Wednesday, November 28, 2018

Crowd-sourcing and bounties for defense

A little different post than I've done in the past, but I thought it would be interesting to the larger offensive/defensive cyber communities and too long form for Linkedin or Twitter. I'm an advisor to a company called 418 Intelligence, which is run by a friend of mine named Mark Jaster. They are trying to provide a platform that allows companies to move beyond bug bounties and actually crowd sourcing threat hunting/anomaly detection. They're just now opening up the platform to the community, I think it's worth checking out as I think there's upside for the individuals and for companies and room to grow/expand. I'd love to hear what people think of their approach, and would incorporate any positive or negative feedback you have back to them.

Here's the invitation:

If you have skills in analyzing logs and pcap files here is an opportunity to join the first cyber professionals testing a new community platform, supported by DHS, designed to incentivize and crowdsource better defense and insights on what methods are working. If testing and shaping this vision sounds interesting, sign-up to participate as a tester of the alpha release of the FOURSight DEF3NSE cyber defense crowdsourcing platform from FOUR18 Intelligence. This release operates a three-round live simulation game of an intrusion where you analyze artifacts and bet points with other players on what is happening and how to defend against it. It then transitions into crowdsourcing countermeasures against a known attacker group executing the same attack playbook in the real world.  The sign up form can be found here: FOURSight DEF3NSE Pre-registration Form.

FOURSight DEF3NSE is the first online community and marketplace for cyber defenders and decision makers to directly connect and incentivize crowdsourcing better defense and network resilience against cyberattacks. The system uses a unique, gamified and incentivized "wisdom-of-the-crowd" betting experience to crowdsource fast and accurate assessments of cyber risks and countermeasures, and it is designed to pay-off participants by creating a market for this information, including what will be the first-ever bounties for breach hunting. If the vision of bounty-hunting for attackers, or of testing what you know and winning pay-offs by predicting how successfully a countermeasure will perform against an attack sounds interesting, please join others in testing the platform and helping the designers make it great.

Once you register you will receive orientation materials explaining the system further, and an update on the testing schedule, but if you have any questions you can contact the team at

Thursday, June 21, 2018

@War review

I finished Shane Harris' book on Cyber Warfare recently and felt obligated to write a review about it on GoodReads. Given I spent the time writing it up, thought it might be worth sharing here for those following my blog who share an interest in the cyber security/warfare communities.

A thorough introduction to the world of cyber warfare from the perspective of a journalist surveying published media from mid 2005-2015 time frame. Some sampled private discussions and insights into behind the scenes discussions and classified projects. A good read for someone new to the field to catch up quickly. 

Unfortunately the author spends a significant amount of time pontificating on concerns that have been excessively debated elsewhere and attempting to seem moderate while making clear his opinions where the concerns lie... and unfortunately basing his conclusions on rumors he heard from self-proclaimed "experts". One example is the "thousands of exploits" the NSA is hoarding. This claim appears to be based on a single unquoted individual, and appears inconsistent to the other information in his book. (Pointing to a budget of $25M to acquire exploits, and price tags of $50,000-$1,000,000 would imply a catalog of 25-500 (dozens or hundreds, not thousands)) Much hand wringing is spent on NSA surveillance, defense-industrial relations, foreign government spying, and other topics that have been extensively discussed in the media over the last decade and a half.

Speculation is rampant in the book regarding what's happening behind closed doors and allegations are made without the editorial self-control that a reputable paper would employ. As someone with two decades of experience in this community, this reviewer recalls numerous relevant events that were not included and significant portions of the book devoted to commonly discussed events from various media sources (with a few interesting exceptions). In fact, the acknowledgements section credits many of the content writers of those stories from the news sources covering cybersecurity/cyber warfare (Michael Riley, Nicole Perlroth, Kim Zetter, etc.)  who actually interviewed the original sources and wrote about the events as they happened (or as they were uncovered!)

Books such as "Countdown to Zero-Day" by Kim Zetter provide a much deeper look that is more technically accurate and better sourced and represent a good alternative for a reader looking to gain insight into the technical and political aspects of the cyber warfare complex through a single (large) operational lens. 

@War is a good option if one has no prior exposure and views it as a breathless description of the events of the last 10-15 years in the US cyber warfare community from a non-technical observer doing his best to share what he's read about and been told as an outsider.

Friday, January 19, 2018

2017-2018 Update

 Nehemiah Security Siege Technologies     

As readers of this blog (or former readers!) have noticed I have been updating the blog less and less over the years. We successfully sold Siege Technologies to Nehemiah Security back in 2016 and have been working on the integration between the firms.
Pretty exciting to see technology we've been developing for years (Now known as AtomicEye RQ) make its way into the broader commercial market and getting traction with some big (Fortune 500) customers in addition to mid size and various government groups.
It wouldn't have happened without an experienced team like the group that Nehemiah brings to the table. Hopefully once that stabilizes I'll be able to get back to blogging more often, either this year (2018) or next (2019). Hoping to get back to some technical/cyber topics but will probably also include more diverse content as well. Stay tuned!