Corman Anonymous Csa Chicago 20120712

Akamai Confidential ©2011 Akamai Powering a Better Internet

RISE OF THE CHAOTIC ACTOR:

ADAPTING TO THE AGE OF ANONYMOUS

Joshua Corman CSA Chicago Chapter Meeting

Director of Security Intelligence July 11th, 2012


• Director of Security Intelligence for Akamai Technologies

• Former Research Director, Enterprise Security [The 451 Group]

• Former Principal Security Strategist [IBM ISS]

• Industry:

• Expert Faculty: The Institute for Applied Network Security (IANS)

• 2009 NetworkWorld Top 10 Tech People to Know

• Co-Founder of “Rugged Software” www.ruggedsoftware.org

• BLOG: www.cognitivedissidents.com

• Things I’ve been researching:

• Compliance vs Security

• Disruptive Security for Disruptive Innovations

• Chaotic Actors

• Espionage

• Security Metrics

About Joshua Corman @joshcorman

http://www.networkworld.com/supp/2009/outlook/010509-tech-people-to-know.html

http://www.ruggedsoftware.org

http://www.cognitivedissidents.com


Consequences: Value & Replaceability

http://blog.cognitivedissidents.com/2011/10/24/a-replaceability-continuum/









Adaptive Persistent Adversaries


6



RSA 2011 PechaKucha Happy Hour http://www.youtube.com/watch?v=JQEBYxp_vKs

20 Slides x 20 Seconds (6 min 40 sec)

Joshua Corman

@joshcorman

Research Director

Enterprise Security

http://www.youtube.com/watch?v=JQEBYxp_vKs

http://www.youtube.com/watch?v=JQEBYxp_vKs


Understanding Anonymous: The Rise of the Chaotic Actor

Director of Security

Intelligence

Akamai Technologies

2011 FlashTalks powered by PechaKucha

Joshua Corman

@joshcorman


10


11


Paradox Slide/Deliberate Disinformation


http://www.csoonline.com/article/682511/the-rise-of-the-chaotic-actor-understanding-anonymous-and-ourselves


14

Some men just want to see the world burn…


Lots & Lots of Anonymous Sects

15


Your Headline Here (in Title Caps)

16


You Choose Your Own Level of Involvement

17


Anonymous* Unmasked? [*Alleged]



19



20


Escalation?

21


Anomalous Anonymous?

22


False Flags: Adaptive Persistent Adversaries

“Anonymous is God’s gift to the Chinese” – CISO


Cyber-Neo-McCarthyism

I am not now…

…nor have I

ever been…

…a member of

Anonymous.


Building a Better Anonymous…

25


Building a Better Anonymous…

26


The easy answers

27

Suggested Background


28

Joshua Corman @joshcorman

http://blog.cognitivedissidents.com/2011/12/20/building-a-better-anonymous-series-part-0/















PANEL: Whoever Fights Monsters…








1914


With Great Power?

"When you don't have centralized

leadership, it doesn't matter what

most will do, it matters what one

of them will do," Corman said.


Control and Chaos ”World War 3.0” by Michael Joseph Gross

Vanity Fair - May 2012


Does not one cause the other? ”World War 3.0” by Michael Joseph Gross

Vanity Fair - May 2012

“It’s a Trap” on shirt.woot.com




Crossroads



Chaotic Good

Legislation Watchdog

Chaotic Good

Free

Speech

Chaotic Good

Moral

Outrage

Anonymous Identity/Meme “General Population”

MalSec?

Chaotic Good? or

Evil?

Leave

LulzSec

Chaotic Evil


“If you believe something…”



Finger on the Pulse


Back to Anonymous 2020


The Future of Anonymous




A Modern Pantheon of Adversary Classes

Targets

Credit Card #s Web Properties Intellectual

Property PII / Identity

Cyber Infrastructure

Core Business Processes

Impacts

Reputational Personal Confidentiality Integrity Availability

Motivations

Financial Industrial Military Ideological Political Prestige

Actors

States Competitors Organized

Crime Script

Kiddies Terrorists Hacktivists Insiders Auditors


Skiddie

Prestige/Profit

Confidentially, Reputation

CCN/Fungible

Script Kiddies


Organized Crime

Profit


CCN/Fungible

Organized Crime


Espionage: Adaptive Persistent Adversaries

State/Espionage

Industrial/Military


Intellectual Property Trade Secrets Infrastructure


Chaotic Hactivist

Ideological and/or LULZ

Availability

Reputation Personal

Web Properties Personal/Family

Exposure

Hactivists Chaotic Actors


Auditor QSA

Profit

Distraction Fines

Credit Card #s

Auditors


Compare and Contrast Threat Actors

QSA Casual

Attacker Chaotic Actor Org Crime

State APT/APA

Asset Focus CCNs CCNs…

Reputation, Dirty Laundry DDoS/Availabi

lity

CCNs Banking

Fungible $

IP, Trade Secrets, National

Security Data

Timeframe Annual Anytime Flash Mobs Continuous Long Cons

Target Stickiness

NA LOW HIGH LOW HIGH

Probability 100% MED ? HIGH ?

