Preventing Jail Time and Torture with IOCs – by Brandon Dixon

Last month I was fortunate enough to attend the 2013 Cyber Dialogue conference hosted in Toronto, Canada. Despite much of the conference centering around policy, privacy and governance, I really enjoyed myself and surely plan to go back next year. One of the interesting take-aways from the discussions I had with some of the attendees was the stark difference in corporate entities I had dealt with in the past or heard stories about and those in civil society, mainly in their reasoning for doing the work and needing help.

Most of the media I have read in the past year or so covers the “bleeding of corporate America” [PDF] through state-sponsored cyber espionage. Yes, it’s true, our companies both foreign and domestic have been getting hacked for the past several years with trade secrets, intellectual property and bundles of research going out the digital doors, but commercial entities are not the only victims of these attacks. It’s easy to forget organizations, individuals and even certain parts of the world when they aren’t shoved in your face through an advertisement or media story, but they too are hacked, only the data stolen in those cases can have far greater consequences.

One of the amazing aspects of Cyber Dialogue was coming face-to-face with those combating attacks not just to protect their digital resources, but protecting actual human lives. Listening to stories of governments torturing citizens for seeking help outside the government, or people being jailed for simply for tweeting a message really helped put the value of indicators into perspective. It’s funny, several friends have told me about their breach notifications going bad, ones where the commercial company being notified become enraged that someone pointed out that they were hacked through an acquired indicator. Why would a commercial company get mad you ask? Well, now that they “know” of a breach, they simply can’t ignore it or deny it in the future. To be fair though, breaches cost money, and lots of it, but hearing those stories makes you wonder why so much help goes to people who in some cases, simply do not want to know.

Now I know all commercial companies don’t operate like I mention above, but the point I want to make is that as a techie in this space, it’s possible to make a larger impact with little or no cost difference to your daily work. If you operate in the targeted threat spaces then there is no doubt in my mind you have come across malware or spear-phishing campaigns going against a think tank, human rights organization or news outlet. That data is easy to shrug off as it’s generally pretty hard to know who to share it with, but I would urge anyone who sees these things to blog, tweet or attempt to let those who may be impacted know. These smaller organizations can’t always afford expensive threat feeds, security software or the ability to staff technical people like us, so any little bit helps them out. The more the data goes public, the more attention it can receive and the more likely it will get used to prevent attacks from being successful.

About Brandon Dixon

Brandon’s primary research as part of Advanced Threat Research at Verisign involves identifying malicious attacks, conducting APT malicious code analysis, tool development and devising strategies to counter threats earlier in their decision cycle. Brandon maintains PDF X-RAY and blogs at where he reports on targeted attacks, malicious file analysis and open source tool development. His research on various security topics has gained accolades from many major software vendors.

This entry was posted in Blog, News. Bookmark the permalink.

Comments are closed.