I like the NIST definition. As usual with NIST, they are clear and far from any buzz. One of the consequences of this definition is that APT are highly technical, expensive attacks and thus targeted against high value assets.
Although your three steps cannot be challenged, I do not find them specific to APT. They are part of good security practices. With my team, we use ten laws of security. Your steps map to some of them.
Step 1: law N??7: Security is not stronger than its weakest link; close the most obvious holes
Step 2: law N??2: Know the assets to protect; The foundation of any serious security.
Step 3: law N??6: You are the weakest link;
Your three steps are useful against all type of attacks. The difference is that defending against APT will require more skills, more training, more accuracy, more monitoring, more money... Which brings us to my law N??1: Attackers will always find their way; If your have high value assets, try to bring the fence high enough; Although in some cases, the asset is invaluable.
Discussion on:
View:
Show:
An APT is a person, so, you have to look at the payout yield: monetary value of assets that can potentially be stolen / time investment to pull off the theft with reasonable certainty. If your system is a pushover, taking half a day of research and half a day of action to get through, then all it needs to pay off is one day's salary - say, 800$/day. And given that it only has to be an average payoff for the type of business you run, it doesn't matter if the actual yield of your specific organization is half that, you can still find yourself targeted.
But even then, an APT doesn't have to be about money. Hacktivists are often APTs in their own right. A disgruntled ex-employee can be an APT (or, much worse, it could be a present employee - imagine that one for a sec). An APT that is after a business partner may also decide to check if they can get at them through you...
The one thing that defines an APT is they're out to get YOU, and have the means to... it changes everything. Now your employees must actually want your organization not to be breached, rather than simply want not to be personally held responsible for such a breach. It's a huge difference, and it's all about the hearts and minds.
But even then, an APT doesn't have to be about money. Hacktivists are often APTs in their own right. A disgruntled ex-employee can be an APT (or, much worse, it could be a present employee - imagine that one for a sec). An APT that is after a business partner may also decide to check if they can get at them through you...
The one thing that defines an APT is they're out to get YOU, and have the means to... it changes everything. Now your employees must actually want your organization not to be breached, rather than simply want not to be personally held responsible for such a breach. It's a huge difference, and it's all about the hearts and minds.
The difference between an APT and a normal threat is that an APT is prepared to "go the distance" to get what they want, not just walk away at the first locked door. This sounds to me like the difference between a burglar prowling around looking for an unlocked door or window (normal threat), and a bank robber who will come armed and prepared, after a specific thing (APT).
Simply put, we don't put bulletproof glass in our front room, nor a tube system for the mail man on our house, so it is just as unreasonable to create a massive security system on a network that has little in the way of threats. It would make more sense to secure what you can, and insure (backup) the rest. If your business has specifically valuable targets, you should store these off line or behind God's own firewall (vault).
Simply put, we don't put bulletproof glass in our front room, nor a tube system for the mail man on our house, so it is just as unreasonable to create a massive security system on a network that has little in the way of threats. It would make more sense to secure what you can, and insure (backup) the rest. If your business has specifically valuable targets, you should store these off line or behind God's own firewall (vault).
...rather than a stray looking for a warm body to nest in.
Basically, I think the big lesson is that with an APT you have to forget ALL the low-hanging fruit crap, an APT will be bringing a ladder.
It might be a contract hit, it might be someone with a chip on their shoulder, or who knows, maybe a random corporate stalker... but they're after you!
Here's what I think was left for future investigations by this blog: How do you become aware that you have an APT on your hands? Logging the port scans? Asking that employees disclose all suspicious contacts, including "wrong numbers"? Looking at incoming phone call sources?
In the end, if you want to defend against APTs, it's a war. And a defensive trench war at that. You have to have a disciplined, dedicated work force to get anywhere. You can't have any flab on your corporate body : No pointy-haired bosses, no office cranks, nothing that can create predictable rips in your armor.
It's a whole other game than corporate business as usual.
But think about that for a while, maybe there could be derivative benefits from those preparations? After all, the point is to remove weaknesses by improving the work force mentality, not by engendering paranoia. Paranoia isn't preparedness, it's just another kind of weakness that an attacker can exploit.
Basically, I think the big lesson is that with an APT you have to forget ALL the low-hanging fruit crap, an APT will be bringing a ladder.
It might be a contract hit, it might be someone with a chip on their shoulder, or who knows, maybe a random corporate stalker... but they're after you!
