Advance Persistent Threat Lessons from C.S. Lewis

1. Advance Persistent Threat Lessons from C.S. Lewis Marcus J. Carey

2. Credibility • C.S. Lewis - Secular guys with Kingdom business // similar like HackFormers • Known in Security – but I came from nowhere • Marlin, TX - Burn oil lamps for light • Borrow water from the neighbors • Went to school to get food - free lunch • Became obsessed with money – blessed with intellect • Join the Navy – R.A.F. Edzell – Cryptology career Scotland, spying on the Russians) • HFDF – High Frequency Direction Finder - on U.S.S. Ingersoll – spying on Subs • CSC – supporting NSA – at the defense cybercrime center – paid to imitate APTs – to break into cyberlabs • Met Johnny Long there – learnt hacking stuff from Johnny

3. What’s crazy about Johnny Long – Johnny’s office was like a hacking cathedral • Johnny said “He wants you!” – God knows unspoken prayers • You can be cool and be a believer – Johnny steps in • CMS – security contractor • Now Security Researcher at Rapid7 – work with Metasploit Team (Press releases)

4. Excelsior College – 135 credits cleped • M.S in Network Security – Capitol College (did not hack my Master’s degree) • Motivation for life – Money, Money, Money • No different from drug dealers and porn stars

5. Screw Tape Letters by C.S. Lewis • Focus of the family series • APT – a concerted effort by high paid professionals to break in; cyber espionage • About the book • Senior demon Screwtape • Nephew Wormwood (junior tempter) • Lowerarchy of hell • Mission: damnation of patient – APT – will not stop until they 0wn your org.

6. Most PTs get in and it is not that hard • Demons 0wn the heck out of us everyday and it is not that hard • Sin knocking on the door - Persists – Genesis 4:7 • Lowerarchy world view • Morally Reversed World • //ar to the InfoSec perspective – APTs; Flame/StuxNet (end justifies the means; all is fair in love and war) – For the devil, it is all war (be it your birthday or not)

7. Wormwood’s strategy • Tempt with wicked and deplorable sins • Hacktivist (lulzsec/anonymous) • awesome hacks and brag about it) • They did not encrypt their database • May die during the War • 0 day, take down • Cyberwar strategy • According to Screwtape is wrong

8. Screwtape’s strategy • Safest path to hell is gradual one • Exploit him first • Need not murder; let him just hate (little bitty things) • Corrupt • Don’t do ‘; DROP TABLE BOBBY_TABLES • Just do ‘; INSERT and UPDATE • When you are confused and befuddled – you wont know what to defend • APTs: steal slow and low; go undetected • Devil wants us to be wishy washy – no little sins, all lead to eventual doom

9. High profile virus take advantage of old exploits; Patch mgmt. • Patch mgmt > (incident mgmt.) – Repent; Sin -> Repent – Sin > Repent • Root cause > eliminate it (Problem mgmt) • People/Orgs recover even if the enemy is successful – Sony breach • No org. is perfect. No human is. • Even a murderer has forgiveness

10. Letter VI • Lulzsecetc want you to be scared • Devil – our business to keep them thinking about what will happen to them; God wants them to be concerned with what they need to do.

11. Letter XXII • Iron sharpens Iron • Info sharing in security industry – Govt. and Pvt. Security (Security community have to work together)

12. C.S. Lewis had to put himself in the mind of a demon • Excellent personal life security policy • To deal with APTs we need to think like an attacker • You will end up with a good security policy

13. All sinners (Romans 3:23) • No org is perfect. All orgs is going to be breached if not already

14. Energizer • Born without a battery • Fill the void • Money (needs rechargeable) • Kevin Luke – Power of God in us

15. Ten Commandments of InfoSec

16. DJ Screw • Houston - Mix tapes  Screwtapes – galvanized the culture of sipping syrup – drug addiction – overdose and died of respiratory arrest (Sipping on Syrup?) • Satan – Ultimate APT