Metrics, Measurement, and Information Security

René Pfeiffer/ March 28, 2018/ Discussion, High Entropy, Security

Metric is a great word. Depending how you use it, it changes its meaning. The metric of a network path is quite different from the metric system. When it comes to measuring something, the might be an agreement. Why bother? Because we have heard of the term security metrics being used for something which should better be called security statistics. In mathematics a metric is a function which tells you the distance between each pair of elements in a set. While this does not necessarily have to do something with distance, it is a fitting analogy. It also connects metric to physics. Measuring how far two points are apart gives you usually a distance (either a straight line or a sum of straight lines). In essence measuring something boils down to comparing your object

Read More

Advanced and In-Depth Persistent Defence

René Pfeiffer/ March 26, 2018/ Discussion, Security Intelligence

The attribution problem in digital attacks is one of these problems that get solved over and over again. Of course, there are forensics methods, analysis of code samples, false flags, mistakes, and plenty of information to get things wrong. This is nothing new. Covering tracks is being done for thousands of years. Why should the digital world be any different? Attribution policy tactics, APT, is part of the arsenal and thus part of the threats you are facing. It has less impact though, because it is only of interest when your defence is breached – and this means you have something else to worry about. Attribution is not useful for defending against threats. While you can use to to „hack back“, this will most probably not help you at all. The main problem with

Read More

Upgrade to HTTP2

René Pfeiffer/ March 23, 2018/ Administrivia

We are busy with a little housekeeping. Among other things we have changed the way you can access our blog. It is now using HTTP2. We also added encryption and redirect all HTTP requests to HTTPS. Search engines should update their caches as soon as they refresh the pages. Hopefully this does not break anything. If so, please let us know. The DeepSec blog has been long using HTTP only. This was due to infrastructure constraints. Since future versions of web browsers will give you a warning when surfing to a HTTP site, we decided to change the blog configuration. You might want to do the same before June 2018. Otherwise you might get some enquiries about the security warning. Next stop: TLS 1.3.

The Grotesqueness of the “Federal Hack” of the German Government Network

Sanna/ March 19, 2018/ High Entropy, Security Intelligence

[Editor’s note: This article was originally published on the web site of the FM4 radio channel of the Austrian Broadcasting Corporation. We have translated the text in order to make the content accessible for our English-speaking audience. We will follow-up on it with an article of our own about attribution, digital warfare, security intelligence, and the DeepINTEL conference.] A friendly secret service knew more about espionage against the German government network than the German counterintelligence. Three months after the hack was discovered, the attackers are still somewhere in this huge federal network. By Erich Möchel for fm4.orf.at One week after the announcement of the attack on the security network of the German Federal Government details only leak slowly. The first official statement on Friday claiming that the alleged Russian Trojan suite was already under

Read More