Hey wait, if we have screen video of hackers doing their work, doesn’t that mean we penetrated the hackers methods, processes, and other information resources?
Sometimes I don’t think we are thinking clearly enough, as the fear mongering escalates for cyber warfare, and how we are all going to go through an electronic pearl harbour, Mandiant Corporation drops this interesting little video onto YouTube showing what they claim is actual video of APT1 doing their own espionage work.
The caption on the video states:
This video shows actual attacker sessions and intrusion activities conducted by one specific Advanced Persistent Threat (APT) group, which Mandiant has named APT1. This group has systematically stolen confidential data from at least 141 organizations across multiple industries. A full report, published by Mandiant, details APT1′s multi-year cyber espionage campaign and is available at www.mandiant.com/apt1.
So here is what keeps this interesting, if Mandiant Corporation is doing this kind of video capture, doesn’t that mean they penetrated the hackers but royally? Couldn’t they then do a little deception work, changing files, changing key data, and otherwise making the hacked goods a little less damaging? False data is always believed when there is just enough good data in it to make it look plausible?
What is also interesting about this is that it was mostly looking at spear phishing, and stolen data. Spear phishing is something we get every day, we see our spam boxes clogged with offers every day for things that are supposed to make us want to buy, sell, or get greedy about something from lotteries to deposed Iraq family members, to enlarging parts of our anatomy. No one in this modern day and age should fall for spear phishing, everyone should be cautious about the stuff they get in e-mail.
Overall though, interesting video, and something that makes me a little bit happier knowing that someone out there is doing something very cool. In a world of soft targets and insane risk when it comes to our computer systems, at least someone is out there doing a little hacking back.
(Cross-posted @ Hacking Cloud Computing)