bias? Review the list of cognitive biases and research one of them.Look through the last few things you’ve written. Review the words of estimative probability.I also discussed the importance of using measuring language of estimative probability and the class went through an exercise to practice. I listed and described a few of the more common biases that persist in security. In relation to this, I spent time discussing cognitive bias and how it can affect the interpretation and acquisition of facts. We have to inject opinions sometimes to fill in where evidence doesn’t exist, but it should be done sparingly and only when necessary. After all, a conclusion without supporting evidence is an opinion. This is something we should strive for in information security. The statement from the CIA’s Greg Fennel is interesting and valuable because it elicits a neutral evidence-based response. Don’t embellish, don’t interpret.” Cognitive Bias and Estimative Probability He reaches Greg Fennel at the CIA who tells him “Just tell me what happened. Ĭliff makes his calls to let his stakeholders know what is going on. The attacker also continues to search for specific terms on milnet. This is probably to introduce password stealing functionality, so Cliff halts this by physically introducing noise on the line and messing up the transfers. He tries to copy the telnet and rlogin programs back to his computer. ![]() Sventek comes back again, this time through another link traced back to Germany. Now an expert in computer security, Stoll has spoken to many government agencies, universities and other organizations on the subject.Session Recording: (Available 1/12-1/19) Between yo-yo tricks and sharing a favorite cookie recipe, he tells his experience of giving congressional testimony and of working with federal agents to track the spy. Stoll’s animated personality adds to the discussion of his background and views on computer crime. military networks to the Soviet Union before being caught and eventually indicted. In, Stoll details the story involving Markus Hess, who sold the stolen information from U.S. T19:59:43-05:00 Clifford Stoll enthusiastically discussed his discovery and tracking of a West German computer spy who “broke” into his institution’s computer network to access other networks throughout the U.S.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |