Sunday, February 14, 2010

APT Dilemmas

The last month has seen a plague of comments and "expert" opinions materialize related to the Advanced Persistent Threat (APT). In the majority of cases, I'd have to class those very same comments and opinions as ambulance chasing tripe - by people that either have over active imaginations or are just simply looking to capitalize on the confusion generated by the media.

Sure, we're all entitled to our opinions, but there's more to all this. If many of these comments and expert opinions had been directed at an individual or corporation, those "experts" would have found themselves in court over slander charges many times over by now. So perhaps they're personally lucky that their ignorant and ill-educated comments haven't resulted in such actions. On the other hand though, they would appear to be adding kindling to a growing wildfire which will likely affect us all.

There are of course multiple camps of thought in every argument. For many (former) military types, it often appears to be about Nation States driving and incentivising hacking teams to target the assets of a foreign entity. That's they way they were trained to think. Similarly, Nationalism comes in many shapes and forms - and varying degrees of dedication - ranging from wearing a lapel pin through to chanting a pledge of allegiance to a flag (or deity, or prophet) each day. Every country, population or group has different levels and ways of showing nationalistic pride or reverence.

I believe that this applies greatly to APT's. The ability to acquire, retain and motivate a team of hackers capable of orchestrating and executing an APT campaign against a target (global conglomerate, strategic technology provider or government department, etc.) goes beyond meeting a specified financial compensation plan. APT campaigns aren't for the feint of heart. They require a degree of dedication not normally seen in most cyber criminal attacks.

That is not to say that someone can't simply go online and hire a bunch of hackers and build out a team to launch an APT campaign. That's not particularly hard - especially if you've got the cash. However, to keep a campaign flowing and obtain the level of persistence needed to keep the cross-hairs on a target for a year or more - well, that requires something more.

For one thing, running such a long campaign is probably going to need a core team that shares similar (if not identical) core values - nationalistic, political, religious, etc. - and is willing to dedicate the time needed. The dedication element can be brought easily enough, while the core values aspect means that the hacking team will likely have shared many experiences in the past. This of course doesn't prevent the campaign from engaging other external entities and subcontracting out either more specialist attacks or delivery options, but it does mean that tactical elements of the campaign can be passed on to third-parties as and where needed.

So, the dilemma with APT's is that they're a campaign strategy rather than an exploit, hack or attack vector. Which of course confuses many people who think of things solely in terms of attackers and tools - rather than objectives and motivations.

Would I class APT's as nation-state strategies serving as a precursor or reconnaissance for cyber-war? In some extreme cases, yes. I've met and probably helped train (in some fashion or other) several of the individuals that work this angle and are prepared to engage in these kinds of activities. However, many more of these people would refuse to engage in these activities out of nationalistic pride or prejuidice - but are only too happy to offer their persistent attention and services for a fee; being ideal candidates for longer term corporate espionage (e.g. back-dooring of oil pipeline control systems, targeting pharmaceutical research laboratories, accessing patent filing and tracking systems, etc.).

Then again, motivations for engaging and conducting an APT campaign can vary a lot - searching for UFO evidence, saving the whales or even targeting car manufacturers that attempt to hijack and steal other peoples Internet domain names - are all past causes capable of wedding a team together and working towards a common objective.

So, a word of advice then. It's dangerous to think of APT's as being wielded solely by nation-states. Unfortunately APT's are a fact of life - and have been so for well over a decade now. It's just that they've only been spoken about in hushed voices within closely closeted communities before Google said enough is enough to the secrecy.

No comments:

Post a Comment