Here's what I think was left for future investigations by this blog: How do you become aware that you have an APT on your hands? Logging the port scans? Asking that employees disclose all suspicious contacts, including "wrong numbers"? Looking at incoming phone call sources?
In the end, if you want to defend against APTs, it's a war. And a defensive trench war at that. You have to have a disciplined, dedicated work force to get anywhere. You can't have any flab on your corporate body : No pointy-haired bosses, no office cranks, nothing that can create predictable rips in your armor.
It's a whole other game than corporate business as usual.
But think about that for a while, maybe there could be derivative benefits from those preparations? After all, the point is to remove weaknesses by improving the work force mentality, not by engendering paranoia. Paranoia isn't preparedness, it's just another kind of weakness that an attacker can exploit.
One thing about it though. I have several cautions:
1. Don't buy refurb machines; one of my victims looks like they were targeted by the attacker this way - but they were probably being surveiled before this action, and an unsupecting partner took bad advice on the source of the purchase(the bad advice coming from a plant in an outside vendor). More likely the refurber was doping all the machines going through their doors - an infiltrator is always a possiblity here of course - in fact more likely than not.
2. Beware of any machine that has a blu-ray, or HDMI output on display chip/adapter. I very strongly suspect someone in high places is setting traps in both the hardware and software DRM here. I'm especially suspect of Cyberlink, although I now trust none of them!
3. Beware of being or cooperating with Microsoft Partners! Their network has been cracked and you will never know if you are actually connected through them without being on VPN to the partners web sources. I strongly suspect there are inside rats in that maze! We were able to get Microsoft to admit the were redirects placed by crackers somewhere on the web, with bad certificates sending the built in updater to poser sites. We can't get them to admit it publicly - however. I'm willing to risk it all to argue with anyone from Redmond to prove me wrong.
Its time we started calling a spade a spade, and think outside the box to get to the bottom of this!
I'm beginning to think the only hope my clients have is to completely isolate the machines that have intellectual property and records on them from the web, and use Live CDs for any other web access, on machines in a DMZ. But then, you got to ask - which Linux source do you trust? So far for me, it is SourceForge and/or On-Disk.com; but how long will that last?
1. Don't buy refurb machines; one of my victims looks like they were targeted by the attacker this way - but they were probably being surveiled before this action, and an unsupecting partner took bad advice on the source of the purchase(the bad advice coming from a plant in an outside vendor). More likely the refurber was doping all the machines going through their doors - an infiltrator is always a possiblity here of course - in fact more likely than not.
2. Beware of any machine that has a blu-ray, or HDMI output on display chip/adapter. I very strongly suspect someone in high places is setting traps in both the hardware and software DRM here. I'm especially suspect of Cyberlink, although I now trust none of them!
3. Beware of being or cooperating with Microsoft Partners! Their network has been cracked and you will never know if you are actually connected through them without being on VPN to the partners web sources. I strongly suspect there are inside rats in that maze! We were able to get Microsoft to admit the were redirects placed by crackers somewhere on the web, with bad certificates sending the built in updater to poser sites. We can't get them to admit it publicly - however. I'm willing to risk it all to argue with anyone from Redmond to prove me wrong.
Its time we started calling a spade a spade, and think outside the box to get to the bottom of this!
I'm beginning to think the only hope my clients have is to completely isolate the machines that have intellectual property and records on them from the web, and use Live CDs for any other web access, on machines in a DMZ. But then, you got to ask - which Linux source do you trust? So far for me, it is SourceForge and/or On-Disk.com; but how long will that last?
If one prepares for APT attacks by doing the research, taking precautions, understanding the parts of the org that are targets, etc... we have not only dealt with the bored teen, but also the determined intruder. To my mind it simply states that we need to secure our assets by conducting the kind of wargames we should have been doing anyway, and then act upon the information.
To be blunt, we have always dealt with security in this way and have never had a breach, even in quarterly exercises with our sister organization who knows our architecture and physical security. Then again, we all cut our teeth on DoD and HIPAA, and now do aerospace.
To be blunt, we have always dealt with security in this way and have never had a breach, even in quarterly exercises with our sister organization who knows our architecture and physical security. Then again, we all cut our teeth on DoD and HIPAA, and now do aerospace.
he's probably use to the "we" vernacular, because of all the "team building" going on in our institutions. I know I can't do without my cohorts!
