everyone: older news
Superstition in Cybersecurity
by Brent Kirkpatrick
(Date Published: 10/9/2018.)
The idea of an advanced persistent threat is a superstition that appears to originated from the military. The non-scientific idea at the core of this superstition is that there can be a technology threat that persists, rather than a person that persists. Indeed, if there is a persistent threat, that threat would be a person or a group of people. On the technology side of things, there are only vulnerabilities that are patched or unpatched. While a hacker might gain access and try to hide a backdoor, this threat is created by the actions of a person, rather than a technology.
Another non-scientific idea is that digital evidence can be attributed to the person who hacked, in the absence of other types of evidence. The idea at the core of this superstition is that hackers leave their fingerprints on the code they write. This is typically not the case. Imagine for a moment that we un-earthed a manuscript written in the 1800's without knowing the authorship. It would be a very challenging task to determine the author from the text alone. Instead, we would need other clues as to the origin of the manuscript: when it was discovered, where was it discovered, how it was written or printed, etc. It is the same with computer code, including code used to hack.
Another non-scientific idea, that of impenetrable security, is that there exist computers on the Internet that have not been hacked. Many recent news reports and demonstrations by penetration testers have helped combat this superstition. However, the most convincing evidence is the prevalence of computer worms that conquer large portions of the Internet. One such example is Panther Shadow, a worm that infected Linux devices earlier this year.
Please contact us at Intrepid Net Computing if you need scientific solutions to cyberattacks.
Trojan Hunter (TM). Digital forensics for Trojans at an accessible, fixed price. For any operating system.