Evidence, Accusations, and Motivation

13 minute read | Last updated 9-Oct-2018 | An icon depicting a retail tag with a heart for 'favourite' Security, Rant

Mornings With Mark no. 0120

Watch the episode on YouTube

Join the discussion on LinkedIn

Bad Robot Transcript

Morning everybody. How you doing today? Well last week we touch on the Bloomberg report around on compromise supermicro servers that may have gone to up to 30 different American companies and agencies and Welton that story get Nathan complicated over the weekend if it wasn’t bad enough already. It is completely turned into just a ball of confusion.

And I think that is a really important thing to address not necessarily this story specifically which as every sort of moment passes at more and more evidence Mount against it records. The security researcher was apparently consulted on the story actually raised questions on to its veracity on because it echoed very very closely some of the things that he theorized about Anakin.

There’s no physical evidence presented that for everybody else to evaluate but I think more importantly in this was actually the subject of a CBC Radio call and I did that this morning. It’s really important understand how to evaluate these stories in this information as a consumer as a technology person and maybe somebody in cybersecurity as well.

So all the stuff I found this story by President Pence. I’m in the US had said that us cyber crime in cyber activities against the us so that they know that’s not the case. It’s that enforces conflicting reports. Absolutely everywhere. So how do you make sense of it? Well for me, there is a golden rule as a reminder.

I’m coming at this from a cybersecurity professional standpoint from a forensic science standpoint. Here’s the thing. Anytime anyone talks attribution. So who did it? You very very very very much need to turn up your ears alarm Bells going off in the background. You need to be concerned. The reason is attack after mutant is extremely extremely difficult.

So if somebody files criminal charges, then you can only live a certain amount of due diligence has been done because the prosecutor is not going to take them if they think they can win it. But even before the vast majority of these cases specially when it’s something like a report, you know, like the Bloomberg report like what we’ve seen over the past few years around Russian related interference with I’m elections in media manipulation and influence and things like that anytime.

You see any particular gang called out you need to be concerned and the reason is it so nothing is wrong and the reason why you need to be aware and concerned a simple The right now, you know, this is me on video release you hope this is me and not a deep fake.

I’m giving you this information. But if I typed it up and posted it on medium article not attributed to my username. How would you know, it’s me. Write really simple question. If somebody sends you an email that says it’s from your me at Mark n. CA which is my email address.

How do you know it’s from me? We assume a lot of things we don’t actually know and when it comes to cybercrime when it comes to nation-state level attacks, we really need to know and that’s sort of the the heart of the matter here so far. I’m sitting at a computer typing something out my typing action for typing something out.

How do you know that came for me? You might be able to through thorough investigation and a good view of the network trace the activity back to this that system. But you know, I was sitting at the keyboard at that time. Do you know what my motivations were that’s really the difference here.

So let’s walk through a completely different unrelated example. Let’s say there is a piece of malware on a computer system on my computer system that is attacking your computer system. So, you know, you’ve traced it back from my diet to an IP address that’s associated currently with my eyes peeled account and you know that something from this IP address has been attacked something at your your system.

Okay, so you’ve been if you got IP Trail you got some logs in your system that says an attack came in town from this IP. All right away, even though I said came from my system now, we’re talkin IP addresses, which means that’s a network space of network address.

I’m at my home office right now the IP addresses Associated to everything in the house because it goes through my router. So that means any device in the house could have done it or anyone connected to my home network could have done this attack. You don’t know that last even if you did, you know, I was sitting at my computer of the device that was on that.

I pee at that time. Do you know it was me that sat down and typed it? You probably can’t prove that to a court of law in any forensic witness can shoot that down. Anyone is worth their salt because my wife I maybe someone hacked my computer. Maybe it was someone who was in the house not me write someone we trusted a friend.

You can’t trace that back without additional evidence that might be enough for a search warrant to a system at this IP address conducting this attack, but was it Mark? And what was his motivation? You can’t say that and this is the channel to new scale that up to the nation-state level.

We see the Bloomberg report cited seven. Unnamed sources and various US government officials and investigations, but then every company denied it. So who you trust? Well, there’s no evidence supporting this beyond that Bloomberg report. There’s no photos of the implants and the pictures the imagery was all I’m drawn up for that report and they say so in the report and there’s no like hey, this is the hardware in Flint that was found in Heroes of where it was found a statement from something then you would hope that Bloomberg went through journalist aggregor.

They have a lot of our lawyers and they have a great reputation and that they don’t believe this to be true but how to use a reader interpret it. Will you need to take it with a grain of salt you need to take the denials of the grain of salt because there’s a lot of things here, but really for me anytime somebody says you don’t take that extra step of attributing the attack without visible and verifiable evidence.

Then you really need to raise a lot of questions happened and the motherboards and systems were manufactured in China that’s consistent with the evidence that they had presented. But to say that it was a particular part of a particular government of a nation state that’s taking a leap without evidence and that makes it really hard for us to verify and more that comes out around this story.

It raises serious questions, but also in general consuming cyber-security news any time. Somebody says Mark did it you really need to be on guard. It’s not that that necessarily happened but making that a solution is extremely extremely difficult to hopefully you’re still consuming all this news. You still bringing in but you’re adding some healthy skepticism.

I looking for verifiable evidence should be that much of an ass, but apparently it is but verifiable evidence that the key so just some food for thought for today. I’m only writing some of this stuff up to go on Market. CA along with the radio segment from this morning when it gets posted in the meantime.

Hit me up online at Mark NCAA. And everything else after those of you on the blog Down Below in the comments, and as always by email me at Mark and. I hope you have a fantastic day. Talk to you online and I’ll see you on the show tomorrow. Morning everybody.

How you doing today? Well last week we touch on the Bloomberg report around on compromise supermicro servers that may have gone to up to 30 different American companies and agencies and Welton that story get Nathan complicated over the weekend if it wasn’t bad enough already. It is completely turned into just a ball of confusion.

Evidence, Accusations, and Motivation

Bad Robot Transcript

More Content

Related Content