It's very easy to become complacent when every report is positive... it's easy to make the mistake of going from an inductive "We haven't failed" to a deductive "We don't fail", implying "We can't fail".
I more than suspect it's easier to fall into this trap if one doesn't have a firsthand idea about the work that goes into "not failing".
Every time some company lets a pointy-haired one out to say "We don't make mistakes", I know that's a company worth hedging against
I more than suspect it's easier to fall into this trap if one doesn't have a firsthand idea about the work that goes into "not failing".
Every time some company lets a pointy-haired one out to say "We don't make mistakes", I know that's a company worth hedging against
This is why we have quarterly attempts on each other's networks. The victors get bragging rights as well as an all expense weekend... The losers also benefit by learning something new and are able to fix the hole.
Four years ago, these exercises were a different story. both sides got their weekends and when they came back, there was work to do. Eventually the networks hardened and now it's rare for there to be a victor.
Bottom line: The only defence against APT and any other threat is to acknowledge that mistakes are made, technology and methods advance, and that the constant improvement cycle must be nurtured.
Four years ago, these exercises were a different story. both sides got their weekends and when they came back, there was work to do. Eventually the networks hardened and now it's rare for there to be a victor.
Bottom line: The only defence against APT and any other threat is to acknowledge that mistakes are made, technology and methods advance, and that the constant improvement cycle must be nurtured.
Excellent synopsis, Alfonso. I particularly like your clear explanation of practical defense actionsthat do not involve add-on technology.
I would add that for Small Business, APTs represent a game-changer. Not long ago, Small Business could ignore targetted attacks, since the attackers were primarily interested in vandalism and notoriery and sought high-profile enterprises or organizations. Since APTs are automated and come from organized crime syndicates seeking cash or marketable IDs, Small Business are for the first time in the crosshairs, and even MORE DESIRABLE THAN ENTERPRISES. (sorry about the caps, but I think this needs emphasis.) Small Businesses offer a quick turnaround of a reasonable payday, with very little chance of the attacker being pursued by law enforcement or superior skills. With automation, a skilled operative can steal hundreds of thousands of dollars, hundreds of times per year. That's eight-figure income with very-little risk.
I would add that for Small Business, APTs represent a game-changer. Not long ago, Small Business could ignore targetted attacks, since the attackers were primarily interested in vandalism and notoriery and sought high-profile enterprises or organizations. Since APTs are automated and come from organized crime syndicates seeking cash or marketable IDs, Small Business are for the first time in the crosshairs, and even MORE DESIRABLE THAN ENTERPRISES. (sorry about the caps, but I think this needs emphasis.) Small Businesses offer a quick turnaround of a reasonable payday, with very little chance of the attacker being pursued by law enforcement or superior skills. With automation, a skilled operative can steal hundreds of thousands of dollars, hundreds of times per year. That's eight-figure income with very-little risk.
I don't think that was part of the definition.
An APT is a person or persons, not a script or bot.
An APT is a person or persons, not a script or bot.
in instances I've observed. The automated parts of the, surveillance, acquisition, and attack, are 97% of the operation, from a figure I just grabbed out of the air. The remote participation from the cracker is just administrative, to oversee their 'bot' minions and finalize some of the configuration, to assure continuation of operations. I've even seen the attackers leave notes on the victim's machines! Usually in their native language, but not always. They are a very confident and outlandish lot!
The ATGM doesn't do anything without an operator, but the operator is still just pointing and clicking.
However, the social engineering threat and the whole persistence thing are definitely un-bot techniques. They are the human touch. Too bad it's the withering kind.
However, the social engineering threat and the whole persistence thing are definitely un-bot techniques. They are the human touch. Too bad it's the withering kind.
education I've received from reading article an video links on Brian Krebs site, the attacker does little until his bots find a mark, and then it becomes like the anti-tank guided missile analogy. Even then most of the surveillance and data gathering algorithms need little console participation from the cracker. Just a few minutes of analysis and a few clicks on the console to pick the next path or launch a new exploit pack.
If the goal is just to steal money, then yes, the man-in-the-middle takes more personal attention. Some of my victims were robbed by these dedicated teams so they no longer had the funds to do business anymore. They like to keep them on a string, like a marionette puppet, so they can keep them in the gutter, where they can watch them and keep them from bringing in the Calvary or gaining legal help.
