Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats

Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats

by Will Gragido, John Pirc

View All Available Formats & Editions

Cybercrime and Espionage provides a wealth of knowledge related to the realities seen in the execution of advanced attacks, their success from the perspective of exploitation and their presence within all industry. This book will educate you on realities of advanced, next generation threats, which take form in a variety ways. The authors, working in


Cybercrime and Espionage provides a wealth of knowledge related to the realities seen in the execution of advanced attacks, their success from the perspective of exploitation and their presence within all industry. This book will educate you on realities of advanced, next generation threats, which take form in a variety ways. The authors, working in conjunction with strategic technology partners have key insights into the realm of what these new threats, dubbed “Subversive Multi-Vector Threats” or ‘SMT’s. Whether the goal is to acquire and subsequently sell intellectual property from one organization to a competitor or the international black markets, to compromise financial data and systems, or undermine the security posture of a nation state by another nation state or sub-national entity, these threats are real and growing at an alarming pace.

    • Includes detailed analysis and examples of the threats in addition to related anecdotal information
    • Authors’ combined backgrounds of security, military, and intelligence, give you distinct and timely insights
    • Presents never-before-published information: identification and analysis of cybercrime and the psychological profiles that accompany them

    Editorial Reviews

    From the Publisher
    "Risks have evolved. We haven’t. While we stabilize toward checkbox compliance, adversaries and IT accelerate onward. Adversaries know you’re compliant – and do not care – they’re counting on it. Let’s replace faith-based dogma with intellectual honesty. As fellow Cassandras, Will and John confront you with modern threat models and challenge you to adapt".—Joshua Corman, Research Director for Enterprise Security, The 451 Group

    "During 2010 three specific names signaled a fundamental shift in the risks that come from dealing in an interconnected world: Project Aurora, Stuxnet, and Wikileaks. This book provides the insights of an intelligence analyst on what got us to this point, and forecasts what information security professionals will be dealing with in the near future".—James Turner, Advisor, IBRS

    "Cybercrime and Espionage was probably the most comprehensive and relevant book on the cyber security landscape written to date. The authors captured the true essence of the methods and cyber trade craft backed with use case after use case. I find this book a must have for any security professional or executive that has the responsibility for ensuring the protection of their corporate infrastructure."—Alan Kessler VP & GM HP Networking Security Products Group/TippingPoint

    "John and Will have done a great job in framing the threat landscape and pointing out just how far we have to go in order to truly understand the cyber threats confronting us, to better secure our networks, and to mitigate risk within our respective organizations. Cybercrime and Espionage is a great read and should provide a call to action for any executive management team. Well done."—Nick Lantuh, President of Netwitness Corporation

    "Overall, this was a really interesting reading material. The authors managed to provide a fresh perspective on the intricacies surrounding modern cyber crime of today, but have not neglected the ‘big picture’."Help Net Security

    Product Details

    Elsevier Science
    Publication date:
    Sold by:
    Barnes & Noble
    NOOK Book
    File size:
    4 MB

    Read an Excerpt


    An Analysis of Subversive Multivector Threats


    Copyright © 2011 Elsevier, Inc.
    All right reserved.

    ISBN: 978-1-59749-614-8

    Chapter One



    • He Who Does Not Prevent a Crime When He Can, Encourages It

    • What's Old Is New Again

    • A Changing World

    • Cybercriminal Statistics: U.S. and Abroad

    • The Statistics of Cybercrime

    • Separating the Wheat from the Chaff: Qualifying Amateurs and Professionals

    • Trends in 2011

    • Myopic to the Catastrophic: Advanced Persistent Threats

    • Points of Confluence: Events That Have Shaped the Future of Privatized Cybercrime and Espionage

    • Agendas in Next Generation Cybercriminal Activity

    • The Coming Decade


    The Roman statesman Marcus Tullius Cicero (b. 106 B.C.–d. 43 B.C.) when speaking on the nature of criminality, once said that "The enemy is within the gates; it is with our own luxury, our own folly, our own criminality that we have to contend." Put another way, Cicero had clearly identified what he believed to be the root cause for much of what ails all humanity. Cicero believed that the enemy—or the threat that comprised it—had already breached man's defenses as a race. Perhaps, it had compromised the perimeter defenses of early man long before Cicero's time and had firmly taken root in the ecosystem of mankind's very existence. He clearly states that it is man's desire toward luxury (in Cicero's days, just as in our own, the desire for luxury was ubiquitous and the means by which some sought to achieve and maintain it were, just as they are today, less than honorable and often exploitative in the best of cases), his willingness to commit folly (his willingness to participate in, orchestrate, and execute idiocy or madness), and his criminality (which just as in Cicero's day is today a direct result of our lack of ethics, morality, and a galvanized sense of right and wrong) that must be recognized, managed, and mastered. Failure to do so only encourages the proliferation of the behavior and the aftermath that it yields. Cicero knew this to be the case and was cautioning future generations to take heed of what was occurring within his world because if it could happen in Rome, it could, and would, happen anywhere. Cicero was a very wise man.

