Threat Intel Book Club: July recap, August sign-up

Rebekah Brown and I kicked off the summer session of threat intelligence book club last week with Kim Zetter’s Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon. For anyone new, the goal of this book club is three-fold: to learn about the history and role of threat intel in information security; to connect with others interested in threat intel; and to explore the applicability of threat intelligence in everyday contexts. No experience is required, and banter is all but guaranteed.

Our next (digital) meeting is Wednesday, August 29 at 8 PM EDT/5 PM PDT. We’ll cover chapters 7-10. Register (required) here!

A summary of last week’s discussion is below for those who want to catch up.

Summary: July 11 (Chapters 1-6)

• Countdown to Zero Day tells the story of Stuxnet—the first malware targeting industrial control systems. The book incorporates information on malware, international relations, history, and traditional intelligence sources; it’s very much relevant to continued attacks against critical infrastructure.
• In the first six chapters of the book, a Belarusian security firm discovers a zero-day exploit signed with legitimate digital certificates on an Iranian system. When signatures are added to security tools, thousands of malicious files pop up, and more security firms get involved. However, even as the malware is better understood, the motives for its release remain unclear.
• To understand the motive and rationale of nation-state activity, it’s necessary to go beyond the malicious code; the book does a deep dive into the history of Iran’s nuclear programs and foreign powers’ efforts to monitor and limit them.

Takeaways: July 11 (Chapters 1-6)

• There are very few limits to what a determined and well-supported adversary can do.
• Malware analysis and Digital Forensics can give us a lot of information about what an attacker does...but not always why.
• Important context may not be readily or publicly available; identifying knowledge gaps is critical to effective analysis.
• Just like in The Cuckoo’s Egg (our first book club book), the researchers at Symantec had to convince their management to let them continue to work on the Stuxnet code. A personal sense of curiosity played a big part in driving the people in the book to understand complex problems and unravel incidents.

We’ll post discussion questions for August 29 here as the date draws closer. As always, post questions, comments, or suggestions below—or find Rebekah and me on Twitter. See you August 29!