Bejtlich on Fox Business After the Bell


NOT A GOOD PRECHRISTMAS. DAVID: SORRY ABOUT. THAT ANOTHER DAY, ANOTHER HEADLINE ABOUT A CYBERATTACK. WE HEARD ABOUT HACKERS GETTING FINANCIAL FIRMS TO TRADE ON M&A INFORMATION. THEN HACKERS ATTACKED SONY AND XBOX LIVE, LEADING THE FBI TO WARN BUSINESSES ABOUT A NASTY, VERY NEW DESTRUCTIVE MALWARE BEING USED. LIZ: IN COMMENTS TO FOX BUSINESS TODAY THE FBI TOLD US, QUOTE, U.S. BUSINESSES ARE WAY BEHIND ON CYBERSECURITY. SO WE’RE BRINGING IN RICHARD BATES, FIREEYE SECURITY STRATEGY. FIREEYE IS RESPONSIBLE FOR DISCOVERING AND PINPOINTING MANY OF THESE ATTACKS. RIGHT OFF THE BAT, RICHARD, WHERE ARE THE MOST RECENT ONES COMING FROM? CAN YOU FIGURE THAT MUCH OUT SO FAR?>>WELL, LIZ, THERE IS A WHOLE RANGE OF BAD ACTORS OUT THERE. WE CONTINUE TO SEE ACTIVITY FROM CHINA. WE CONTINUE TO SEE ACTIVITY FROM RUSSIA. NORTH KOREA HAS BEEN AN ACTIVE PARTICIPANT IN THIS SORT OF STUFF IN THE PAST AND THEY APPARENTLY ARE VERY ACTIVE NOW. WE ALSO SEE IRAN. SO YOU HAVE QUITE A COLLECTION OF ROGUES THERE. DAVID: SUSPICION ABOUT NORTH KOREA, BECAUSE THIS ONE FILM SONY HAD COMING OUT WAS ABOUT NORTH KOREA, IN FACT SPECIFICALLY ABOUT SOMEBODY TARGETING NORTH KOREA’S LEADER, THAT THEY HAD A BONE TO PICK WITH SONY AND REALLY WENT AFTER IT DIRECTLY. IT WASN’T ABOUT GETTING FINANCIAL INFORMATION. IT WAS ABOUT TRYING TO SCREW UP SONY. ANYMORE NEWS ON NORTH KOREA AND ITS ATTACK ON SONY?>>WELL, DAVE, THE FBI WARNING THAT YOU MENTIONED DIDN’T SAY ANYTHING ABOUT EITHER THE COMPANY SONY OR NORTH KOREA SPECIFICALLY. THE ONE MENTION OF KOREA WAS THE LANGUAGE THAT WAS EPBEDDED INSIDE OF THE MALWARE THAT YOU OPENED THE STORY WITH. NOW WHAT IS INTERESTING ABOUT THIS MALWARE, THIS SORT OF DESTRUCTIVE ATTACK HAS BEEN SEEN IN TWO PLACES. IT HAS BEEN SEEN BY THE NORTH KOREANS AGAINST SOUTH KOREAN BANKS LAST YEAR, LAST SPRING. ALSO BEEN SEEN BY IRAN AGAINST SOME OF ITS NEIGHBORS, SAUDI ARAMCO AND RAZ GAS. WHAT IS ALSO INTERESTING IRAN AND NORTH KOREA HAVE A TECHNOLOGY PARTNERSHIP THAT THEY SIGNED IN SEPTEMBER OF 2012. LIZ: WELL, SEE THERE YOU ARE. THE BAD ACTORS ARE EVERYWHERE AS YOU SAY. NOW WE’VE ALSO SEEN THE THREAT OF SOME TYPE OF HACKING ATTACK CIRCULATING WALL STREET FIRMS AND IT IS NOT JUST TO GAIN ACCESS TO THEIR CLIENTS BUT MORE IMPORTANTLY TO GAME THE STOCK MARKET. WHAT CAN YOU TELL US ABOUT THIS, THAT THEY’RE TRYING TO FIND OUT, INTERCEPTING EMAILS AND MERGERS AND ACQUISITIONS MIGHT BE TAKING PLACE?