    This quote with respect to the nature of criminality has, since the first time the authors encountered it, struck them as being both insightful and profound. Cicero had articulated in a ubiquitous manner the nature of those who willingly partake in criminal acts. Cicero's point is simple and warrants reiteration. For Cicero, humanity (regardless of how simple or complex the society) owns its criminality and its propensity toward it.

    He Who Does Not Prevent a Crime When He Can, Encourages It

    Seneca, the Roman philosopher (first century A.D.), once said "He who does not prevent a crime when he can, encourages it." In Seneca's view inaction equated to action that ultimately encouraged (when speaking about crime) the perpetuation of criminal activity. Actions are ultimately influenced by a number of variables—some much more within the boundaries of our immediate control than others. Some are fed and fueled by our ethics and morality while others are influenced by a lack thereof. Regardless crime is, as Cicero asserts, an enemy that warrants immediate attention and the battle begins within each one of us. Criminality in all its forms ultimately comes back to man's interpretation of law and governance and what is or is not perceived as being allowable in relation to the accepted norms set forth by law. At a primitive level, it is an extension of the struggle between that which is deemed "good" and that which is deemed "evil." It is a terrifically powerful idea to grasp—one that forces each of us to conceptualize our own proximity to "good" and "evil" and to "right" and "wrong" while considering the idea itself with respect to its universal implications. It is an idea that transcends time and one which future generations (just as those that have come before them) will struggle against. Though this may sound inconceivable, we must bear in mind that not all is lost and that just as Cicero pointed out, the enemy is and always has been within the gates, and also that where there is life there exists hope. It is this idea that we will strive to explore, flesh out, and extol throughout the entirety of this work.

    Criminal activity is a reality of the world in which we live. So too is espionage and often the two are not mutually exclusive. This is not a new concept. It is however a reccurring theme which bears repeating. One question we are often asked is whether there is any hope in combating this activity. People are curious as to whether this is possible either in the traditional sense or in those areas in which there has been a unique evolution such as that within cyberspace and the Internet—and the answer is yes, there is hope; however, it comes at a price. Moreover, it is not a trivial undertaking and should not be presented in a light that either under-emphasizes or over-aggrandizes it.

    Our attitudes and approach to these challenges must evolve as well and like Cicero, we must recognize first that the enemy lies within before we begin to master those who threaten us from external vantage points. We must steel ourselves in the knowledge that we must cultivate and develop a sense of vigilance that lends itself to the development and proliferation of those who seek to combat the actions of the criminally inclined. In doing so, we encourage and enable ourselves to detect, identify, and prevent criminal activity and gain a greater degree of insight into the psychological motivations and drivers at work within these individuals and groups while enabling a more robust understanding of the tactics, strategies, and plans being executed on a global basis to accomplish their means. Never before has the world been more ripe for the taking by sophisticated entities bent on profiting at all costs, in defiance of local and international law, let alone socially accepted definitions of normative behavior associated with ethics and morality. As a result, a new breed of information security professionals must be armed and equipped with the tools necessary for addressing these adversaries and their actions.

    What's Old Is New Again

    At this point in the chapter, you may be wondering just why we are discussing the philosophical aspects associated with criminality in a book dedicated to cybercrime and espionage. It is a valid question and one that requires an equally valid response. To begin with, as we have established, humanity is its own greatest threat. This is likely not a huge shock to you, the reader, if you have read any philosophy in school or turned on the evening news. However, it is important that we stress this point as it is the basis for understanding much (if not all) of what influences criminal activity. In many respects, the same root influencers are present when speaking about traditional criminal activity or next generation criminality such as that which is most often associated with cybercrime and espionage. As a result, we must diligently work to mitigate the risks associated with those behaviors, which fall into categories defined as being criminal and deviant from the norm. Equally important is our understanding that engaging in criminal activity is a choice. It is not something that just happens, though there are rare occasions when this is the case.

    Throughout recorded history, human beings have achieved incredible milestones, demonstrating the superiority of our species in both evolving and adapting to our changing environment. We see this in every aspect of our world and it should come as no surprise that we excel in subverting laws and governance with the same ease and elegance as in other areas in which we continue to push the envelope of achievement. Examples of human determination and drive can be cited all the way back to the Neolithic era (roughly 10,000 years ago), when man matured from hunter-gatherer to farmer. As our societal trends and patterns continued to evolve and grow along with our natural migratory patterns, so did our technological advances. Crude implements gave way to more consistently designed and manufactured tools. Techniques and ideologies were developed to aid in ensuring bounty. While these aspects of humanity flourished (to its credit), so too did its challenges, in particular those dealing with morality, good, and evil in the eyes of the law as it existed at that time.

    Evidence that this struggle existed long ago can be seen in the ancient Chaldean/Babylonian text, the Code of Hammurabi (ca. 1750 B.C.). This work, also known as the Codex Hammurabi, has some 282 laws, some with scaled degrees of severity, depending on a person's social station. Some examples of the Code of Hammurabi are given here:

    • If anyone ensnares another, putting a ban upon him, but cannot prove it, then he that ensnared him shall be put to death.

