It was with great interest that I read this article on Reuters (home to serious news most of the time) on the latest threat intelligence report. You can never have enough threat intelligence. But you can have more than enough cruddy and ruddy hearsay, fiction, and fortune-telling that passes itself off as threat intelligence.
Let’s have a look what the masters of spin produced this time. First off is the outlandish quote: > A U.S. cybersecurity firm says it has gathered evidence that the Russian government spied on hundreds of American, European and Asian companies, the first time Moscow has been linked to cyber attacks for alleged economic - rather than political - gains.
This would definitely be the first if it wasn’t for, you know, all that Cold War stuff. And if it wasn’t so well documented by Cliff Stoll in Cuckoo’s Egg way back in 1989. Or even by CIA in 1983. Or, heck, let’s go to the source itself, shall we, the KGB. The argument could be made that all those previous cases of industrial espionage perpetrated by the Russians weren’t exactly “cyber attacks” because “cyber” only came in vogue in the last few years. And that, weak as it is, would be about the only defence for such an inaccuracy.
Moving on, looking for some evidence of the above claim we’re given the typical “can’t tell you, client confidentiality” stuff. Which is all well and fantastic, but then going on to name the target industries pretty much narrows down the potential victims quite a lot. In short, the doubt remains about the claim but the clients that CrowdStrike thus exposed are easier to deduce. > CrowdStrike declined to go into detail about those losses or to name any victims, citing confidentiality agreements related to its investigation.
And then we come to this tear-jerker: > [Alperovitch] told Reuters that the data his firm has obtained about Energetic Bear suggests that authorities in Moscow have decided to start using cyber espionage to promote Russia’s national economic interests.
“They are copying the Chinese play book,” he said. “Cyber espionage is very lucrative for economic benefit to a nation.”
Anyone that has paid even a passing interest to espionage, industrial or otherwise, knows that Russia had good 50 years to hone their espionage skills against another world super-power. And Russian’s definitely came tops when it came to pure espionage skills. So now we are meant to believe that the people that have been so far ahead of everyone else are suddenly copying the crude attempts from hackers for hire in China? Yes, a tear-jerker indeed.
Another article, this one in New York Times that was similarly breathlessly used to show just what a great report CrowdStrike produced has these gems:
The report buttresses previous findings by The New York Times , Google and a number of other security firms , including FireEye, the Milpitas, Calif.-based security software firm that acquired Mandiant last year. It also offered a number of interesting new discoveries. Among them:
- Regional conflicts such as Syria’s civil war and protests in the Middle East continue to spill over into cyber conflict.
- Hackers in the Middle East and North Africa are ramping up their hacking capabilities.
- High-profile world events such as the upcoming Sochi Olympics and World Cup and upcoming elections in Egypt, Iraq, Tunisia and Turkey may coincide with cyberattacks as was the case with the G20 Summit last fall.
Save yourself the trouble, don’t go read the report. It will take up the valuable time you will never get back.