#Infosec17 Attribution Still Remains a Challenge, Say FBI

#Infosec17 Attribution Still Remains a Challenge, Say FBI

Speaking in the keynote theatre at Infosecurity North America on “Profiling the Agile Cyber Adversary”, Jeffrey Tricoli, section chief cyber at the Federal Bureau of Investigation (FBI), said that trends like IoT Big Data were important, but conventional threats are still common.

Tricoli said that in the early 2000s, the Leaves virus was not one of the better known, but it had an impact as it took advantage of home PCs with the Sub7 infection, and reinfected them.

“This was a big deal and the first time we saw 1000s of computers in a coordinated attack by unknown individuals with unknown intent,” he said. “Put yourself back in early 2000s, robustness is built up now and security providers and defenders didn’t exist and infrastructure was relatively fragile, and there were probably 13 DNS providers, so if you went after one there would be a big impact—so we saw this and it was a big, big deal.”

Tricoli said that Leaves was caused by a 25-year-old British student who was trying to generate revenue and this was the first instance where we saw how to turn viruses from destructive malware, and how to turn to monetize them.

“After that, more attackers realized they could monetize and turn computers into a resource and through our interviews, they are entrepreneurs knowing how to make money and see opportunities to exist and take advantage of them. We see the adversary changing and learning from each other.”

In terms of attribution, Tricoli said that common were: hacktivism, crime, insider, espionage, terrorism and warfare, and typically a first question is “who did this”. Unfortunately this does little for value, as while it does make victims feel good, they should get systems back up.

He concluded by saying that a constant theme is that risk has not risen to the C suite where the discussion needs to happen, and while attribution was not always easy, but this was “not something government can tackle alone”.

Source: Information Security Magazine