    • If anyone brings an accusation against a man and the accused goes to the river and leaps into it and sinks, then his accuser shall take possession of his house. However, if the river proves that the accused is not guilty, and he escapes unhurt, then he who had brought the accusation shall be put to death, while he who leaped into the river shall take possession of the house that had belonged to his accuser.

    • If anyone brings an accusation of any crime before the elders and does not prove what he has charged, he shall, if a capital offense is charged, be put to death.

    • If a builder builds a house for someone, and does not construct it properly, and the house that he built falls in and kills its owner, then the builder shall be put to death. (Another variant of this is that if the owner's son dies, then the builder's son shall be put to death.)

    • If a son strikes his father, his hands shall be hewn off.

    • If a man gives his child to a nurse and the child dies in her hands, but the nurse unbeknown to the father and mother nurses another child, then they shall convict her of having nursed another child without the knowledge of the father and mother and her breasts shall be cut off.

    • If anyone steals the minor son of another, he shall be put to death.

    • If a man takes a woman as his wife but has no intercourse with her, then this woman is no wife to him.

    • If a man strikes a pregnant woman, thereby causing her to miscarry and die, then the assailant's daughter shall be put to death.

    • If a man puts out the eye of an equal, his eye shall be put out.

    • If a man knocks the teeth out of another man, his own teeth will be knocked out.

    • If anyone strikes the body of a man higher in rank than he, he shall receive 60 blows with an ox-whip in public.

    • If a freeborn man strikes the body of another freeborn man of equal rank, he shall pay one gold mina (an amount of money).

    • If a slave strikes the body of a freed man, his ear shall be cut off.

    • If anyone commits a robbery and is caught, he shall be put to death.

    • If anyone opens his ditches to water his crop, but is careless, and the water floods his neighbor's field, he shall pay his neighbor corn for his loss.

    • If a judge tries a case, reaches a decision, and presents his judgment in writing, and it is later discovered that his decision was in error, and that it was his own fault, then he shall pay 12 times the fine set by him in the case and be removed from the judge's bench.

    • If during an unsuccessful operation a patient dies, the arm of the surgeon must be cut off.


    Excerpted from CYBERCRIME AND ESPIONAGE by WILL GRAGIDO JOHN PIRC Copyright © 2011 by Elsevier, Inc.. Excerpted by permission of SYNGRESS. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
    Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

    Meet the Author

    Will Gragido possesses over 18 years of information security experience. A former United States Marine, Mr. Gragido began his career in the data communications information security and intelligence communities. After USMC, Mr. Gragido worked within several information security consultancy roles performing and leading red teaming, penetration testing, incident response, security assessments, ethical hacking, malware analysis and risk management program development. Mr.Gragido has worked with a variety of industry leading research organizations including International Network Services, Internet Security Systems / IBM Internet Security Systems X-Force, Damballa, Cassandra Security, HP DVLabs, and now RSA NetWitness, where he leads the RSA FirstWatch Advanced Threat Intelligence team.

    Will has deep expertise and knowledge in operations, analysis, management, professional services&consultancy, pre-sales / architecture and strong desire to see the industry mature and enterprises&individuals become more secure. Will is a long-standing member of the ISC2, ISACA, and ISSA. Mr.Gragido holds the CISSP and CISA certifications, as well as accreditations in the National Security Agency's Information Security Assessment Methodology (IAM) and Information Security Evaluation Methodology (IEM). Additionally, Mr.Gragido is a Faculty Member of the IANS Institute where he specializes in advanced threat, botnet, and malware analysis. Mr.Gragido is a graduate of DePaul University and is currently preparing for graduate school. An internationally sought after speaker, Will is the co-author of Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats.
    John Pirc has more than 19 years of experience in Security R&D, worldwide security product management, marketing, testing, forensics, consulting, and critical infrastructure architecting and deployment. Additionally, John is an advisor to HP’s CISO on Cyber Security and lectured at the US Naval Post Graduate School.

    John extensive expertise in the Security field stems from past work experience with the US Intelligence Community, as Chief Technology Officer at CSG LTD, Product Manager at Cisco, Product Line Executive for all security products at IBM Internet Security Systems, Director at McAfee's Network Defense Business Unit, Director of Product Management at HP Enterprise Security Products, Chief Technology Officer at NSS Labs, Co-Founder and Chief Strategy Officer at Bricata, LLC and most recently as Director of Security Solutions for Forsythe Technology.

    In addition to a BBA from the University of Texas, John also holds the NSA-IAM and CEH certifications. He has been named security thought leader from SANS Institute and speaks at top tier security conferences worldwide and has been published in Time Magazine, Bloomberg, CNN and other tier 1 media outlets.

    Customer Reviews

    Average Review:

    Write a Review

    and post it to your social network


    Most Helpful Customer Reviews

    See all customer reviews >