In one instance I had to spend about a month waiting for the victim to find a way to contact me that wasn't poisoned or completely under control of the crackers. This included the victim's email and telephone!
!!
Once contacted, I was able to give them advice on defeating the communications interruptions, until we at least had that factor cleared up; the rest of the case isn't over yet.
If the goal is just to steal money, then yes, the man-in-the-middle takes more personal attention. Some of my victims were robbed by these dedicated teams so they no longer had the funds to do business anymore. They like to keep them on a string, like a marionette puppet, so they can keep them in the gutter, where they can watch them and keep them from bringing in the Calvary or gaining legal help.
In one instance I had to spend about a month waiting for the victim to find a way to contact me that wasn't poisoned or completely under control of the crackers. This included the victim's email and telephone!
!!Once contacted, I was able to give them advice on defeating the communications interruptions, until we at least had that factor cleared up; the rest of the case isn't over yet.
That's absolutely horrendous. It's a wonder Hollywood hasn't already grabbed that scenario, it's just so terrifying.
to at least write a book. But that client has already lost some partners under "suspicious" circumstances, and is terrified to go public!
I agree with AnsuGisalas, this is not APT. APT are highly sophisticated attacks "hand-crafted". The first time APT was coined was for the RSA hack which ultimate target was Lockeed Martin. The attack is complex and with multiple steps. See http://eric-diehl.com/blog/?p=783
The objective of an APT is often very precise (and not simply driven by gaining money. There are other easier attacks to skim money).
The objective of an APT is often very precise (and not simply driven by gaining money. There are other easier attacks to skim money).
Bottom line up front: Successful defence against APT requires:
* depth in defence
* continual improvement
And then support for what I put forward in a more verbose form:
From my own understanding an APT is:
A threat created by a technically sophisticated adversary who will persist at their goal(s) adapting attack methods and/or vectors, often using gathered information (reconnaissance) to assist their goal.
I question NIST's inclusion of "significant resources". I consider that any technically minded individual could create an APT with a very modest capital outlay.
Commonplace threats are generally about low hanging fruit (easily achieved objectives). Where their objective is not met the attacker wastes no effort on a resistant target, instead the attacker persists with the same attack on a new target. When this attack stops making enough money they change attack method or vector.
To my mind the APT is not about low hanging fruit as an end goal, although low hanging fruit may be used to assist the achievement of an end goal.
To resist a common threat one line of defence can be a successful defence.
To resist an APT requires depth in defence. If you fend off one attack the cost to the attacker is typically time (wages) and opportunity cost. With a high value target the attacker can afford many losses, whereas a single loss for the defence can be a total loss. This is where depth of defence comes in to reshape the field.
The aim is to make it unfeasible for the attacker to breach your systems. No single defence is required to be impregnable under this model.
Every day the trade off of productivity and security sees many security holes left vulnerable. As long as software cannot be guaranteed to have no zero-day exploits, you cannot rely on any single piece of software being secure. So layer your security and avoid single points of failure.
Protect one database containing usernames, also protect another database containing password hashes, audit the two separately. Sure security on either may be broken but if you have good intrusion detection and audit you have a good chance of spotting untoward activity on one before the other is compromised.
Given enough time any attacker will defeat any single system. Again depth in defence is there to make attack unfeasible.
If they can get a key to one lock make sure they have to get a second key, have tamper evident locks, and change the locks with a frequency that makes it unlikely an attacker can penetrate a second level. Penetration can be time consuming for an attacker, so continual improvement and changing targets give a better chance of successful defence.
Continual improvement is necessary. Patching is important. Review of your procedures and familiarisation of users with the procedures is also important. That firewall you bought in 1995 does not have the same intrusion detection capability as a firewall you can buy today.
Attackers learn from their successes and failures. As a defender you cannot create a defence and assume that because the defence was sound when you implemented it, the defence will remain sound forever.
So lastly to all sysadmins: Stay paranoid - I may rely on you!
* depth in defence
* continual improvement
And then support for what I put forward in a more verbose form:
From my own understanding an APT is:
A threat created by a technically sophisticated adversary who will persist at their goal(s) adapting attack methods and/or vectors, often using gathered information (reconnaissance) to assist their goal.
I question NIST's inclusion of "significant resources". I consider that any technically minded individual could create an APT with a very modest capital outlay.
