Play the “Who Am I?” Cyber Game
Who does not love a game of “Who Am I” especially after a nice dinner with friends and family? The game is simple and enjoyed by children as well as adults. While the origins of the game may be difficult to determine, however the game works on your curiosity, expands your ability to problem solve, invokes critical thinking, reasoning, memory and knowledge. The game is a guessing game where a person asks questions that provide clues and eventually all the clues will lead you to the answer.
For the Cyber-security professional, the “WhoAmI” is not just a game but a living reality. There have been large scale attacks or breaches where organizations had to bring in external forensic specialists to identify the perpetrator. In Cyber-security along with the defending the organization the objective is also to unmask the person behind the keyboard that is the threat actor (aka perpetrator). The threat actor is evading, deceiving, masquerading, adopting while being very focused on achieving his mission by infiltrating into an organization to get your crown jewels or cause damage. The very nature of the internet makes it easier for the threat actor to hide, evade and be anonymous. Unmasking the perpetrator or group is like playing “who am I” with all the clues that are left behind (or not) on the network, end point, application etc. Piecing these clues together may lead to identifying a potential attribution. A classic example is Stuxnet and this well-done video on YouTube
Cyber attribution is the process of tracking, identifying and laying blame on the perpetrator of a cyber-attack or other hacking exploit. Cyber attribution can be very difficult because the underlying architecture of the internet offers numerous ways for attackers to hide their tracks. Without the possibility of identifying the perpetrator and bringing him to justice the perpetrator will always have an upper hand.
Seems like a plot for the movies and yes the movie industry did not pass up the opportunity to make a movie on this. Interestingly a German movie Who Am I – Kein System ist sicher (original title) that explores the darknet was made in 2014 and did get very good reviews. The other closest Hollywood movie is “Catch Me If You Can”.
In the Who Am I game the end result is known, predictable in the real world catching the perpetrator is much much harder. Organizations not only have to play the who am I game and learn from every incident and also have to keep up with the volume of clues that are left behind or not left behind. Understanding #CyberKillChain and #AnatomyOfAnAttack are essential tools in the arsenal of the cyber-security team. If only Cyber-security teams had a bird’s eye view of the battlefield in which they battle. In the cyberspace, identifying who the enemy is one of the biggest challenges. Once the perpetrator is identified the task falls to the local law enforcement and Interpol to bring them to justice and keep them away from the keyboard.
In the WhoAmI game, everyone knows when the game ends and retires. Unfortunately, there is no lights out for the Cyber-security Teams and easily leads to burnouts. Just like the WhoAmI game the individuals in the Cyber-security team need to be extremely skilled at piecing together pieces of the puzzle before, during and after an attack. Where can such skills be acquired, learnt or practised?
Perpetrator behind the keyboard is a human and thus he will be creature of habit. Thus, leaving behind patterns and clues aka Techniques, Tactics and Procedures (TTP). This probably is one of the best ways to narrow down a perpetrator and sharing this #CyberIntelligence will make a difference. What more should organizations be focused on beyond technology and processes. The short answer is Talent; Technology can be purchased, processes written, however it will be the cyber security talent that would need to “outwit”, “outsmart”, “outlast” and “out-win”.
In closing and quoting Sun Tzu’s Art of War
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle”
The question for your organization is how good is your talent in playing the “WhoAmI” cybergame? Are they prepared and have they been tested?
About the Author: Vivek Gullapalli has 20 years of experience in #CyberSecurity and a large part of his experience has been in leadership roles in global Financial Institutions. He is currently a Partner at INOK Systems, a boutique specialist firm that believes in helping organizations become more self-reliant with their security in cyber space i.e. #CyberHealth, #CyberFit and #CyberImmune. Find out more about INOK Systems on their website https://cs.inoks.com/about-us