Read Reverse Deception: Organized Cyber Threat Counter-Exploitation Online
Authors: Sean Bodmer
Tags: #General, #security, #Computers
RAT (Remote Administration Tool or Remote Access Trojan)
A tool used for legitimate and nefarious purposes to access a client or private computer by someone who is not the local user.
RBN (Russian Business Network)
The underground and illegal operations of Russian enterprise.
ROI (Return on Investment)
A calculated step that evaluates the resources applied to an activity/process/problem set to see if the utilization of the aforementioned resources is worth the investment.
RSYNC (Remote Synchronization)
The ability to synchronize folders on a computer and another component.
SALUTE (Size, Activity, Location, Unit, Time, Equipment)
An acronym used for succinct reporting by US military forces to summarize foreign force activity.
SCADA (Supervisory Control and Data Acquisition System)
A computer system used to manage and control industrial processes and activities across an infrastructure-based system’s (power, water, gas, oil, etc) operations.
SLA (Service-Level Agreement)
A standard document used to define the level or depth of services from one organization to another, generally regarding the level of service a vendor will provide a customer.
SSCT (State-Sponsored Cyber Threat)
A cyber actor or entity that is resourced by a formal government.
SSH (Secure Shell)
A network protocol for secure communications through tunneling.
SSID (Service Set Identification)
A unique identifier of 32 characters attached to the header of packets sent over a wireless local area network (WLAN), used as an authenticating agent or password for all traffic operating within that IEEE 802.11 WLAN.
SSL (Secure Sockets Layer)
Cryptographic protocols providing security, which encrypt above the transport layer by using asymmetric, symmetric, and message authentication codes.
SSR (System Security Readiness)
The approach to security wherein the system’s settings are ready for security inspections or testing of its security settings.
TLD (Top-Level Domain)
A domain that sits at the highest level in the hierarchy of the Domain Name System (DNS), such as .com, .net, and .edu.
TTP (Tools, Tactics, and Procedures)
The ways, resources, and means of categorizing a number of operations, their methods, and their preferred tool set and methods.
URI (Universal Resource Identifier)
A unique string that defines the location of files and other resources stored on web servers across the Internet that are both publicly and securely visible to those with the appropriate credentials (generally synonymous with URL).
URL (Universal Resource Locator)
A unique address that correlates to a web page on the Internet.
US-CERT (US Computer Emergency Readiness Team)
The US government organization subordinate to the Department of Homeland Security and charged with improving the US cyber posture and informing US cyber users of impending threats and existing vulnerabilities.
USCYBERCOM (US Cyber Command)
A US subunified command responsible for defending US critical infrastructure and military systems of interest, which is subordinate to the US Strategic Command (USSTRATCOM).
UTC (Universal Time Clock)
Greenwich Mean Time (GMT), commonly identified as Zulu time in military operations.
VM (Virtual Machine)
A computer system that operates within another operating system, independent of its host.
VMM (Virtual Machine Manager)
Software that provides for centralized control of IT infrastructure.
VPN (Virtual Private Network)
A secure network that operates over the Internet or through other shared and unsecure areas.
Index
9/11 attack
100 Acre Wood Boot Camp
2009 FBI Uniform Crime Report
A
abuse.ch
data repository
academic research abuse
access control lists (ACLs)
ACLs (access control lists)
acquisition security
actionable intelligence
actions
ACTs (advanced cyber threats)
Adobe
advanced cyber threats (ACTs)
advanced persistent threats.
See
APTs
adversaries.
See
attack characterization
adversary environment
advertising campaigns
Ahmadinejad, Mahmoud
Allee, Verna
AmaDa tracker
ambiguity-decreasing deceptions
analysis detection systems
annotated codes
anonymity
“Anonymous” hactivist group
Anti-Malware tool
antivirus.
See
AV
Anubis data repository
application vulnerability scenario
APTs (advanced persistent threats).
See also
threats
conclusion
considerations
criteria
defined
defined by Wikipedia
examples of
history of
Internet value chain and
investing in
sizing up
value networks and
value of
vs. persistent threats
ARPANET
Assange, Julian
asset development/handling
asset validation
AT&T wiretaps
attack attribution.
See also
profiling
civilian cyber warrior
conclusion
example study
levels of information in objects
overview
profiling vectors
references
attack characterization
conclusion
events
forensic adversary characterization
motive/intent
overview
postincident characterization
real-world tactics
starting point for
theoretical
threats
attackers.
See also
hackers; victims
antisocial behavior
blocking vs. monitoring
characterizing.
See
attack characterization
commuters
educational level
marauders
motivation.
See
motivation
organized vs. disorganized
personality traits/behaviors
profiling.
See
profiling
skill level
social networks.
See
social networks
social psychology
state-sponsored
symbols
time considerations
understanding
attacks.
See also
engagements; threats
attribution.
See
attack attribution
balance of power and
blocking vs. monitoring
characterization.
See
attack characterization
cost vs. profit
into criminal infrastructures
detection of.
See
detection
e-mail-based
hacking back
infiltration response planning
isolating
measuring resources
metrics applied to
numbers involved in
opportunistic
opportunistic turned targeted
origination points
overkill
planned vs. premeditated
postmortems
risk tolerance
skill level
skills/methods
targeted
timeliness aspect of
when to act/not act
Attorney General Guidelines
autopsy, psychological
Autopsy Browser
AV (antivirus)
described
fake antivirus (FAV)
rogue AV-based products