Commonplace threats are generally about low hanging fruit (easily achieved objectives). Where their objective is not met the attacker wastes no effort on a resistant target, instead the attacker persists with the same attack on a new target. When this attack stops making enough money they change attack method or vector.
To my mind the APT is not about low hanging fruit as an end goal, although low hanging fruit may be used to assist the achievement of an end goal.
To resist a common threat one line of defence can be a successful defence.
To resist an APT requires depth in defence. If you fend off one attack the cost to the attacker is typically time (wages) and opportunity cost. With a high value target the attacker can afford many losses, whereas a single loss for the defence can be a total loss. This is where depth of defence comes in to reshape the field.
The aim is to make it unfeasible for the attacker to breach your systems. No single defence is required to be impregnable under this model.
Every day the trade off of productivity and security sees many security holes left vulnerable. As long as software cannot be guaranteed to have no zero-day exploits, you cannot rely on any single piece of software being secure. So layer your security and avoid single points of failure.
Protect one database containing usernames, also protect another database containing password hashes, audit the two separately. Sure security on either may be broken but if you have good intrusion detection and audit you have a good chance of spotting untoward activity on one before the other is compromised.
Given enough time any attacker will defeat any single system. Again depth in defence is there to make attack unfeasible.
If they can get a key to one lock make sure they have to get a second key, have tamper evident locks, and change the locks with a frequency that makes it unlikely an attacker can penetrate a second level. Penetration can be time consuming for an attacker, so continual improvement and changing targets give a better chance of successful defence.
Continual improvement is necessary. Patching is important. Review of your procedures and familiarisation of users with the procedures is also important. That firewall you bought in 1995 does not have the same intrusion detection capability as a firewall you can buy today.
Attackers learn from their successes and failures. As a defender you cannot create a defence and assume that because the defence was sound when you implemented it, the defence will remain sound forever.
So lastly to all sysadmins: Stay paranoid - I may rely on you!
I don't know how to check which solutions can actually be layered, and how to see if they are tripping each other up... and how to see if they leave holes open by covering too many of the same things and leaving too many of the same things uncovered.
Of course, that might be a more costly article to research.
Of course, that might be a more costly article to research.
Before beginning work, I remove the machine from the network - flash the bios, hard drive/blu-ray( if firmware capable), and remove all internal cards. Then I use the factory diagnostic disk and/or Darik's Boot and Nuke to blast any malware that is hidden in any sectors marked as damaged by the criminals. These are the reason wiping and re-installing doesn't work. This article should have gone into more depth on this, but it was about avoiding it altogether, but was too simplistic.
I then re-install, but password protect and disable the original owner, or hidden administrator(in home versions), after creating an administrator account. I close all sharing loopholes as much as is possible without destroying functionality. I make sure the machine's operating system is fully updated behind a UTM gateway appliance before applying all layered defenses. I am relying less and less on AV/AM real time protection, and more and more on solutions that rely on more preventative measures, like behavioral heuristics, whitelists, registry hacks, and host files. Using a good perimeter hardware device can't hurt, but of course that is only one peg on the board. Kernel based solutions have become paramount to keep the malware from manipulating the solution. If I do use a popular AV/AM product, it has to offer real time protection of some form or another on standard accounts, or else it goes into the trash.
The Microsoft NT5 or 6 kernels are both pretty good defenses, so I always assure the client uses standard accounts to receive the full protection of the new NTFS security structure. I can usually re-install their hardware, and see if any alarms go off, in a reinfection attempt.
Even if the defense fails - by this time, it is obvious the attackers are serious, and a more radical plan has to be developed. Some of them have success moving to Apple or Linux - but then again, the threat profile on those is growing as time progresses too!
As far as testing, I just had to try over and over again, combinations of solutions for home and SMB clients, that probably don't interest enterprises. So I rarely go through the list of successful utilities I've found to be the best. I ran them concurrently and looked for stability issues, and kept an eagle eye on the event viewer to see if there were any conflicts.
System resources haven't been a problem with the candidates I've selected, and all of them use separate technologies to be effective toward this goal. The only problem, is many of these utilities get too successful and the developers think they need to load bloat onto their creations, and they turn into huge suites, that become more and more ineffective or down right unusable - so my lists changes by the month!
