Slashdot Mirror
Intelligence Start-Up Goes Behind Enemy Lines To Get Ahead of Hackers
anlashok writes: The Times profiles a company called ISight, which sells computer security intelligence gathered by professionals from the "dark web". From the article: "ISight's investors, who have put $60 million into the company so far, believe that its services fill a critical gap in the battle to get ahead of threats. Most security companies, like FireEye, Symantec, Palo Alto Networks and Intel's security unit, focus on blocking or detecting intrusions as they occur or responding to attacks after the fact. ISight goes straight to the enemy. Its analysts — many of them fluent in Russian, Mandarin, Portuguese or 21 other languages — infiltrate the underground, where they watch criminals putting their schemes together and selling their tools."
I have always been uncomfortable with the potentially mutually beneficial nature of the roles of security provider and security breach specialist.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
I wouldn't mind working for such a company, but I don't work for terrorists.
Is it black hat or white hat hacking?
It's kind of hard to tell them apart with schemes like this. Oh yea, we will infiltrate the "bad guys" and get tipped off to their activities before anybody else knows, or we will invent some new attack vector, sell it to the bad guys and get loads of money from your because only we know enough to protect you from what the bad guys are doing.. You cannot know the difference....
Problem with this is you will never know and you will be letting some outfit with admitted ties to some bad actors have access to your network security systems... What could possibly go wrong?
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Who's a good little mini NSA? You are! Yes, you are. I'm so proud of you!
I wouldn't be so sarcastic and probably even be supportive of it if it weren't a recipe for abuse. A company or organisation would eventually abuse it and then claim it was legal and nothing wrong.
Extra points if you can lie in front of congress.
the Ohranka infiltrate YOU!
on a more serious note, its old as world. So they built a business model on it openly.
Next, they'll patent it and sell the startup?
The guy who buys them gets fucked over... big deal.
If your operations can be carried out in specific countries, you might be able to bypass some anti-hacking laws, or at least diminish some of the potential legal blame of 'going too far'. If you have to limit your offensive capabilities, there are probably ways of cataloging/surveying/classifying incoming attacks and thwarting them without doing anything illegal. The main factor in the success of this business relies on them providing monetarily valuable information to potential targets.
That said, what they say they're doing is not illegal, and it is probably already practiced by most security companies. It's just a business pitch. From TFA, they spend their time
monitoring underground chatter and markets, analyzing computer code meant to cause harm, watching the networks of potential attackers and poring over social media channels for signs of imminent attacks.
"Allowing the bad guys to continue operating" you say. You've "allowed" crime just as much as anyone else has. You have just as much right to track down individual criminals and fly around the world trying to stop them as do the researchers working for these companies. We're not cops, we're nerds. You could register in the cracker forums, follow the social media feeds, and try to do what you seem to expect us to do. Why haven't you done it?
The difference between you and I is only that I HAVE contacted the FBI or National Center for Missing and Exploited Children the few times that I've come across a situation that warranted it. What have you done? I warned Wikipedia of an attack that would have taken them down, warned them in time to prevent the attack. What have you done?
99.99% of the time, we don't have the real name and home address of the bad guys. We have screen names, like you see on Slashdot, and we see what types of vulnerabilities and attacks they're talking about this month. Then we protect our clients, which may include your bank, from the types of attacks that are being discussed by the bad guys.
99% of my coworkers don't have any authority to arrest anyone. That's not our job. Our job is secure the systems you rely on. There is one person at the company I work for who used ton have the authority to arrest certain specific criminals. That happens to be me. I successfully found and arrested most of the people I was granted authority to go after. So yeah, we've actually personally put a few criminals behind bars, though that's not our day job. "Allowing criminals to continue operating", eh? I've told you what I've done to stop criminal activity. I ask you again, what have you done? You've done nothing, you have allowed them to continue.
I wouldn't mind working for such a company, but I don't work for terrorists
If cutting off people's head is terrorist, what about bombing civilians' houses and killing those living inside, like what is happening in Yemen?
What about those, such as America, France & Britain, who supply planes, bombs and all kinds of logistical support to those who do the bombing?
Where do you draw the line, dude?
