No doubt you have heard about Anonymous hacking HBGary and leaking their emails.
The media had a field day: "security company gets hacked", "Black ops: how HBGary wrote backdoors for the government" etc, etc....
HBGary got pwned, but shit happens right? its probably not worth thinking about all the successful hacks which happen against companies such as Micro$oft and Google which are not made public... and whats with the big fuss about writing backdoors for the government??? We are in the age of cyberwar, I bet plenty of defense & security companies are doing the same? (Stuxnet anybody?)
Anyway, to the point of this post:
One of the BIG things I am surprised has not been reported on more, are all the email reports and investigations on APT? A number of the emails are regarding in depth APT investigations, there are also emails about specific APT/Malware variants and how the HBGary tools detect them.
No doubt the APT 'attackers' have read the HBG emails and have probably dramatically changed tactics, and likely have moved to entirely new malware variants. There was one specific HBG customer who I will refer as 'QQ' who appears to have had an on going APT infected for a long time. Reading the emails it would appear a lot of data was stolen (how much that data relates to in real money, I don't know, potentially in the millions?), and now their entire investigation has been published on the Internet, its going to cost them millions more in remediation, let alone the negative image its may have to its customers.
Fortunately none of the HBG apps source code was leaked, if it did, AV companies would be in for a hard time as I believe this would give APT authors an great advantage in staying undetected.
D3ADLiN3
Monday 21 February 2011
Subscribe to:
Posts (Atom)
