Slashdot Mirror
Intelligence Start-Up Goes Behind Enemy Lines To Get Ahead of Hackers
anlashok writes: The Times profiles a company called ISight, which sells computer security intelligence gathered by professionals from the "dark web". From the article: "ISight's investors, who have put $60 million into the company so far, believe that its services fill a critical gap in the battle to get ahead of threats. Most security companies, like FireEye, Symantec, Palo Alto Networks and Intel's security unit, focus on blocking or detecting intrusions as they occur or responding to attacks after the fact. ISight goes straight to the enemy. Its analysts — many of them fluent in Russian, Mandarin, Portuguese or 21 other languages — infiltrate the underground, where they watch criminals putting their schemes together and selling their tools."
I have always been uncomfortable with the potentially mutually beneficial nature of the roles of security provider and security breach specialist.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
Is it black hat or white hat hacking?
It's kind of hard to tell them apart with schemes like this. Oh yea, we will infiltrate the "bad guys" and get tipped off to their activities before anybody else knows, or we will invent some new attack vector, sell it to the bad guys and get loads of money from your because only we know enough to protect you from what the bad guys are doing.. You cannot know the difference....
Problem with this is you will never know and you will be letting some outfit with admitted ties to some bad actors have access to your network security systems... What could possibly go wrong?
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Who's a good little mini NSA? You are! Yes, you are. I'm so proud of you!
I wouldn't be so sarcastic and probably even be supportive of it if it weren't a recipe for abuse. A company or organisation would eventually abuse it and then claim it was legal and nothing wrong.
Extra points if you can lie in front of congress.
If your operations can be carried out in specific countries, you might be able to bypass some anti-hacking laws, or at least diminish some of the potential legal blame of 'going too far'. If you have to limit your offensive capabilities, there are probably ways of cataloging/surveying/classifying incoming attacks and thwarting them without doing anything illegal. The main factor in the success of this business relies on them providing monetarily valuable information to potential targets.
That said, what they say they're doing is not illegal, and it is probably already practiced by most security companies. It's just a business pitch. From TFA, they spend their time
monitoring underground chatter and markets, analyzing computer code meant to cause harm, watching the networks of potential attackers and poring over social media channels for signs of imminent attacks.
"Allowing the bad guys to continue operating" you say. You've "allowed" crime just as much as anyone else has. You have just as much right to track down individual criminals and fly around the world trying to stop them as do the researchers working for these companies. We're not cops, we're nerds. You could register in the cracker forums, follow the social media feeds, and try to do what you seem to expect us to do. Why haven't you done it?
The difference between you and I is only that I HAVE contacted the FBI or National Center for Missing and Exploited Children the few times that I've come across a situation that warranted it. What have you done? I warned Wikipedia of an attack that would have taken them down, warned them in time to prevent the attack. What have you done?
99.99% of the time, we don't have the real name and home address of the bad guys. We have screen names, like you see on Slashdot, and we see what types of vulnerabilities and attacks they're talking about this month. Then we protect our clients, which may include your bank, from the types of attacks that are being discussed by the bad guys.
99% of my coworkers don't have any authority to arrest anyone. That's not our job. Our job is secure the systems you rely on. There is one person at the company I work for who used ton have the authority to arrest certain specific criminals. That happens to be me. I successfully found and arrested most of the people I was granted authority to go after. So yeah, we've actually personally put a few criminals behind bars, though that's not our day job. "Allowing criminals to continue operating", eh? I've told you what I've done to stop criminal activity. I ask you again, what have you done? You've done nothing, you have allowed them to continue.
I wouldn't mind working for such a company, but I don't work for terrorists
If cutting off people's head is terrorist, what about bombing civilians' houses and killing those living inside, like what is happening in Yemen?
What about those, such as America, France & Britain, who supply planes, bombs and all kinds of logistical support to those who do the bombing?
Where do you draw the line, dude?
As I am from China, and have picked up quite a bit of Russian while I was in school at China, can I go rogue, join up with the hackers, create all kinds of cyber mayhems, and then turn around sell the information to those on the 'white side' of the line?
The whole thing is mindbogglingly ridiculous!
Are we going to encourage the hackers to create yet another stream of income by selling outdated info of the dark side?
Muchas Gracias, Señor Edward Snowden !
https://en.m.wikipedia.org/wik...
The "hackers" will just their methods.
"If any question why we died, Tell them because our fathers lied."
> By not telling some of the potential victims they are conspiring with the hackers. I'm sure some lawyer would have a go with it.
What, you expect me to call you, and every other person in the world, personally? Why don't YOU have a go at that. YOU go monitor the cracker forums and such, then call me when you see something interesting. For free. You'll start doing that tomorrow, right?
No? Well those of us who spend our working hours on this stuff have to eat too. So yeah, if you want instant analysis of what's important to you, you get buy one of my kid's meals. Other than that, sign up at Threatpost and sift through it yourselc every day.
Lazy self-entitled liberal bastards.
Businesses that attempt to monetize threat modeling have been around for a long time without the same scrutiny a lot of you are giving this company. Is it immoral for a company that makes antivirus software to not give their software away for free rather than charging money? Do you think the moral thing to do would be to just go out of business instead of charging money? If you aren't currently an IT security expert working for a non profit or for free, I invite you to apply your train of thought to just as much introspection as finger pointing. All this company is doing is taking an approach to threat modeling that people like Brian Krebs started advocating a long long time ago, and incorporating it into a business model not incredibly different than any other IT security company.
Brian Krebs has been doing this for awhile now.
http://krebsonsecurity.com/
Someone's just taking it to the next level - not a bad idea at all IMHO.
blindly antisocialist = antisocial
I'll jump into the "great minds think alike" party, although my comment seems to have attracted the attention of someone randomly ranting at me about whether or not it's ok to spy on spouses(no idea). I love Brian Krebs. Can't think of why it took businesses this long to actually implement that sort of thing in threat modeling.
Its analysts - many of them fluent in Russian, Mandarin, Portuguese or 21 other languages - infiltrate the underground, blend in, and with any luck, they've got the exploits already.
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
potentially has been watching the bad boys longer, with more impact.
if this is supposed to be a new economy, how come they still want my old fashioned money?