Reverse Deception: Organized Cyber Threat Counter-Exploitation by Sean Bodmer Page B
Book: Reverse Deception: Organized Cyber Threat Counter-Exploitation by Sean Bodmer
Read Free Book Online
Authors: Sean Bodmer
Ads: Link
unity of effort.
Security Friendly forces must deny knowledge of a force’s intent to deceive and the execution of that intent to adversaries.
Timeliness A deception operation requires careful timing and action.
Integration Fully integrate each military deception with the operation that it is supporting.
Let’s take a closer look at each of these principles.
Focus
It is all about the adversary decision maker. In a deception, the person who makes the decisions, allocates resources, and approves strategic decision making is the person the deception should be tailored to affect. All others fall short because the ultimate purpose of the deception is to have the adversary allocate, waste, or improperly spend resources in a way more favorable to your efforts.
Focus can be used against an individual or group. When the focus is on the individual, it’s tailored to deceive that individual. When the focus is on a group (such as organized crime or a foreign government), it’s about the leadership of the group infiltrating your network—the frontline attackers report all of their findings up through a chain of command, and someone in that chain makes decisions based on the intelligence collected.
The importance of focus is directing the decision maker into making the wrong decisions or decisions of your design.
Objective
The goal is to get the adversaries to act or not act; you don’t want to just tell them a nice story.
Perhaps we project a story that there is an unopened bottle of high end Johnny Walker sitting on the bar and it is available for free—first come, first served. Say that we know the adversary decision maker is a connoisseur of Scotch whiskey and loves high end products. That is a nice story, but is it enough to get the adversary to go to the bar himself?
When relating the principle of objective to the cyber world, think about developing a project or system that may be of interest to a threat. You need to design a deception operation that will interest your adversaries and lead them to act and fall into your deception.
Centralized Planning and Control
Each deception should be coordinated and synchronized with all other deception plans to present a seamless story across the organization. Overlooking the smallest detail could prove fatal.
Perceptual consistency is one of the most important goals of deception, especially when dealing with a highly skilled and motivated threat. Consistency can be built into many areas from personnel, logistics, financial, and technical resources and assets.
The adversaries must see a seamless story that is compelling enough based on all the intelligence they have collected from your enterprise. Essentially, you want to make the threat feel comfortable enough to take an action against your deception. The slightest innocuous detail can ruin an entire deception operation. For example, if John is listed as a member of a team that is associated with the deception, and John is transferred to another location but is still listed in the deception as being at his original location, the adversary will more than likely come across the discrepancy and not act, which defeats all of your efforts and resources to build the deception.
Security
One seller of high end Johnny Walker will not tell you that next door there is a sale on the exact same product. In the same vein, why would you want to deliberately give away information regarding the true deception story? The mere fact there is a deception should foster a heightened level of security.
Operations security (OPSEC) of your deception is critical to ensuring success and the ability to continue to your end goals. Securing your deception is of the utmost importance. A slight error or oversight can breach the security of your deception against a threat.
Timeliness
If we cannot get across the message to our adversary that the high end Johnny Walker is all teed up and ready to go, which would prompt him to take action, our efforts
Security Friendly forces must deny knowledge of a force’s intent to deceive and the execution of that intent to adversaries.
Timeliness A deception operation requires careful timing and action.
Integration Fully integrate each military deception with the operation that it is supporting.
Let’s take a closer look at each of these principles.
Focus
It is all about the adversary decision maker. In a deception, the person who makes the decisions, allocates resources, and approves strategic decision making is the person the deception should be tailored to affect. All others fall short because the ultimate purpose of the deception is to have the adversary allocate, waste, or improperly spend resources in a way more favorable to your efforts.
Focus can be used against an individual or group. When the focus is on the individual, it’s tailored to deceive that individual. When the focus is on a group (such as organized crime or a foreign government), it’s about the leadership of the group infiltrating your network—the frontline attackers report all of their findings up through a chain of command, and someone in that chain makes decisions based on the intelligence collected.
The importance of focus is directing the decision maker into making the wrong decisions or decisions of your design.
Objective
The goal is to get the adversaries to act or not act; you don’t want to just tell them a nice story.
Perhaps we project a story that there is an unopened bottle of high end Johnny Walker sitting on the bar and it is available for free—first come, first served. Say that we know the adversary decision maker is a connoisseur of Scotch whiskey and loves high end products. That is a nice story, but is it enough to get the adversary to go to the bar himself?
When relating the principle of objective to the cyber world, think about developing a project or system that may be of interest to a threat. You need to design a deception operation that will interest your adversaries and lead them to act and fall into your deception.
Centralized Planning and Control
Each deception should be coordinated and synchronized with all other deception plans to present a seamless story across the organization. Overlooking the smallest detail could prove fatal.
Perceptual consistency is one of the most important goals of deception, especially when dealing with a highly skilled and motivated threat. Consistency can be built into many areas from personnel, logistics, financial, and technical resources and assets.
The adversaries must see a seamless story that is compelling enough based on all the intelligence they have collected from your enterprise. Essentially, you want to make the threat feel comfortable enough to take an action against your deception. The slightest innocuous detail can ruin an entire deception operation. For example, if John is listed as a member of a team that is associated with the deception, and John is transferred to another location but is still listed in the deception as being at his original location, the adversary will more than likely come across the discrepancy and not act, which defeats all of your efforts and resources to build the deception.
Security
One seller of high end Johnny Walker will not tell you that next door there is a sale on the exact same product. In the same vein, why would you want to deliberately give away information regarding the true deception story? The mere fact there is a deception should foster a heightened level of security.
Operations security (OPSEC) of your deception is critical to ensuring success and the ability to continue to your end goals. Securing your deception is of the utmost importance. A slight error or oversight can breach the security of your deception against a threat.
Timeliness
If we cannot get across the message to our adversary that the high end Johnny Walker is all teed up and ready to go, which would prompt him to take action, our efforts
Similar Books
