A Review by Chris Carpenter, a SecurityOrb.com contributor:
I attended Mircon this year for the first time. It was an interesting experience. I was very impressed with the keynote speakers but overall the security presentations were far too sales pitchy for my tastes. Maybe I have been spoiled by BlackHat and Defcon but I expected more. I really shouldn’t be surprised though. A conference named after Mandiant and sponsored by Mandiant can be expected to be a sales pitch for Mandiant.
Kevin Mandia kicked off the conference with the opening keynote, “Minding the Security Gap”. He highlighted the effectiveness of a recent Syrian Electronic Army (SEA) attack on the twitter account of the Associated Press. The hacked account was used to tweet that the White House had been attacked. These tweets resulted in a negative impact on the stock market. Mr. Mandia highlighted the fact that the attack was executed in less than 11 minutes. He used that point to highlight the speed and effectiveness of current attacks. He is proposing that network defenders need to be able to go from alert to fix in under 10 minutes. Naturally, the use of Mandiant products can help with this.
Kevin was joined by three of his Vice Presidents who each highlighted their experience in handling and responding to real world security incidents. One of the interesting points highlighted in the presentation was the overall decreased use of malware in attacks. Attackers now frequently execute attacks without installing malware on systems. After initial breach many attacks utilize existing software and trust to exploit the system.
The keynotes by General Michael Hayden and Director Robert Mueller were excellent. General Hayden’s “Cyber Security: Will it Always Be This Hard?” was very entertaining. He provided a wide overview of the threat landscape discussing in order of threat Nation States, Criminals and Hacktivists. He posed an interesting scenario around what if Edward Snowden was returned to the US, tried and convicted? Would the hacktivist community react? What would/could they do? His point being that with the right stimulation the hacktivist community could be as dangerous as a nation state.
The general also commented on the concept of hacking back. While not directly advocating the practice the General did acknowledge he believed US companies are already engaged in this practice. He went a step further to reference Article I of the US Constitution which states that, “The Congress shall have Power To … grant Letters of marquee and reprisal …” In its original context this related to hunting pirates on the open seas. Translated to 2013 this would be applied to the pirate’s modern electronic equivalents, hackers. The concept of Fortune 500 companies being authorized to hunt and attack the hackers who have attacked them is both fascinating and terrifying in its implications. His simple thought on this is that the US Government is not in position to defend every corporation nor does it necessarily have the authority to do so. Providing these companies the legal right to do so would be an interesting way to balance the scales. As the General put it, the Calvary is not coming you need to defend yourselves.
Another interesting point of the keynote was the assertion that the US is a Cyber offensive juggernaut but our dependence on technology leaves us vulnerable to attack. Along that same line of thought he made the analogy that the US has the most untapped talent similar to untested first round draft picks in sports. This is in contrast to how other countries such as Russia and China operate. In these countries there are loose and formal relationships between internal hackers and criminal groups. The basic rule being that as long as these groups hack targets of interest to the host government a blind eye will be turned to these activities. Further, if it suits the needs of these governments these elements may be engaged to gather information.
FBI Director Mueller gave a keynote more grounded in the physical world. He acknowledged the fact that computer attacks are inescapable. However, he also focused on the fact behind every computer sits a human. Traditionally, the FBI has focused on apprehending criminals and Director Mueller believes this a fact that is somewhat overlooked. He made a particularly pointed reference to the Anonymous case. He highlighted the fact that the case was handled as cases have been handled for years. During the investigation of the Anonymous computer attacks, the criminals made a mistake. This provided the investigators enough information to track down their location. In this case it was the careless use of an IP address during an attack. The IP address was utilized to physically locate the attacker. After that it was a traditional knock on the door with an ultimatum of jail or help the FBI. Utilizing these proven criminal investigation techniques multiple members of Anonymous were arrested. It was a very traditional FBI outlook on the world. Regardless of the technology in use to commit crime, human criminals are still behind it. The FBI investigates arrests and prosecutes criminals.
I attended several of the other presentations but many of them were simply retelling of Mandiant incident response engagements. While each of the presentations did contain useful information the combination of the Mandiant sales pitch and lack of cutting edge information made them less useful than expected. However, based on the excellent keynote speakers and addresses I will likely still attend next year.