For one of the innovators, I am trying Drive Vaccine, which started out being a card based(hardware) solution, but evolved into a software product. This solution is "supposed" to be better than Steady State on XP, and Faronics Deep Freeze. Their web site actually explains why, and it is very complicated, so you may find it an interesting read! I'm trying to get one of my most vexing problem situations solved with this, if I can just get the client to cooperate with this test. I'll will definitely post somewhere on TR, if and when this occurs. I'm too busy to run my honey pot lab anymore - I've found my clients make the best test bed - bless their hearts. This is a cruel way of doing business, but since most of them are indigent at this time of their life, I'm just doing it for the pure pleasure of thwarting the criminals in their master plans.
I then re-install, but password protect and disable the original owner, or hidden administrator(in home versions), after creating an administrator account. I close all sharing loopholes as much as is possible without destroying functionality. I make sure the machine's operating system is fully updated behind a UTM gateway appliance before applying all layered defenses. I am relying less and less on AV/AM real time protection, and more and more on solutions that rely on more preventative measures, like behavioral heuristics, whitelists, registry hacks, and host files. Using a good perimeter hardware device can't hurt, but of course that is only one peg on the board. Kernel based solutions have become paramount to keep the malware from manipulating the solution. If I do use a popular AV/AM product, it has to offer real time protection of some form or another on standard accounts, or else it goes into the trash.
The Microsoft NT5 or 6 kernels are both pretty good defenses, so I always assure the client uses standard accounts to receive the full protection of the new NTFS security structure. I can usually re-install their hardware, and see if any alarms go off, in a reinfection attempt.
Even if the defense fails - by this time, it is obvious the attackers are serious, and a more radical plan has to be developed. Some of them have success moving to Apple or Linux - but then again, the threat profile on those is growing as time progresses too!
As far as testing, I just had to try over and over again, combinations of solutions for home and SMB clients, that probably don't interest enterprises. So I rarely go through the list of successful utilities I've found to be the best. I ran them concurrently and looked for stability issues, and kept an eagle eye on the event viewer to see if there were any conflicts.
System resources haven't been a problem with the candidates I've selected, and all of them use separate technologies to be effective toward this goal. The only problem, is many of these utilities get too successful and the developers think they need to load bloat onto their creations, and they turn into huge suites, that become more and more ineffective or down right unusable - so my lists changes by the month!
For one of the innovators, I am trying Drive Vaccine, which started out being a card based(hardware) solution, but evolved into a software product. This solution is "supposed" to be better than Steady State on XP, and Faronics Deep Freeze. Their web site actually explains why, and it is very complicated, so you may find it an interesting read! I'm trying to get one of my most vexing problem situations solved with this, if I can just get the client to cooperate with this test. I'll will definitely post somewhere on TR, if and when this occurs. I'm too busy to run my honey pot lab anymore - I've found my clients make the best test bed - bless their hearts. This is a cruel way of doing business, but since most of them are indigent at this time of their life, I'm just doing it for the pure pleasure of thwarting the criminals in their master plans.
I am seeing enough evidence to be very suspicious that some APTs are built into many of the OEM machines being sold everywhere. We are way too reliant on just a few manufacture sources, and oversite is so low as to be negligent in many cases.
I've had machines that were so impossible to rid of malware, that I am sure the hardware itself is very possibly to blame. How do we know doped chips aren't being installed into motherboards, bios, and peripheral hardware? Thanks to MPAA, we now have hardware based DRM, and who is controlling and supervising the integrity of that? No one I trust! I can tell you that!
The morass of tangled software and hardware that is DRM based in modern machines is a spagetti that will not be solved for a long while unless our "Cyber-Security" czar responds to the threat!! Fat chance of that!!!
The behavior I've gathered from these investigations, is mind boggling, and if I were to reveal my findings, I'm sure you would all think I was a paranoid schizophrenic! We better get a handle on it soon, or our US innovators will be doomed for the foreseeable future, and the US will become a second rate nation, by default.
This article doesn't even TOUCH on the seriousness of this problem. We should demand better!!
I've had machines that were so impossible to rid of malware, that I am sure the hardware itself is very possibly to blame. How do we know doped chips aren't being installed into motherboards, bios, and peripheral hardware? Thanks to MPAA, we now have hardware based DRM, and who is controlling and supervising the integrity of that? No one I trust! I can tell you that!
The morass of tangled software and hardware that is DRM based in modern machines is a spagetti that will not be solved for a long while unless our "Cyber-Security" czar responds to the threat!! Fat chance of that!!!
