Reverse Deception: Organized Cyber Threat Counter-Exploitation (26 page)

It’s déjà vu all over again!

—Yogi Berra

Conversely, as the temperature decreases, we see less activity (movement of molecules). Here, we observe that it takes less volume to hold the mass of gas. Theoretically, you could add more gas or put in a small amount. So, by adjusting the variables, your glass could contain more or less gas in the same volume—thereby adding to the question of whether the glass is half empty or half full. How you look at your enterprise can be similar.

With all of the systems transmitting and moving packets about your enterprise, it may be difficult to detect a specific type of network activity. This is why the more educated and skilled threats will operate during your business hours to hide within all of the noise. Those who are less educated or skilled will perform actions during nonbusiness hours, which increases the probability of detection by the defenders.

Two-Steps-Beyond Version

This is neither pig nor pork. It’s beef!

—Oliver Hardy as Ollie Dee in
Babes in Toyland

We profess that all the preceding versions are right and wrong, simultaneously. How can that be? What is the truth? The truth is what is factually sound to you. Perhaps we should consider the glass is twice as big as it needs to be to hold the liquid. Ouch! Did that even come to mind?

The picture is as clear as you dare see it. Specificity can lead to a clearer picture as understood by Sun Tzu; however, with more information, there is a possibility that the picture could become more clouded as Clausewitz believed, or even worse, you have wasted resources on clarifying something to the nth degree that was sufficient to accomplish the mission with a fraction of that investment.

Of course, there are numerous possibilities, but this exercise was undertaken to show how we must break those biases if we are to be successful in fully deceiving the adversary to accomplish the mission.

Conclusion

He’s not the messiah; he’s a very naughty boy!

—Monty Python’s
Life of Brian

People and things are not always what they seem. No one has a perfect method for safeguarding information and controlling the information environment. This book is a good first step in that direction. Information is relative and should be consumed as such. You can have too much information and too little, and those states are not mutually exclusive. If this seems confusing, just wait until we get to the next chapter. The important point is that the information environment is fluid. Professionals with good situational awareness and their wits about them will not be easily fooled.

Lesson 15, Part I: Use the formula P = 40 to 70, in which P stands for the probability of success and the numbers indicate the percentage of information acquired. Lesson 15, Part II: Once the information is in the 40 to 70 range, go with your gut. This is about balancing data and information gathering with your instincts. Learn to trust your gut (which is about trusting your experience). Sure you’ll make mistakes, but you’ll also learn. In the real world, you don’t have infinite time to explore every problem until you have all the possible information. Instead, it’s about satisfying to get things done. You have to find potential solutions that fit and test them against reality to see what sticks
.

—Colin Powell, Lessons on Leadership

Colin Powell understood that the information picture can get clouded as more information is folded into the mix. There is a point where enough information is enough, and a decision is required! Information is vital to the decision-making process, but weighing the quality of that data relative to the situation is where the true professional excels. Experience and training go a long way in improving an individual’s situational awareness, but there is quite a bit to be said for individual intellect. Common sense and a level head go far when dealing with critical and conditional decisions.

When the rabbit of chaos is pursued by the ferret of disorder through the fields of anarchy, it is time to hang your pants on the hook of darkness. Whether they’re clean or not
.

—Spice World

CHAPTER

3

Cyber Counterintelligence

C
ounterintelligence
tradecraft has its roots in the earliest of military orders and has been continually refined by practitioners for centuries. In any language, or any country around the world, government activities spend significant resources ferreting out spies with elaborate plans. As new challenges arise, the intelligence community has engaged to meet them head on.

In moving into the information age, we see a greater dependence on advanced technologies. Information travels much faster today than it did even 100 years ago, let alone a 1,000 years ago! The advancement in technology over the past three decades is exponential, which conversely forces the counterintelligence community to exponentially increase its capabilities. This is true with the advent of computers and the ever-expanding role of cyberspace in the world today. Computers and the cyber realm offer new problem sets for counterintelligence professionals.

One prominent problem is the mire of anonymity. Many of the components of computer operations lend themselves to naturally obscuring identity. Of course complete technical anonymity is not absolute; as it is not easy in every case to obscure your true identity online, and many people don’t know the extra steps needed to heighten obfuscation of their true identity. Hardware, software, and the nature of operating in the digital arena heap piles of ambiguity into the situation, as there are now dozens of unique identifiers by which your identity or even organization can be determined.

So how do you find someone? Where do you start, and how do you know when you do find that person once you have identified the information that you believe to be enough? These are tough questions that still go unanswered by many security and counterintelligence professionals.

Fundamental Competencies

The Office of the National Counterintelligence Executive (NCIX) is a subordinate directorate to the US executive branch. In 2006, the Director, Dr. Joel Brenner, directed that a study of the US counterintelligence discipline be conducted to identify the required core competencies across the US counterintelligence community. The resulting list is a rather universal one; that is, it transcends organizations—even nations!

NOTE

It is interesting to note that after extensive research, no references to studies by the Russian or Chinese counterintelligence services were discovered. As a matter of fact, there is no official presence by either service. In conducting online queries, the top result returned references to the office of the NCIX. Searches were conducted on Google and other prominent search engines (Bing, Yahoo!, and Dogpile). Some of the queries which ran included “information operations,” “counterintelligence,” and “computer operations”—all done in the native language with the same results. The United States is setting an example for the rest of the world by publishing the most information allowing anyone to review and understand how the United States performs counterintelligence (or is putting the information out there deception in and of itself?)
.