Cyber false flags and adversarial counterintelligence, oh my…

Presented at DerbyCon 9.0 Finish Line (2019), Sept. 6, 2019, 5 p.m. (45 minutes)

So you’ve performed the investigation and attribution is complete. Or is it? Attackers are becoming more advanced every day. And with that sophistication comes the desire to pin their attacks on others to cover their tracks. Earlier this year, the we observed the first kinetic response to an alleged cyberattack. But what if the attribution were wrong? That’s not as far-fetched as some might think. In the Olympic Destroyer attacks, it’s now clear that Russia tried to confuse analysts into believing it was North Korea. In this talk, someone who’s been on both sides of the keyboard will examine how attackers might conduct false flag attacks, case studies where it’s happened, and how you can avoid being duped into performing an inaccurate attribution.

Presenters:

• Jake Williams   as Jacob Williams
  Jake Williams is the founder of Rendition Infosec, IANS faculty, and a former NSA hacker (as endorsed by Russian intelligence operatives). He performs research on incident response and red team operations, as well as cyber threat intelligence. Jake uses his passion for information security and business experience to translate complex topics into formats that are easily digestible by those without a technical background.

Links:

• https://infocon.org/cons/DerbyCon/DerbyCon 9 2019/Cyber false flags and adversarial counterintelligence oh my Jacob Williams.mp4
• https://infocon.org/cons/DerbyCon/DerbyCon 9 2019/Cyber false flags and adversarial counterintelligence oh my Jacob Williams.eng.srt (subtitles)
• https://www.youtube.com/watch?v=b-r0uh9tpac

Similar Presentations:

• VB2016 / Wave Your False Flags! Deception Tactics Muddying Attribution in Targeted Attacks
• ShmooCon 2022 Rescheduled / Wait a meowment, which kitten is this?
• Black Hat Europe 2019 / Conducting a Successful False Flag Cyber Operation (Blame it on China)