Saturday, September 12, 2015

Cyber as the equalizer

On April 6th, Wapack Labs reported an uptick in Iranian hackers stockpiling tools, registering domains for command and control nodes, and seemingly preparing for the idea that nuclear talks may not go Iran's way.

Why did we believe this? Beyond the sheer volume of activity at the time, at a high level, we examined data and planted a stick in the ground, and made what we believed at the time to be a valid, analysis driven intelligence assessment on the implications of the things we'd been sourcing, coupled with open source, historical data and current geopolitical activities (the nuclear talks). In the business, we call this "all source analysis".

Today, it appears we were right. We may see only a small piece of the puzzle compared to the NSA, but you get to read ours. You'll probably never see theirs! In this case however Mike Rogers, director of the NSA was quoted in the Wall Street Journal on the drop in Iran-originated attacks since the close of nuclear talks.
http://si.wsj.net/public/resources/images/BN-KF886_0910IR_M_20150910125728.jpg

While today's blog isn't intended to blow our own horn, it is meant to demonstrate the idea the context in intelligence matters. In fact, without context, it's not intelligence at all...

When we posted that report on Iranian cyber activity in April, I was shocked that ours appeared to be the only story out there talking about the impending close of the nuclear talks, and the rise in what appeared to be cyber attacks from Iran.
  • During the uprising of the crisis in Ukraine, cyber attacks were used on both sides of the border --albeit far better mobilized, financed, planned and executed from the Russian side, to manipulate the Ukrainian Parliament and Presidential elections. This activity was expertly planned and executed. And, it involved not only targets in Russia and Ukraine, but others outside the area who appeared to side with one or the other --including US and EU bankers who appeared in investment documents published on the web by Ukrainian banks. Again, I was shocked that we were the only ones talking about Ukraine and Russia, but we thought there'd be some massive lessons that we'd take away.
  • Maritime shippers, port operators, logistics companies and more, in and around the Panama Canal, S. China Sea, the Suez and others have all been victimized by cyber activities --why? There are several theories at work, but one suggests to ensure supplies of crude, LNG, LPG remain open for large Asian consumers. 
  • Why are the Chinese acquiring land and investments in Iceland? Because there's major fiber convergence there ---and because it may be a staging area for mineral rights, travel rights, or further exploration under the arctic cap. 

Why do we care? We're a cyber shop right? We care because cyber is the equalizer. For us it's not so much about physical threats from Iran during the nuclear talks (although there may be --I'm hoping someone else is watching that), it's the idea that any country can gain access and use cyber tools against any number of targets, for any number of reasons. In every case, where there's heightened geopolitical risk, cyber will be in some way, to level the playing field, gather information, manipulate documentation, steal money, or garner political support.

Our job? Our job is to make sure you know.

---------------------------------------------------------------------------------------------------------------------
Red Sky Alliance: Information Sharing and Collaboration - RedSkyAlliance.org
Wapack Labs: Intelligence production  - WapackLabs.com