Coding Out Crime
Coding Out Crime
Today’s infamous bank robbers, pick pockets and double agents don’t organize jewel heists, stake out busy street corners or lurk among the elite at exquisite dinner parties, yet they’re more dynamic and stealthy than ever.
Cyber criminals aren’t a new threat, but how we respond to them has radically changed since they began ravaging commercial and government network vulnerabilities after the dot-com boom. As automated self-propagating code attacks progressed to highly coordinated, long-term cyber intrusions, analysts at Lockheed Martin discovered their continuing cyber solution from an unlikely source – U.S. Air Force pilots and counter-IED experts.
Defining the threat
In 2012, the FBI’s Internet Crime Complaint Center received nearly 300,000 consumer complaints with an adjusted dollar loss of more than $525 million which is an 8.3 percent increase in reported losses from the previous year. Federal agencies aren’t immune to major cyber attacks either. The United States Computer Emergency Readiness Team (US CERT) received nearly 50,000 cyber security incidents from federal agencies alone in 2012, compared to six years prior, when they received only 5,500. These rising statistics and alarming trends compelled President Barack Obama to proclaim the month of October as National Cyber Security Awareness Month.
“Technology is reshaping every aspect of our lives, and protecting our digital infrastructure from cyber threats is one of our highest security priorities,” said President Obama in the proclamation. “Our national and economic security depend on a reliable digital infrastructure in the face of threats.”
From organized hactivism groups fueled by political, ethical or retaliatory motives to cyber theft criminals motivated by financial gain, understanding the threat profile of cyber attackers is a key step in defining the method of attack. Targeted, organized and long-term threats categorized as “advanced persistent threats” can be a significant problem due to sophisticated technology, expert attackers and potentially Nation State sponsorship.
The problem for most organizations is these advanced persistent threats evade detection by industry-standard tools because traditional tools make one flawed assumption: a response can only occur after the cyber breach itself. It took a team of Lockheed Martin analysts to discover the challenge of advanced persistent threats is also its solution.
“With advanced persistent threats, we used to believe that the adversary always had the advantage: the defender had to get it right every time, but the adversary just once. But we now know that the aggressor has no inherent advantage,” said Charles Croom, vice president of Lockheed Martin Cyber Security Solutions. “Yes, cyber threats are growing in sophistication, but their persistence is actually their weakness. We now recognize that they have a series of seven steps that they must take in a sequential pattern before they can steal intellectual property or degrade the network -- and we have built capabilities around each one of these seven steps.”
Taking on the threat
In 2006, analysts at Lockheed Martin began collaborating with the U.S. Air Force on cyber security measures and during discussions, learned of a classic military targeting doctrine that includes the concept of a kill chain. Pilots noted that each threat engagement is a series of steps that must all be executed successfully to carry out the strike. Any one failure in that complex sequence breaks the chain.
Another inspiration to cyber analysts was a 2007 Washington Post series on counter IED (improvised explosive device) operations. Reporter Rick Atkinson described the efforts by the U.S. military to discover these deadly weapons “left of boom,” meaning before the point of explosion. The Department of Defense’s Joint IED Defeat Office (JIEDDO) developed a system with kill chain methodology to build better resilience against IED attacks. Eric Hutchins, Lockheed Martin Fellow and Chief Intelligence Analyst for the company’s Computer Incident Response Team (CIRT) recognized both methodologies could also be applied to cyber security.
“The classic Air Force kill chain is Find, Fix, Track, Target, Engage and Assess. As net defenders, we’ll see some of the Find steps and a lot of the Engage steps, so we tailored our own seven-step process specific to intrusions,” Hutchins said. “These steps show how we can mitigate intrusions earlier – before the point of a compromised system.”
Any professional criminal conducts reconnaissance before executing the master plan – whether that means getting blueprints of a jewelry store before the heist or harvesting email addresses and social relationships before sending a phishing email. Lockheed Martin’s Computer Incident Response Team developed an intelligence-driven cyber defense that monitors all phases of a cyber-attack to understand the aggressor’s actions before they become harmful. As the attack progresses, so do the levels of visibility and control by the defenders so they can maintain information superiority.
“Traditional cyber defense is like a football team running the same defensive play over and over – regardless of what the offense is doing,” said Dr. Rohan Amin, director for Lockheed Martin Global Cyber and Security Solutions. “Intelligence-driven cyber security works like a defensive squad that scouts their opponents, knows their playbook and can make midgame adjustments.”
Today’s offense is tomorrow’s defense
While the dangers of the cyber realm are still very new related to other threats, America’s colleges and universities are looking for the next generation of cyber security experts to defend the country’s commercial and national interests. From the Department of Homeland Security’s National Cyber Security Awareness Month to the interactive LifeJourney™ program to promote careers in cyber security and STEM fields, students interested in a career in cyber security have multiple options to pursue. But as Jane Lute, former Deputy Secretary of the Department of Homeland Security puts it; we all have a job to do in cyberspace.
“Cyber security is so interesting in that we all have responsibility for it,” said Lute. “We all have to be attentive and collaborative on security so that we are all more secure. All critical infrastructure owners and operators, Fortune 500 CEOs, and even owners of small companies and individuals must -- and are --paying attention to cyberspace.”
October 15, 2013
- Cyber criminals aren’t a new threat, but how we respond to them has radically changed.
- Targeted, organized and long-term threats categorized as “advanced persistent threats” can be a significant problem.
- Lockheed Martin’s Computer Incident Response Team developed an intelligence-driven cyber defense that monitors all phases of a cyber-attack to understand the aggressor’s actions before they become harmful.
Cyber Threat Intelligence
Learn how Lockheed Martin's cyber threat intelligence is helping keep government organizations and commercial companies ahead of the threat of cyber attack.
What to watch out for:
- Virus: A virus is a self-replicating program that can attach itself to other programs or files on your computer so they spread rapidly – hence the harmful programs’ name. Some viruses can change their digital footprint so they’re harder to track.
- Trojan horses: A Trojan horse is a hacking program that is designed to look like a computer program that is completing a desired function. Instead, it contains a backdoor that allows unauthorized access to the target’s computer.
- Spyware: Spyware is a term that’s used to describe software that collects your information and behaviors – often without your consent. It’s often associated with advertisements or software that tracks personal or sensitive information.
- Malware: Malware is short for “malicious software” and it used to disrupt a computer’s operation. The term is used to describe a group of unwanted software like viruses and Trojan horses.
- Phishing: Phishing is done by sending emails, often appearing legitimate, to unsuspecting recipients and attempting to acquire information like usernames, passwords or financial information. Phishing emails often masquerade as a trustworthy source, but are social engineered to “spoof” email recipients.