Hacking the Hacker

ItM14_Cover_250pxCybersecurity is an ever-evolving field. Attackers are constantly changing their strategies and methods of hacking, and it’s a never-ending race for cybersecurity experts to keep up and keep data safe.

We explored some of these cyber challenges in GovLoop’s new guide, 30 Innovations that Mattered in 2014. In the guide we talked with Intel Security – the cybersecurity division of Intel.

For Intel Security, one of the company’s latest moves to innovate in cybersecurity started when they began following a group of sophisticated actors who persistently and methodically attacked global political organizations for more than three years. Known as Operation Archangel, this cyber-espionage campaign executed spear phishing attacks against a number of targets across Asia and North America.

We sat down with Ryan Sherstobitoff, Principal Security Researcher, and Rees Johnson, SVP & General Manager of Content Security, both of Intel Security, in order to learn how they hacked the hacker.

Intel hoped to better understand Advanced Persistent Threats (APTs). They launched the establishment of honeynets and honeypots to attract would-be attackers and study their techniques. In short, they began actively monitoring the attackers themselves by luring them into a trap.

“To track a hacker, you have to think like a hacker,” quipped Johnson.

“The attackers were targeting organizations across the world, and we monitored their access process” explained Sherstobitoff. “So we had the insight into the tools, the techniques, and the procedures, because we were able to actually monitor firsthand their activities.”

Using honeypots, honeynets, and malware analysis, the Operation Archangel Advanced Persistent Threat campaign was monitored and documented by Intel Security for over 12 months.

“One of the interesting things that the hackers utilized were destructive capabilities,” said Sherstobitoff. “They were arming pieces of malware to destroy a victim’s network. So imagine planting it [malware] on an emissary network, and they can actually trigger a remote wipe of the systems and essentially render them inoperable. That’s really what was surprising to us – as well as finding out that a lot of these activities which were already documented in the media actually happened to be linked together by a common actor.”

Added Sherstobitoff, “This approach was innovative in terms of arming and modifying existing code and using it to attack victims across Asia and North America.”

Though criminals like the actors behind Operation Archangel are becoming more sophisticated by the day, Sherstobitoff and Johnson said that there are concrete steps agencies and government employees can take to prevent spear phishing campaigns and create a culture of cybersecurity awareness. It all starts with focusing on one of the technologies that governments use most: email.

To learn more about Operation Archangel and uncover the 30 innovations that mattered in 2014, download the guide!


Leave a Comment

Leave a comment

Leave a Reply