RSA Peer2Peer

RSA 2018 Peer2Peer Session: Successes and Pitfalls of Penetrating Hostile Online Groups

Earlier this month, I had the privilege of hosting a Peer2Peer speaker session at RSA 2018, where I joined attendees on an exploratory deep-dive through the pros, cons, and intricacies that surround the practice of proactively infiltrating malicious groups online. My goal was simple: learn how my peers are conducting anonymous operations, what problems they are experiencing, and where they have seen success.

digital misattribution

Misattribution Lessons From the Unmasking of Guccifer 2.0

Anonymity is hard to maintain over time against an aggressive adversary. There are many ways you can accidentally leak your identity or tie your activity to some other identity. One minor error in hiding any of those identifiers can ruin an entire mission and potentially invite retribution. Over the course of months, this adds up to potentially thousands of opportunities for error. Unfortunately, humans are not very good at achieving that level of consistency with their operational security (OPSEC).

Investigator anonymity

How Stand-Alone Laptops Put Law Enforcement Investigations at Risk

The internet is now part of almost all investigations, bringing significant new complexity to gathering evidence or conducting covert activity. Consequently, internet-based investigations create a whole new category of risks. Just as detectives work in plain clothes and drive unmarked cars, it is often important to avoid identification as a law enforcement officer when investigating online. This is often called being “non-attributed,” but is more accurately labeled “misattributed” or “anonymous.” A common method for conducting these investigations is to use a dedicated laptop connected to the internet over personal WiFi. Unfortunately, this is an unsafe way to operate, with significant risk of identification, location exposure, content blocking, and infection.

Security Week Article

Understanding Looming Threats and the Need to Hunt With Anonymity: A Security Week Article

Situational awareness is important when engaging online – especially when hunting for threats outside the organization’s firewalls. This requires the skills and tools to protect your identity by remaining anonymous. Additionally, un-patched systems and poor configurations could potentially allow an attacker to get through to your internal network.


Did You Know: Browsing the Internet is a Risk to the M&A Process?

While mergers and acquisitions (M&A) are generally known for bringing economic growth and opportunity, people are beginning to realize that the process also brings serious cybersecurity risks. For example, along with the acquired company’s valuable assets, buyers also inherit all previous and current vulnerabilities and breach history. But there are also risks that exist for buyers before they sign on the dotted line or take action to merge technologies, processes and resources – during the M&A process, an organization is vulnerable from the moment they set out to do online research.