Reflections on MIRcon

If you missed MIRcon 2011, you should tune in to Mandiant’s State of the Hack: What really happened at MIRcon webcast on October 28th. (Archived version should be available here.) There were some great talks from the likes of Richard Clarke, Michael Chertoff, and Tony Sager, and a lot of the greatest minds in incident response and cybersecurity either presented or were present. Kevin Mandia has assembled an insanely gifted and giving crew.

What did we learn? Organized crime, hacktivism and nation-states are the attackers and no target is invulnerable. Your only defense is to quickly identify and carefully disrupt attacks. Don’t be a soft target. The harder the attacker has to work, the more likely you’ll either stop them the next time or they’ll move on to a softer target. They understand and have seen firsthand the effects of cyber espionage: the skill, speed and agility of the attackers; the ineffectiveness of standard security infrastructure; the economic impact of personal, corporate and national data loss and compromise.

We cannot put a price on the ultimate impact of cybercrime. Sure, we all know someone who has had to deal with credit card fraud or has received one of those letters stating that your personal information “may” have been lost. That’s a huge hit on our economy. But it’s the tip of the iceberg. It’s what you see in the media and has the most potential to effect you personally. Now think corporate. Stealing PII is valuable. Attacking corporate bank accounts is profitable too. I believe it was Michael Chertoff who referred to “outsider trading” in his talk: stealing confidential corporate communications to leverage that information against the victim company in business negotiations. If you’re a bidder and you know the lowest bid in advance you can pretty much guarantee a win.

It doesn’t stop there. Richard Clarke told a great story about driving down a highway in Dubai where he saw an eighteen wheeler carrying a predator drone. He later asked Dubai officials when they had starting buying predators. “We haven’t.” they said.  “The US won’t sell them to us. That was a Flying Dragon.” Guess who they bought that from?

The ultimate impact seems immeasurable and there are no indications that it’s going to let up. In that sense, MIRcon was as depressing as I had expected. Actually, a little more so. Kevin Mandia’s opening remarks left my co-worker turning to me saying, “Wow. Depressing. Wow.” and me nodding affirmatively. Had it ended there I probably would be looking to buy some farmland and chickens far away from the Interwebs. Instead the next two days were filled with quality presentations, amazing technology and it’s uses, and real-world stories of victories and defeats. By the time Kevin gave his closing remarks I was still depressed, don’t get me wrong. It’s bleak. But some people get it. Some battles are being won. And at least some of the people fighting those battles are interested in helping you wage those battles yourself and providing tools and guidance to do so. There’s a rich, military background in the core of Mandiant. It’s quite apparent they’ve never abandoned service to their country.

/salute Mandiant

Leave a Reply