Inside the mind of digital attackers: Part 1 — The connection by Justin Kosslyn.
From the post:
John has a target: name, country, brief context, and maybe the email address or website. John has been given a goal: maybe eavesdropping, taking a website offline, or stealing intellectual property. And John has been given constraints: maybe he cannot risk detection, or he has to act within 24 hours, or he cannot reach out to the state-owned telecommunications company for help.
John is a government-backed digital attacker. He sits in an office building somewhere, at a desk. Maybe this is the job he wanted when he was growing up, or maybe it was a way to pay the bills and stretch his technical muscles. He probably has plans for the weekend.
Let’s say, for the sake of this example, that John’s target is Henry, in the same country as John. John’s goal is to copy all the information on Henry’s computer without being detected. John can get help from other government agencies. There’s no rush.
The first thing to realize is that John, like most people, is a busy guy. He’s not going to do more work than necessary. First, he’ll try to use traditional, straightforward techniques — nothing fancy — and only if those methods fail will he try to be more creative with his attack.
…
The start of an interesting series from Jigsaw:
A technology incubator at Alphabet that tackles geopolitical problems.
Justin proposes to take us inside the mind of hackers who target journalists.
Understanding the enemy and their likely strategies is a starting place for effective defense/protection.
My only caveat is the description of John as a …government-backed digital attacker….
Could be and increases John’s range of tools but don’t premise any defense on attackers being government-backed.
There are only two types of people in the world:
- People who are attacking your system.
- People have not yet attacked your system.
Any sane and useful security policy accounts for both.
I’m looking forward to the next installment in this series.