“Just stay under yer invisibility cloak!”

On 2 April 2021, CNN published a story describing certain actions undertaken by the likely Russian actors reportedly responsible for recent supply chain compromise activity that affected multiple parts of the U.S. government. Specifically, those actors allegedly targeted the user and email accounts of Department of Homeland Security (DHS) threat hunters — likely as a means to provide an early warning and intelligence feedback loop to enable the actors to escape detection for as long as possible. That story elaborated on an earlier piece from CyberScoop. …


So please, get off the furniture.

Whenever the cybersecurity community — technical analysts, policy wonks, government officials, journalists on the beat, etc. — talk about how we perceive or interpret a threat publicly, we are providing material that could be exploited by the responsible adversary in a feedback loop. This feedback loop may inform how that adversary conducts its future operations, to include how it determines what goals and effects are attainable. This dynamic is not limited to cyber threats: the adage that “The enemy gets a vote” is as ubiquitous as it is old for a reason. …


Did you write an op-ed calling for the deterrence of foreign states’ cyber operations?

I love to repeat myself:

I dare you to search my handle and the word “deterrence” in Twitter

In light of the most recent “op-ed by someone who ostensibly should know better”, I had a few thoughts (beyond my op-ed specific ones) on the persistent incoherence related to cyber operations that seems to pervade any discussion wherein the idea of deterrence rears it’s head these days.

While the fundamental concepts of deterrence as a psychological phenomenon and the components of proportionality, reciprocity, and (coercive) credibility remain viable outside of discussions about use of nuclear weapons, deterrence theory itself is intrinsically…


Rarely serious enough to warrant a Hellfire as opposed to deactivation of C2 infrastructure.

The other day, I saw a poll on Twitter about if it was reasonable to employ lethal force on ransomware operators. I had a number of thoughts, which I shared at length:

TL;DR — I don’t think JDAMs are the answer to ransomware.

It came to my attention today that there appear to be some misinterpretations of my remarks, specifically that they amounted a blanket rejection of offensive measures to respond to ransomware threats. To be clear, my previous comments were focused on advocating against kinetic measures, not every option under the offensive sun. …


“It’s the start, I should tell you now, of a very, very, clever knot.” (from the BBC’s Tinker Tailor Soldier Spy)

Note: This blog has been updated as of 19 November 2020 to incorporate additional material, which is preceded by an asterisk.

On 22 October, 2020, the U.S. government issued an alert (AA20–296A) for a widespread campaign of malicious activity by a Russian state-sponsored cyber operations entity tracked under a variety of industry monikers. This activity took place between at least September 2020 and October 2020, with its targeting focused on a large volume of entities associated with U.S. state, local, tribal, and territorial (SLTT) networks and aviation sector networks. The Russian entity named as responsible has been linked to Russia’s…


“Long live the fighters of Muad’Dib!” (from SyFy’s “Frank Herbert’s Dune” miniseries)

In 2014, as part of my terrorism coursework for graduate school, one of my assignments was to write a manifesto of a fictional terrorist group explaining why (or why not) that group should use violence, and the accompanying implications of such a choice. The purpose of this exercise was to force us as researchers to simulate the sort of thinking required of leading figures in terrorist groups if they are to succeed in convincing compatriots and recruits that the leaders’ strategies are valid.

I chose to take my inspiration from Frank Herbert’s science fiction masterpiece Dune, and offered a simulated…


Note: This blog has been updated since I wrote it at approximately 3:00 AM.

I am increasingly loathe to write blogs, mostly due to the combination of time required and a lack of stories that generate sufficient interest on my part to get me to overcome the time commitment hurdle — I usually just do an obnoxiously long Twitter thread. But then, I read the Washington Post’s latest on what CYBERCOM is apparently considering as deterrent measures against Russian interference in the 2020 U.S. elections. …


Image credit: https://loving-newyork.com/brooklyn-bridge/

We all enjoyed a front row seat Monday to a special event in the history of public attribution: the NSA and GCHQ (via NCSC UK) revealed that the Russian adversary Turla not only compromised the tooling and infrastructure of Iranian adversary OilRig but then leveraged said tooling and infrastructure to conduct it’s own operations. Offhand, I cannot recall another time Western government agencies have exposed this particular flavor of cyber activity. …


In the 2nd Century BCE, the Roman poet Juvenal asked “Quis custodiet ipsos custodes?” This question of who watches the watchmen has become a common one in an age where governments are increasingly the beneficiaries of an imbalance of power between the governing and governed. But that grander question does not interest me here. Instead, I ask “Quis custodiet ipsos interfectores?” Who watches the killers? …


A recent article from the AP explored the concept of how much direct involvement Vladimir Putin has in the wide variety of clandestine activities engaged in by the Russian state, based on the nature of the power structures surrounding the man himself. Two former Russia specialists from CIA have already weighed in on this article, making the point that potentially high-profile and/or high-impact operations would not go forward without Putin’s approval even if there is a significant amount of autonomous authority delegated from Putin and his inner circle to select oligarchs and officials. …

Horkos

The net’s own counterintelligence referent, maybe. Views here are personal, not my employer’s. All original content © Alex Orleans, 2014–2021.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store