The behavior I've gathered from these investigations, is mind boggling, and if I were to reveal my findings, I'm sure you would all think I was a paranoid schizophrenic! We better get a handle on it soon, or our US innovators will be doomed for the foreseeable future, and the US will become a second rate nation, by default.
This article doesn't even TOUCH on the seriousness of this problem. We should demand better!!
>>>Thanks to MPAA, we now have hardware based DRM
Do you mean Trusted Platform Module (TPM) specified by TCG? If it is what you meant, then some facts. Many recent PC boards have a TPM. Nevertheless, it is not systematically the case. Thus, no commercial DRM does use them. BTW, I doubt that many generic software do use TPM.
If you mean, some of the new features of future Intel SoC, then it is just a protection of the video path that is decrypted within the chip. No trap channel here.
Else, what did you mean by such hardware?
And of course, there is no relationship with APT. APT will exploit any potential available vulnerabilities, together with social engineering. And there are enough around without having to go to the paranoia of hidden trap doors.
Do you mean Trusted Platform Module (TPM) specified by TCG? If it is what you meant, then some facts. Many recent PC boards have a TPM. Nevertheless, it is not systematically the case. Thus, no commercial DRM does use them. BTW, I doubt that many generic software do use TPM.
If you mean, some of the new features of future Intel SoC, then it is just a protection of the video path that is decrypted within the chip. No trap channel here.
Else, what did you mean by such hardware?
And of course, there is no relationship with APT. APT will exploit any potential available vulnerabilities, together with social engineering. And there are enough around without having to go to the paranoia of hidden trap doors.
It's basically a government approved trojan... but one hell of a whopper of one.
Big enough to have all sorts of flaws included, providing attack vectors in abundance in all likelyhood.
Big enough to have all sorts of flaws included, providing attack vectors in abundance in all likelyhood.
A DRM scheme which has been taken over by criminals within an organization(remember Sony?); is a threat you will not easily extract from a PC system. That fits my understanding of an APT to a tee! The only recourse is to either remove all HD related hardware, or buy a computer without it; and definitely get a clean operating system from Microsoft.
Microsoft seems resigned to the problem, because they are offering free installation disks with SP1 to aid in fixing this issue. I've been struggling with DRM issues for three years, and found many of my clients with similar problems, were in even deeper hot water. I very vigorously suspect they fell into a trap built into every new computer that have these features if they are surmised to be a potential target. Almost all of them, are industrial developers, or are in the information chain to an innovator.
At the very least - it is a giant fiasco, and failed DRM scheme for one of my clients. The other victims had obvious attack evidence upon forensic examination. It didn't take much sleuthing to see this, because the attackers are so brazen.
Microsoft seems resigned to the problem, because they are offering free installation disks with SP1 to aid in fixing this issue. I've been struggling with DRM issues for three years, and found many of my clients with similar problems, were in even deeper hot water. I very vigorously suspect they fell into a trap built into every new computer that have these features if they are surmised to be a potential target. Almost all of them, are industrial developers, or are in the information chain to an innovator.
At the very least - it is a giant fiasco, and failed DRM scheme for one of my clients. The other victims had obvious attack evidence upon forensic examination. It didn't take much sleuthing to see this, because the attackers are so brazen.
you seem educated on the matter; surely you are aware that many HD capabilities in PC systems, especially cable ready system(MCard), were required since 2008 to be only government approved MPAA standards, hardware. When I ordered my HP CTO desktop, It had to have a DRM approved bios, video adapter, multi-media bay, tv card, digital tuner module, and blu-ray burner. Even the operating system was specially coded for this scheme, and a separate product key was required for both the operating system and the media center package!!
Just a FYI in case you weren't already aware. It has been a three year nightmare for me, and has only abated somewhat since SP2 for Vista Home Premium x64 systems. I'm sure even Microsoft had to abandon this scheme, as I see separate hardware devices are becoming available for private builders. I saw many government approved OEM go down the poop-shute since then, but then the stock market crash didn't help.
Just a FYI in case you weren't already aware. It has been a three year nightmare for me, and has only abated somewhat since SP2 for Vista Home Premium x64 systems. I'm sure even Microsoft had to abandon this scheme, as I see separate hardware devices are becoming available for private builders. I saw many government approved OEM go down the poop-shute since then, but then the stock market crash didn't help.
is it descriptive? Is the constant use and marketing hype cause it to be debased.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