As I am from China, and have picked up quite a bit of Russian while I was in school at China, can I go rogue, join up with the hackers, create all kinds of cyber mayhems, and then turn around sell the information to those on the 'white side' of the line?
The whole thing is mindbogglingly ridiculous!
Are we going to encourage the hackers to create yet another stream of income by selling outdated info of the dark side?
Muchas Gracias, Señor Edward Snowden !
Most of it is nonsense.. Sometimes you can sell sand to Arabs, and sometimes you can sell Windows anti malware to a Linux desktop user or an Apple system user. I remember the journalists catchphrases before the "dark web" it used to be called "in the corners of the web" blah blah blah. and all the criminal hackers selling their wares were foreign speakers! from East Germany oh my God! foreign speakers!! may God have mercy on our souls it is foreign speakers! mind you it could even be foreign typists! Apart from 007 "journalism". In the other news antivirus companies are at each other's throats trying to corrupt each other's signature scanners. But back to 007 bullshit News: The anti-Semite Muslim state are using sniffer dogs to sniff out circumcised Jews and then surgically attaching a foreskin.
https://en.m.wikipedia.org/wik...
The "hackers" will just their methods.
"If any question why we died, Tell them because our fathers lied."
> By not telling some of the potential victims they are conspiring with the hackers. I'm sure some lawyer would have a go with it.
What, you expect me to call you, and every other person in the world, personally? Why don't YOU have a go at that. YOU go monitor the cracker forums and such, then call me when you see something interesting. For free. You'll start doing that tomorrow, right?
No? Well those of us who spend our working hours on this stuff have to eat too. So yeah, if you want instant analysis of what's important to you, you get buy one of my kid's meals. Other than that, sign up at Threatpost and sift through it yourselc every day.
Lazy self-entitled liberal bastards.
While you are correct that businesses already perform hacking, you are correct. That white hat work is on yourself, not sold to others. As soon as you hack (white or black) on someone else, you break the law. Truthfully, you can go to jail for white hat hacking yourself too.. but that depends on what you find and who you tip off.
Their intelligence is actually quite good but very pricey. I evaluated their offerings and, while impressed, decided to go with a cheaper (by 3/4) "solution." I'm not getting quite what I'm paying for. When our commodity goes back up, I will seriously look at iSight again. If you care, I'm a CISO w/o an MBA (BS EE, MS CS, and 20+ years of hacking). -AC
And that next level is assassination. With the kind of money involved in this industry, this is definitely in the cards. I am not sure if MS24 or the mexican cartels take bitcoin though :-)
Businesses that attempt to monetize threat modeling have been around for a long time without the same scrutiny a lot of you are giving this company. Is it immoral for a company that makes antivirus software to not give their software away for free rather than charging money? Do you think the moral thing to do would be to just go out of business instead of charging money? If you aren't currently an IT security expert working for a non profit or for free, I invite you to apply your train of thought to just as much introspection as finger pointing. All this company is doing is taking an approach to threat modeling that people like Brian Krebs started advocating a long long time ago, and incorporating it into a business model not incredibly different than any other IT security company.
so the bad guys will now intentionally create schemes and patterns to "out" these spies and continue on their merry way.
Brian Krebs has been doing this for awhile now.
http://krebsonsecurity.com/
Someone's just taking it to the next level - not a bad idea at all IMHO.
blindly antisocialist = antisocial
When I saw this in 'recent', I thought the same myself on B. Krebs doing that (& it IS what he does - infiltration).
APK
P.S.=> The fact security people have to "lower themselves" to that shows just what it takes to take down scum online unfortunately - fight fire w/ fire... It reminds me of the old original series Star Trek Episode "THE SAVAGE CURTAIN" where Yarnek the silicon being from Excalbia said to Kirk & Spock (as they invited + tricked the earthmen to study us & our "strange concepts" (to them) of "good vs. evil"):
"Your concepts of 'good' & 'evil' are strange to us. They use the same methods.... You do not perceive the honor we do you to act as our teachers." - Yarnek
When Kirk protests on what gave them the right to do so?
