Reverse Deception: Organized Cyber Threat Counter-Exploitation (20 page)

As previously stated, all threats come in different packages and have a different look and feel. Your defense really is dependent on your organization, the laws surrounding what type of organization you work in, and your pain threshold. Some threats are menial; some are severe and need to be handled immediately. This guide will walk you through the various scenarios and provide best practices on how to handle each level of threat.

CHAPTER

2

What Is Deception?

D
eception is an old tactic that has been used for millennia by forces around the world and throughout history. In this chapter, you will learn about some of the traditional techniques and methods commonly used by military and corporate organizations to counter threats and adversaries. This chapter shows how deception can be used as a tool to lure or push your threats into areas of your enterprise that you have prepared for proactive responses or countermeasures. It makes heavy use of military-based deception techniques, concepts, and vernacular, as most forms of formal deception were derived from military operations and constructs throughout the years.

As you read through this chapter, you will see how deception has been used traditionally, and how the basic concepts and best practices can easily be applied to the cyber realm of advanced, organized, and persistent threats across your enterprise.

How Does Deception Fit in Countering Cyber Threats?

From the moment I picked your book up until I laid it down, I was convulsed with laughter. Someday I intend reading it
.

—Groucho Marx

There is nothing more deceptive than an obvious fact
.

—Arthur Conan Doyle

Simply put, deception is a technique whereby we mislead people into believing information that prompts them to behave in a way that is favorable to us, while at the same time protecting our true intentions and posture. Truth can be lies as easily as lies can be truth.

Deceiving people and computers requires interaction with the sensory components.
Sensory components
can be considered any avenue by which information can be detected or received. In humans, this typically includes auditory, visual, olfactory, and electronic. Other factors that should be taken into consideration include reason, consciousness, skill level, experience, and free choice. All of these avenues can be exploited when it comes to evading detection of a human analyst or an autonomous security system.

Resources (such as time, equipment, devices, personnel, and material) are always a consideration in crafting deception, as is the need to selectively hide the real and portray false information. Traditional military deception includes operational (manual/physical) techniques known as feints, demonstrations, ruses, displays, simulations, disguises, and portrayals.

Six Principles of Deception

Military Deception (MILDEC) is one of the foundations of Information Operations (aka Information Warfare). Six primary principles make up what we know as MILDEC today (from
Joint Publication 3-13.4, Military Deception
, “Executive Summary”):

Focus
The deception must target the adversary decision maker capable of taking the desired action(s).

Objective
The deception must cause an adversary to take (or not to take) specific actions, not just to believe certain things.

Centralized planning
MILDEC operations should be centrally planned and directed in order to achieve unity of effort.

Security
Friendly forces must deny knowledge of a force’s intent to deceive and the execution of that intent to adversaries.

Timeliness
A deception operation requires careful timing and action.

Integration
Fully integrate each military deception with the operation that it is supporting.