>>THAT’S RIGHT, LIZ. WE’VE SEEN THIS SORT OF ACTIVITY FOR MANY YEARS BUT ONLY LAST SAY YEAR-AND-A-HALF HAVE WE SEEN IT IN SUCH VOLUME AND ATTRIBUTED TO THE ONE GROUP WE WERE ABLE TO IDENTIFY THAT WE CALL FOUR IN OUR LATEST FIREEYE MANDIANT REPORT. WE DECIDED WE HAVE ENOUGH EVIDENCE TO PUT SOMETHING OUT TO THE PUBLIC TO WARN PEOPLE THIS IS HAPPENING AT SCALE. NOT JUST ONE OR TWO ISOLATED EVENTS. DAVID: RICHARD, SO MUCH OF THE INFORMATION WE HEAR ABOUT CONCERNING HACKERS COMES FROM THE MILITARY, THE U.S. MILITARY. IS THIS A MOMENT OR MAYBE IT ALREADY HAPPENED WHERE THE MILITARY ACTIVELY WORKS WITH U.S. COMPANIES TO TRY TO PREVENT FOREIGN COUNTRIES FROM HACKING US?>>WELL, THERE IS ALL SORTS OF ISSUES THERE. THE MILITARY DOES NOT, THE TRADITIONAL TITLE 10 MILITARY DOES NOT HAVE THE AUTHORITY TO DO THAT SORT OF WORK. IT IS MORE OF A POLICE FUNCTION. YOU SEE THE FBI, SECRET SERVICE, TRYING TO WORK WITH AMERICAN COMPANIES. I DON’T THINK THE MILITARY IS NECESSARILY THE RIGHT TOOL HERE ALTHOUGH WE DO SEE SOME CASES WHERE NATIONAL GUARD UNITS WORKING FOR GOVERNORS HAVE BEEN ABLE TO HELP COMPANIES BUT HONESTLY THERE ARE SORTS OF PRIVACY ISSUES AND CONSTITUTION ISSUES WHEN YOU TALK ABOUT MILITARY ASSISTANCE TO PRIVATE SECTOR COMPANIES. LIZ: SO INCREDIBLY COSTLY FOR SMALL COMPANIES. JPMORGANS AND TARGETS OF THE WORLD CAN REALLOCATE SOME MONEY TO PUT IT INTO THE CYBERSECURITY BUT I TALK TO A LOT OF GUYS WITH MIDDLE MARKET COMPANIES OUT IN SILICON VALLEY. WE CAN SEE BAD GUYS KNOCKING ON OUR FIREWALL. WE DON’T HAVE THE MONEY IN OUR SMALL I.T. DEPARTMENT TO PROTECT OURSELVES. IS THERE ANYTHING THESE COMPANIES SHOULD BE DOING HIRING YOU AT A HIGH PRICE OR SOMETHING TO PROTECT THEIR OWN FIREWALLS AND FILL THE CRACKS THAT ARE IN THEM?>>THE BEST THING THEY CAN DO, THIS IS ADVICE THAT APPLIES TO ANYONE, LARGE COMPANY, SMALL COMPANY, GOVERNMENT, ET CETERA, TREAT THIS AS A BUSINESS PROBLEM. THIS ISN’T A I.T. ISSUE. THIS PROBLEM CAN’T BE SOLVED BY INSTALLING A FIREWALL. YOU HAVE TO ADMIT THIS IS BUSINESS PROBLEM FROM OTHERS DOING COMPETITIVE ACTIVITIES TO SABOTAGE THAT IS HAPPENING IN YOUR COMPANY. ONCE YOU TREAT IT AS BUSINESS PROBLEM, YOU JUST DON’T SAY, SOMETHING THE I.T. GUY WILL TAKE CARE OF WITH ANTIVIRUS. THAT IS THE BEST ADVICE I RECOMMEND TO EVERYBODY. DAVID: IT’S A SERIOUS PROBLEM WE’LL ALL BE DEALING WITH. RICHARD, THANK YOU VERY MUCH, FIREEYE CHIEF SECURITY STRATEGIST

Leave a Reply

Your email address will not be published. Required fields are marked *