Love your enemies before you destroy them

October 10, 2019 | Allie Mellen

man walking in front of graffiti that says good

Photo by Volkan Olmez on Unsplash

“In the moment when I truly understand my enemy, understand him well enough to defeat him, then in that very moment I also love him. I think it’s impossible to really understand somebody, what they want, what they believe, and not love them the way they love themselves. And then, in that very moment when I love them.... I destroy them.”

Orson Scott Card, Enders Game

The cutting edge of cybersecurity is moving away from a reactive defense. Instead of analysts waiting for a threat to happen, they are proactively searching out attackers in their environment. Attackers are dynamic. They are always changing and improving their capabilities, which means that defenders need to lean in and adapt even faster to keep up. Proactive defense is about predicting, understanding, and preventing as many moves as possible that an attacker could make against you. You have to stay a step ahead of the enemy and lure them into a trap of your own.

In the cybersecurity space, this is why we red team. A group of red teamers takes on the characteristics of an adversary to challenge an organization to improve its defenses. They eat, sleep, and breathe adversary behavior ...legally.

Red teaming is a well-regarded and crucial part of defense in cybersecurity. It has its place and it makes an impact, but it is solely targeted at improving defenses. What if we took this idea of understanding the enemy one step further, outside of defense?

Anonymous, WIkiLeaks, and nation-state threat actors use open-source intelligence (OSINT) and espionage campaigns to drill down into the lives of targeted individuals. They use hacker techniques, tactics, and procedures to aggressively target individuals as a means of control. Once they have access to this information, they can do any number of bad things with it, from sabotage to assassination. But what if we took these adversary methods of OSINT and used them for the greater good? Must these techniques be used solely for evil?

As a society, we have gone from outright shunning of hacker culture, stereotyping hackers as hoodie-wearing teenagers in the basement, to the beginnings of acceptance and appreciation of hackers. We have started to recognize that many hackers are curious individuals that want to try something new. They are the puzzle solvers of the Internet age. Moreover, they are necessary for the cyber-resilience of the technology industry. Much like being a germaphobe puts you at more risk of becoming ill, not appreciating and adopting a hacker mindset results in weakly secured systems. As part of the revolution of acceptance around hackers, we should start to accept and turn the head on adversary techniques to see where we can apply them proactively today, not just for defense. What can we do today using OSINT and espionage techniques to better the lives of those around us?

We have seen cases where individual, white-hat hackers will help hacker victims, like in the case of Fabian, a hacker world-renowned for destroying ransomware. However, these instances are few and far between, and nowhere near as coordinated as adversary activity.

Enter non-profits.

Groups are cropping up that use adversarial tactics, but for good. An example of this is Trace Labs, a non-profit group that liaises between the police and hackers to find actual missing persons. Instead of using the OSINT techniques commonly associated with espionage for evil, this group takes experts in the field and puts their talents towards helping bring home missing children to their parents, relatives to their families. This is a use case for cyber that breaks out of the attack-defend mold the industry is dominated by.

With a little innovation, the methods we have so long associated with crumbling privacy and the threat of attack can be used for proactive good to get ahead of the active, dynamic attackers and make us more resilient. This is not just about defending against bad guys or shoring up your defense. This is about taking part in safe, legal practices to make the world a better place in your own way.

How can you help the world with your security skills?

Allie Mellen

About the Author: Allie Mellen

Allie Mellen writes about security at Cybereason. She has several years of experience in cybersecurity and has been recognized globally for her security research. She has a B.S. degree in Computer Engineering and has had various engineering, development, and consulting roles in the technology sector over the past ten years. Cybereason is a security company with headquarters in Boston, MA and offices in Tokyo, London, and Tel Aviv. The Cybereason solution combines endpoint prevention, detection, and response all in one lightweight agent. It delivers multi-layered endpoint prevention by leveraging signature and signatureless techniques to prevent known and unknown threats in conjunction with behavioral and deception techniques to prevent ransomware and fileless attacks. Combine the best platform on the market with active monitoring and response from our expert security team to receive a comprehensive defense.

Read more posts from Allie Mellen ›

‹ BACK TO ALL BLOGS

Get the latest security news in your inbox.

Subscribe via Email

Watch a Demo ›
Get Price Free Trial