Cyber security is something we hear a lot about but is something that often remains an enigma. When attacks happen cyber security firms come to the rescue, but what do cyber security firms actually do to keep ahead of cybercriminals, and how do they attempt to stop attacks before they occur?
Recently, there has been a growing trend within the sector for employing ex-intelligence agency workers to gather information about hackers before they carry out a planned attack. In fact, it is believed that in total hundreds of ex-government spies are now employed in the cyber threat industry. Nir Zuk, from Palo Alto Networks (himself an ex-Israeli-military hacker), says that ex-spies are in high demand because ‘the people coming out of the military and the intelligence community are really, really good. They know the attackers. They know how they work.”
In Australia, a recent debate over the way in which cyber security is taught in Universities has caused the government to encourage the nation’s institutions to teach more practical courses. The reason? The current curriculum concentrates too heavily on theory, rather than on the skills necessary to combat sophisticated cyber attacks. It is because of this that ex-spies are highly employable – they add tremendous value that cyber security firms can not easily get elsewhere.
In Tel Aviv, a company that was started by a retired Israeli intelligence officer combats cybercrime with techniques developed during his career. BlackCube, uses this specialist know-how to infiltrate hacking rings, often behaving almost identically to law enforcement agents trying to infiltrate crime syndicates.
Last year, BlackCube (which specializes in accumulating online information), asked a client for access to its internal data networks in order to stop a future attack. BlackCube then shrewdly used the (not dangerously sensitive) information to troll online hackers with what appeared to be the plundered booty from a cyber attack. By using the fake digital trail, BlackCube operatives were able to gain the trust of, infiltrate, and ultimately stop the gang of cyber thieves.
BlackCube (which has high-level advisers such as Michael Drury – former director of legal affairs at British agency GCHQ), is not the only firm employing such tactics either. With the threat of cyber crime always growing, other companies are also beginning to turn to classic spycraft to stop attacks before they occur. Detection and prevention are, after all, a much more appealing product than just patching up systems post-attack.
Israeli company Diskin Advanced Technologies, American firm iSight Partners, Fox-IT Group BV from the Netherlands, and Group-IB from Moscow are just some of the firms now using snooping to help clients. According to tech consultancy firm Gartner, information gathering is still a minute sector of cyber security spending (0.4% in 2014). It does recognize, however, that a growing number of firms ‘especially in the financial and government sectors,’ are attempting to expand this aspect of their digital security regimes.
These techniques include playing to hackers’ egos to flatter them into revealing information. Buying or selling stolen data to ingratiate themselves with hackers. As well as using dark web meeting places, forums, and marketplaces to get close to the action and perhaps even join a cyber gang.
According to Noam Ichner (who works for Israel-based Diskin AT), she spends most of her time pretending to be a man while on the trail of hackers. The reason is that cybercrime is a primarily male dominated environment. She does admit, however, that she did on one occasion resort to a very well known form of flattery (while employing a female alias) in order to get closer to the hacker she was investigating,
‘I had to make [my] persona stand out, to get the other side to choose to engage with me over other possible parties. There might have been a hint of flirtation.’
Just like with regular police work, Ichner explains that she must be very careful not to go too far and become involved in any crimes during an investigation. A skill which she developed during her time working at the Israeli Intelligence Agency, Shin Bet,
‘In the agency I worked for it was about getting to a level of intimacy with terrorists without participating in terror attacks or triggering them.’
At the moment larger cyber security firms like Kaspersky Lab ZAO and Intel Security Group, are not providing this kind of service. For now then, gathering intelligence remains a niche for smaller cyber security firms such as Lacoon Mobile Security, which just took on fifteen agents from Israel’s unit 8200. However, with clients becoming aware of this highly proactive method of digital security, it should not be long before established firms are also rushing to add ex-hackers, spies and cyber-warriors to their ranks.