Nate Beach-Westmoreland Profile picture
Jun 25, 2018 32 tweets 10 min read Twitter logo Read on Twitter
Obviously this immediately got added to my reading list #infosec #threatintel
Well, off to the races. I'm starting to read through The Perfect Weapon. I'll share my train of thought as it comes up. Sadly, because I'm doing it as an audiobook the snippets I want to quote may not be available online
Includes a reference to the Atlanta ransomware attack among state-linked attacks. I've never seen it framed as state-sponsored, but it provides a good case study for what such an attack on state or municipal governments might look like
Parallels btw airplanes & "cyber weapons" have always been apt, but we're past "1918" now. Prices dropped, lots of countries got them, a European country became a strategic testing ground (Spain//Ukraine). What's next big leap: radar (defense) or jet engine (offense)?
We’re rapidly going through the early years of state-backed cyber operations, starting with Moonloght Maze and the Kosovo conflict. Nothing new here. I recommend “Dark Territory” to those wanting more on how the US got to this point, defensively, offensively, and strategically
Stuxnet has gone public and malware analysts are trying to figure what’s going on. “It was 20x the size of usual malware, but there were no bugs! That’s extremely rare.” Stop now and read “Countdown to 0day,” if you haven’t!
So many aspects of Stuxnet are foreign today. Who imagined that 8 years later that precise destruction, intentional limiting of propagation, use of 0days, lack of coding errors in malware by major cyber powers etc are as dated as line formations & bright uniforms are in armies?
Interesting storyline here that the US and Mossad chief Dagan both allegedly promoted Stuxnet as much to prevent Netanyahu from bombing Iran as to slow Iran’s nuclear breakout, as bombing would have ultimately hardened Iranian resolve to build a nuke
Nitro Zeus is a good example for what cyber in an armed conflict would likely look like before shots are fired: massive battlefield prep in case of contingencies… #icssecurity
Now at OpAbabil: across the years of state cyber attacks, a motif in the book will likely be the deficiency of prior thought about the strategic significance and impact of foreseeable cyber activities hindering the ability to respond to threats
Shamoon: Note that Iran was not the first state to use wiper malware. DPRK hackers caused havoc the previous year by ripping through severs at an ROK bank, forcing a massive service and corporate disruption, impacting its 30 million customers
The story of B.Clinton touting the internet as a catalyst for democracy in China while the Chinese considered its potential for social control is painfully emblematic of 90s’ and 00s’ techno-Utopianism. An excellent early rebuttal of this line of thought was “The Net Delusion”
New to me: the Aurora hack also stole from Google’s law dept all the US government’s requests for Google to share data about certain users, revealing who the US suspected might be Chinese spies. That’s kind of a brilliant move by the hackers
The OPM and Anthem hacks really were a classic #bigdata problem, not so much because it was a lot of data, but because tools existed to leverage that data to yield insights. Those databases has existed for decades, but the big risk arose when someone could sift through them!
Interesting take on the Xi-Obama agreement: Xi hopes to preemptively set a norm for not stealing industrial secrets, because when China would eventually be a great technological powerhouse, others would try to steal its IP. If so, that’s some decent strategic thinking
Saying that “nobody mentioned North Korea’s cyber skills, because nobody was really paying attention” is only half true...
NotPetya as a massive cover up for collecting intelligence from numerous major Ukrainian businesses: “It was like the old Soviet days: first you rob the village, then you burn it to the ground”
Panetta considered the difference btw dramatic, obviously “cyber” attacks & more subtle incidents whose causes aren’t immediately clear (eg Stuxnet). The latter might not shake policy makers w/o a grasp on cyber into action. Hence his love for evoking a “cyber Pearl Harbor”
Russian trolls had the good sense to run a non-political social influence experiment, convincing crowds to show up for non-existent hot dogs. @RidT detailed at CTISummit2018 a similar Russian IO test op in 1950s. Good idea to test before production!…
The Dutch pulled off one of the better disclosed ops of the past year, hacking into Cozy Bear’s security camera to track them hacking into the State Dept and White House. No mention of leather jackets in this story…
The Internet Research Agency was already getting coverage years before the 2016 election and even the 2014 annexation of Crimea. Here’s (one of) the earliest articles about it. (Google Translate)…
.@DAlperovitch’s early career is described as “bounc[ing] around the digital stations of the cross.” Talk about #infosec being a cross to bear!
A recurring theme here is Russians pwning targets like the State Dept and the DNC so badly that they needed to scrap huge swaths of infrastructure or wipe everything just to be certain they were clean. Remember that cost the next time your org thinks about cyber risk management!
Brennan gets credit for his imagination: if RU’s goal was weakening American institutions like the election, national vote rigging was not the only scenario to defend against. Hacking into voting rolls, but not changing anything, still created FUD about the election
I particularly liked the scenario he described of RU hackers possibly turning off the power in a few key areas in swing states for just a couple hours on Election Day. Nothing flashy. Just don’t let it be immediately clear that something malicious occurred. #icssecurity
Sanger briefly touches on the sorts of Russian SIGINT activities happening via the diplomatic properties shuttered last summer in CA and NY. Though broadly assumed to be occurring, I wasn’t previously aware of any specifics…
Why are policymakers and analysts plagued by failures of imagination when faced by new technology? One major reason is the tendency to squeeze what is new into an existing model. Years ago I wanted to do a History PhD on policymakers "misusing" history, inspired by this book:
A book that often touches on this same "failure of imagination" problem is "The Information" by James Gleick. It’s a history of information technology
🤣 On institutional cultural differences: "Often [NSA] treated these implants like prized bonzai to be watered, nurtured, and cared for. The culture of the NSA was far more risk-averse and, to them, CYBERCOM offensive units were mostly interested in blowing things up."
Overall, the content is well-trodden ground with a US-centric history of recent state-linked cyber activity, (excepted given Sanger's experience.) Don't expect significant coverage of events not intersecting with the US (e.g. TV5Monde or the German steel mill hack)
As my tweets hopefully show, the book's best additions to field were the discussions Sanger has had with US policymakers about their thought processes and debates about cyber on fundamental, strategic levels

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Nate Beach-Westmoreland

Nate Beach-Westmoreland Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!


0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy


3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!