"The same right that brought you here: the need to know new things." - Yarnek
It almost ALWAYS "boils down" to that - one underdog uses covert SNEAK means to get the upper hand, forcing all others to do so in order to survive (1 bad apple takes down the ENTIRE barrel in other words)...
So don't speak too badly of our spy agencies like the NSA - they go thru the SAME shit, I am certain of it...
... apk
Ever heard of "industrial espionage"? There's your answer. As I said before, all it takes is 1 "rotten apple" to start acting dishonorably, & it forces ALL the "other apples" to do the same... that's how it works man (& it's most unfortunate).
APK
P.S.=> As far as Computer Security, & Mr. Krebs doing it first? He's by NO means the 1st to do so (infiltrating) - he's just more publicized & I've given him some guff before on 1 account: He's not classically educated in this field, & really isn't a computer scientist (which is a BIG blow to understanding the "enemy" and his methods in detail) - however, he DOES prove that it doesn't take "big brains" or education to be a spy - & yes, the same goes for spy agencies (they have to act "dishonorably" @ times too, when dealing with dishonorable sneak opponents, acting the SAME WAY too - fighting fire with fire)
What a statement on humanity it is - we've tuned deceit to its HIGHEST orders, & it disgusts me... apk
I say take it further than that and have kick starters for assassinations. I would like to set up a kickstarter to off Donald Trump, Stephen Harper and Barack Obama, I wonder how long it would take to reach a 100 million dollar goal...
Its analysts - many of them fluent in Russian, Mandarin, Portuguese or 21 other languages - infiltrate the underground, blend in, and with any luck, they've got the exploits already.
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
I work in InfoSec and I've worked with ISight Partners. While they may have some of the capabilities described by the article, they are far from the only company doing these things. iSight Partners, in my experience, is not in the business of providing actionable intelligence, but rather selling a marketable concept of Threat Intelligence. The vast majority of their staff are Sales. They're capitalizing on the furor that started a couple years ago around "Threat Intelligence", and what they deliver to clients is arguably no better than their competitors. Their actual capabilities left me unimpressed. Cyveillance, as one example, provides more transparent services and makes their data as actionable as possible. There are others far better than iSight, so I'm not sure why they got such a spotlight.
And consider this with companies like iSight Partners, which brag about their "covert operators" giving you a window into the world of hackers- when they tell you they've discovered some plot against your organization and turn over reports about the threat actors and what you need to do for countermeasures, how do you *verify* that they're not just making it up? It's in their interest to keep you feeling like they're providing value. Their system is not at all transparent. What you'll get is a bunch of excuses about why they can't reveal certain details of the investigation, and "trust us".
potentially has been watching the bad boys longer, with more impact.
if this is supposed to be a new economy, how come they still want my old fashioned money?
See subject: I *may* get dragged off topic by trolls but I don't start that way & everyone knows it.
* HOWEVER:
What I've done regarding hosts files has a LOT of the moronic shill paid off (no doubt, since adblock was PAID by MS, Amazon, & Google to NOT DO ITS 1 JOB IT HAD in blocking ALL ads) trolls scared since they can't validly & technically get the best of what I put out as points in hosts favor vs. browser addons & even locally installed DNS since hosts do MORE for FAR LESS regarding giving folks what they REALLY NEED & WANT nowadays - more speed, security, reliability, + anonymity online...
(I'm not stupid you know & somehow, I suspect neither are you, & realize what's in my 'p.s.' below...)
APK
P.S.=> Who'd argue with THAT, that is sane or not adversely affected by it? NOBODY - well, nobody other than those whose crap wares can't compete with those facts? You KNOW who (developers of them, fool fanboys using illogical wasteful addons vs. using what you already natively have that does the job better, webmasters losing adviews, advertisers losing, & lastly + LEASTLY, malware makers (who just "make more" like doritos to compensate being blocked))... apk
You don't infiltrate those groups unless you can demonstrate value which almost certainly requires committing a crime. If these investigators are not law enforcement officers then likely their actions would be unlawful.
I just took it for granted that an intelligent security analysis firm (as well as the OS manufacturers) would establish underground operations in the darknet to purchase exploits and try and establish detection that much more quickly. If they don't do that, this surprises me.