Risk Management

03:16 PM
Melanie Rodier
Melanie Rodier
Connect Directly

The Geo-Political Knowledge And Expert Skills Needed to Combat Hacktivist Attacks

You have to know your attacker - and your security staff, a security consultant says.

Bank of America's website experienced periodic outages on Tuesday, possibly due to a cyber attack launched in retaliation for a film mocking the portrait of the Prophet Muhammad which has already incited deadly riots throughout the Middle East. The threat, from the "Cyber fighters of Izz ad-din Al qassam," a reference to the military wing of Hamas, was also made against the New York Stock Exchange.

Wall Street & Technology spoke to Eric Friedberg, co-president, Stroz Friedberg, a global digital risk management and investigations firm about how financial firms should protect themselves from these sophisticated attacks.

WS&T: How can firms protect themselves against the attacks that the group protesting the anti-Islam film threatened to carry out against Bank of America and NYSE?

Eric Friedberg What these threats show is that for global financial firms, threat assessment needs to be based on a complex global understanding of who the potential adversaries are and what are the likely attack factors. With the rise of hacktivism, companies are being targeted with what they represent to the attacker rather than what they did. There is a steep rise of hacktivism in the name of anti-globalization, anti-Wall Street, and intellectual property, and pro religious group X, Y or Z. That presents a complex web of challenges to security professionals. You have to be really thinking not just on a technology level but in behavioral and geo-political terms. Security professionals have to think about how all of these different groups are going to be perceiving their company and what the likely attack vectors are. If you’re just going through a check list without prioritizing risk on the basis of what the likely attack is, you’re shooting in the dark.

WS&T: How do you prepare for a Denial of Service attack, like the one that this pro-Hamas group threatened to carry out?

EF: You’re trying to manage an enormous amount of information being thrown at servers. You have to have an understanding with upstream ISP providers about what ISP can do to filter out as much of the junk that is thrown at you. You have to establish a preparedness plan. Contact people. Have a strategy. And understand what ISP can do to divert some traffic. Sometimes this traffic can be filtered out based on signatures and other criteria, almost like a junk filter.

WS&T: Are there any other ways that you can protect yourself?

EF: Yes, with load balancing within a company. If you have multiple servers and a DoS attack is targeted at a particular server, you can balance the load of traffic across many servers so that the functionality of your site doesn’t slow down. It’s very hard to do that if you’re first thinking about it when you come under attack. You also need to revise you architecture, establish incidence response plans, and bring in other types of technologies that can help prepare for those attacks.

WS&T: What are the other types of attacks hacktivist groups carry out?

EF: These groups are often trying to make a political point by embarrassing and causing temporary pain to a company. Recently they have found that by infiltrating pockets of reportable and personally identifiable information that a company has and exposing it to the public they have given the company an enormous reporting headache. They hack infiltrate a database, find people’s date of birth, social security and email addresses and make them public. Hacktivists are less concerned with financial motivation, and more with causing the pain that they understand follows from exposing the personally identifiable information (PII) that a company has.

WS&T: How can you protect yourself from this type of infiltration attack?

EF: Many of the data breaches that result in the loss of PII result from systems that were improperly patched, and are running software with known vulnerabilities. One of most important things is to make sure a company’s patch management system is up to date. Much of the harm comes from over retention of data. A company has millions of records that is can lose. From business purposes the company might have needed to retain only a couple hundred thousands of these records. But there’s been no housekeeping. So protecting against data breaches involves patch management, data retention and recycling.

Intrusion detection is another key area. A persistent attacker with enough skill and resources can attack most systems. Preparedness and early identification of the attack – having red flags go up when you’re under attack – are key. For most people it’s a question of when, not if, you’ll be attacked. You also need to have quality skilled people that know how to even identify and respond to attacks. And there’s a shortage of highly skilled incidence responders. Some companies don’t focus early enough on making sure they have a good internal team that has appropriate skill sets in this area. That’s hard to build when you first learn you’re under attack. When it comes to sophisticated attacks like state-sponsored espionage or hacktivism, there’s a unique skill set that is needed.

WS&T: Can you give us a few examples of the skills security experts need to combat hacktivist attacks?

EF: Large global networks have enormous amounts of information flowing through them. Even if you’re running intrusion detection systems, they generate massive amounts of information. The ability to interpret large data sets of logs and intrusion detection information and quickly hone in on something that represents a real threat as opposed to minor noise is one example.

When you find some malware on your computer on your systems, there’s a process of reverse engineering of malware: it has to be decrypted, uncompressed and pulled apart. A very unique set of skills is needed to figure out in advance how to pull this unique malware apart so that you can analyze code and you can see what the attacker will do with the code. It will tell you how the attacker is aggregating and exfiltrating (sending out of the system) the information.

Melanie Rodier has worked as a print and broadcast journalist for over 10 years, covering business and finance, general news, and film trade news. Prior to joining Wall Street & Technology in April 2007, Melanie lived in Paris, where she worked for the International Herald ... View Full Bio
Comment  | 
Print  | 
More Insights
More Commentary
A Wild Ride Comes to an End
Covering the financial services technology space for the past 15 years has been a thrilling ride with many ups as downs.
The End of an Era: Farewell to an Icon
After more than two decades of writing for Wall Street & Technology, I am leaving the media brand. It's time to reflect on our mutual history and the road ahead.
Beyond Bitcoin: Why Counterparty Has Won Support From Overstock's Chairman
The combined excitement over the currency and the Blockchain has kept the market capitalization above $4 billion for more than a year. This has attracted both imitators and innovators.
Asset Managers Set Sights on Defragmenting Back-Office Data
Defragmenting back-office data and technology will be a top focus for asset managers in 2015.
4 Mobile Security Predictions for 2015
As we look ahead, mobility is the perfect breeding ground for attacks in 2015.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - Elite 8, October 2014
The in-depth profiles of this year's Elite 8 honorees focus on leadership, talent recruitment, big data, analytics, mobile, and more.
Inside Abel Noser's Trading Floor
Inside Abel Noser's Trading Floor
Advanced Trading takes you on an exclusive tour of Abel Noser's New York trading floor, where the agency broker known for transaction cost analysis, is customizing algorithms for the buy side, while growing its fixed income trading and transitions business.