“Impact” Annual $ 1 and done Relentless Varies Varies


Attacker Power - HD Moore’s Law

Moore’s Law: Compute power doubles every 18 months

HDMoore’s Law: Casual Attacker Strength grows at the rate of MetaSploit


HDMoore’s Law

APT/APA

Organized Crime

Anon/Lulz

Casual

QSA

100

90

80

70

60

50

40

30

20

10

x

Su

cce

ss R

ate

(%

)

Defender “SecureOns” 1 2 3 4 5 6 7 8 9 10 11 12

Espionage

Organized Crime

Chaotic Actors

Casual Attacker

Auditor/Assessor

Adversary Classes

http://blog.cognitivedissidents.com/2011/11/01/intro-to-hdmoores-law/










APT/APA

Organized Crime

Anon/Lulz

Casual

QSA

100

90

80

70

60

50

40

30

20

10

x

Su

cce

ss R

ate

(%

)

Defender “SecureOns”

HDMoore’s Law

1 2 3 4 5 6 7 8 9 10 11 12

Espionage

Organized Crime

Chaotic Actors

Casual Attacker

Auditor/Assessor

Adversary Classes


HDMoore’s Law (continued)










APT/APA

Organized Crime

Anon/Lulz

Casual

QSA

100

90

80

70

60

50

40

30

20

10

x

Su

cce

ss R

ate

(%

)


HDMoore’s Law

1 2 3 4 5 6 7 8 9 10 11 12

Espionage

Organized Crime

Chaotic Actors

Casual Attacker

Auditor/Assessor

Adversary Classes












APT/APA

Organized Crime

Anon/Lulz

Casual

QSA

100

90

80

70

60

50

40

30

20

10

x

Su

cce

ss R

ate

(%

)


HDMoore’s Law

1 2 3 4 5 6 7 8 9 10 11 12

Espionage

Organized Crime

Chaotic Actors

Casual Attacker

Auditor/Assessor

Adversary Classes












APT/APA

Organized Crime

Anon/Lulz

Casual

QSA

100

90

80

70

60

50

40

30

20

10

x

Su

cce

ss R

ate

(%

)


HDMoore’s Law

1 2 3 4 5 6 7 8 9 10 11 12

Espionage

Organized Crime

Chaotic Actors

Casual Attacker

Auditor/Assessor

Adversary Classes












APT/APA

Organized Crime

Anon/Lulz

Casual

QSA

100

90

80

70

60

50

40

30

20

10

x

Su

cce

ss R

ate

(%

)


HDMoore’s Law

1 2 3 4 5 6 7 8 9 10 11 12

Espionage

Organized Crime

Chaotic Actors

Casual Attacker

Auditor/Assessor

Adversary Classes












2011: Attacks Density (4Realz DBIR Style)

“Only 55 of the 630 possible events have a value greater than 0…90% of the threat space was not in play at all”


2012: Attacks Density (4Realz DBIR Style)

“Only 22 of the 315 possible events have a value greater than 0…93.1% of the threat space was not in play at all”


It’s all about Zombies


Defensible Infrastructure

Survival Guide/Pyramid

www.ruggedsoftware.org

http://www.ruggedsoftware.org



Operational Discipline





Situational Awareness






Countermeasures



LanCope

BigFix (IBM)

NetWitness (RSA)

Fidelis XPS

HBGary

FireEye

ArcSight (HP)




Countermeasures

A real use case of 'better security' in the face of adaptive

adversarieshttp://www.the451group.com/report_view/report_view.php?entity_id=66991

Case Study: Zombie Killer of the Week

http://www.the451group.com/report_view/report_view.php?entity_id=66991

http://www.the451group.com/report_view/report_view.php?entity_id=66991


Who are you playing against?


Innovation Opportunities?

Start with a blank slate! Operationalizing the Basics More/Varied “Eyes & Ears” Increased agility Obtain/share adversary centric intel Big Data & A.I. (more than hype) Simulate adversary-driven scenarios



Thank You & Contact

Mar @ sudux.com

@krypt3ia

“anonymous” contributors

“unspecified” contributors

@attritionorg

@JoshCorman

















THANK YOU…

Joshua Corman Director of Security Intelligence

http://blog.cognitivedissidents.com/



Documents

Corman Anonymous Csa Chicago 20120712