Friends or Foes? Intelligence Agencies and Telecommunications Companies

Published:

Intelligence agencies depend on information to function. They’ll go to great lengths to gain access to potentially pertinent or useful materials that can be processed, analysed or synthesized into actionable intelligence, and put to use in the protection of national interests.

Communications are a particularly valuable form of information. The telecommunications companies (telcos) that manage and deliver huge volumes of calls, texts and internet traffic are effectively massive repositories of highly-desirable data.

Continue reading

Only Human: Protecting Against Unwitting Insider Threats

Published:

Within the corporate world, the spectre of insider threat is one that is difficult to come to terms with. A malicious insider in an organisation has, by virtue of their position, access to privileged information and functionality that an outside attacker would be able to leverage only with great difficulty.

Continue reading

Election Hacking: an old threat in new clothes

Published:

There is a general consensus that Russia interfered in the 2016 US Presidential Elections. According to the US intelligence community, it has been assessed with ‘high confidence’ that Russia used nation state proxy groups to influence the outcome of the presidential election in favour of Donald Trump.

Continue reading

The Weakest Link: The Supply Chain as an Intrusion Vector

Published:

In April 2017, PwC and BAE Systems released a report that investigated the activities of a Chinese advanced persistent threat (APT) actor, known as APT10 or Stone Panda (amongst other things).

The report assesses that this group’s primary technique is to target managed service providers (MSPs) as a pivot point to gain a foothold into the network of their clients. In other words, this threat actor is using the supply chain as the infection vector into their target’s environment.

Continue reading
Convergence of Cybercrime and Traditional Crime

The Convergence of Cybercrime and Traditional Crime

Published:

It’s easy to forget that cybercrime is a relatively new term that didn’t exist 30 years ago. Today, excluding some violent crimes, it appears that almost every conceivable crime can have a cyber element to it.  Cybercrime can be described as any illegal activity that is dependent on a computer or network-connected device.  But as devices are increasingly network connected, could we see a blurring of the line between traditional crime and cybercrime?

Continue reading
Riffle Project

The Riffle Project

Published:

Online anonymity has become very popular with users becoming concerned about their privacy when using the Internet. TOR is one of the most widely used (and arguably, most effective) ways of maintaining a level of online anonymity. Although TOR has some great advantages, it nevertheless has its limitations.

One possible alternative to TOR is the Riffle anonymity network. But how does it the answer to the call for better online privacy?

Continue reading
The corporation as a threat actor

The Corporation as a Threat Actor

Published:

Generally when conducting threat assessments, a tried and tested method is to assess the threat from four categories of threat actor:

  • Nation state / Nation state proxies / Intelligence services
  • Organised criminal gangs
  • Hacktivists and hackers
  • Malicious and unintentional insider
Continue reading

Securing the Securer: Cyber Threats to the Insurance Sector

Published:

“Amazing”, “extreme”, “one of the coolest things I’ve ever seen.” These were the words of a cyber forensics expert who was tasked with investigating the biggest breach of an insurance company in history. Respectively, these words describe the operational security, stealth tactics, and malware engineering of the group that stole the personal information of almost 79 million policyholders in the US in 2015. The forensic team claim that 1000 boxes were infected, and roughly 7000 MD5 hashes (distinct file identifying numbers) were assigned to the ever-changing malware used to conduct the breach. What the details of this breach show is that the insurance sector has become a particularly attractive target for well-resourced and highly skilled cybercriminals.

Continue reading