Asymmetric warfare is war between belligerents whose relative military power differs significantly, or whose strategy or tactics differ significantly. “Asymmetric warfare” can describe a conflict in which the resources of two belligerents differ in essence and in the struggle, interact and attempt to exploit each other’s characteristic weaknesses. Such struggles often involve strategies and tactics of unconventional warfare, the “weaker” combatants attempting to use strategy to offset deficiencies in quantity or quality. Such strategies may not necessarily be militarized. This is in contrast to symmetric warfare, where two powers have similar military power and resources and rely on tactics that are similar overall, differing only in details and execution.
A complete guide to understanding and fighting advanced persistent threats—today’s most destructive risk to enterprise security
Reverse Deception: Organized Cyber Threat Counter-Exploitation explains how to identify advanced persistent threats (APTs), categorize them according to risk level, and prioritize your actions accordingly by applying expert, field-tested private- and government-sector methods (NSA, FBI, and DOD).
APTs cannot be seen, spread invisibly, and then continue to live in an enterprise network, undetected. In this one-of-a-kind book, the authors explain how to get—and stay—ahead of today’s well-organized and extremely persistent brand of network enemies. The book describes the characteristics of malware and botnets, how they can morph, evade detection, and spin off decoys that live in-network, while appearing to have been cleaned up and debugged. This detailed guide then reveals how to detect the appearance of malicious code, decode the types of enemies they originate from, and finally, how to extricate malcode and deflect its future entry into networks.
Full coverage of the #1 feared type of network attack today, the APT
Descriptions of cyber espionage tactics seen in the U.S. and internationally, with comparisons of the types of countermeasures permissible by law in the U.S. and Asia versus less strict countries in Europe, the Middle East, and Africa
Enthralling case studies and true stories from the authors’ FBI, DOD, NSA, and private sector work
Foreword by Fred Feer, a security professional with 40 years’ experience with the U.S. Army counterintelligence, CIA, RAND, and independent consulting
Complete coverage of key aspects of deception, counter-deception, behavioral profiling, and security within the cyber realm
Cat-and-mouse strategies from the best in the game—explains how to implement deception and disinformation techniques against a variety of incoming threats aimed at enticing adversaries out into the open
A fresh perspective on innovative, field-tested ideas for successfully countering current digital threats—plus expected characteristics of the next threats to come
Legal explanations of capabilities, limitations, and requirements for assisting law enforcement investigations
Deception Throughout History to Today; The Applications & Goals of Cyber Counterintelligence; The Missions and Outcomes of Criminal Profiling; Legal & Ethical Aspects of Deception; Attack Tradecraft; Operational Deception; Tools, Tactics & Procedures; Attack Attribution; Black Hat Motivators; Understanding Advanced Persistent Threats; When & When Not to Act; Implementation & Validation Tactics
With the end of the Cold War, U.S. national security perceptions concerning “Who is the threat?” have been thrown into free fall along with those governmental and military institutions meant to contend with it. Resulting from the spreading chaos and ambiguity in the nation-state system, which stem from the simultaneous processes of fragmentation and regionalization, a new question now needs to be asked—“What is the threat?” Increasingly, national security experts have argued that gray area phenomena,“. . . where control has shifted from legitimate governments to new half political, half-criminal powers,” will become the dominant threat.1 Such entities flourish in the growing failed-state operational environment where a condition of “not war–not crime” prevails and nation-state forces operating within it find themselves facing a severe capability gap.2 These entities disregard Western based “laws of war” and “rules of engagement” and are not concerned about such conventions as “legitimacy” or “public opinion.” Of further significance is the recognition that we are beginning the transition from the modern to the postmodern epoch in Western civilization. Past periods of transition such as this have historically witnessed the two collinear trends of the blurring of crime and war, along with shifts in social classes, economic modes, and motive sources which ultimately result in the fall of one civilization and its replacement by another more advanced one. 3 During the earlier shift from the medieval to the modern epoch, three new forms of social and political organization developed dynastic- (proto nation-) states, city-states, and city-leagues—as competitors to the then dominant feudal structure,4 in tandem with the domination of the battlefield by the non state soldier. Ultimately the early nation-state form and its mercenary armies won out over both these competitors and the preexisting civilization based upon Church, empire, and fief. As the shift to the post-modern epoch becomes more pronounced, we can expect similar competitors to the nation-state form and our modern civilization to emerge along with the accompanying non-state soldier. One such projected warmaking entity, “Black,” and its advanced means of waging war will be discussed in this paper. It is based upon an organizational structure far different than the classical hierarchy to which we are accustomed. Rather, it is nonlinear in function, composed of informational paths analogous to webs and nets, and basic units characterized as nodes and free floating cells.5 Such an organizational structure allows for the greater exploitation of postmechanical energy sources, advanced technologies, and new warfighting concepts which will come to dominate what we will term “war” in the decades to come.
The wonders and advantages of modern age electronics and the World Wide Web have also, unfortunately, ushered in a new age of terrorism. The growing connectivity among secure and insecure networks has created new opportunities for unauthorized intrusions into sensitive or proprietary computer systems. Some of these vulnerabilities are waiting to be exploited, while numerous others already have. Everyday that a vulnerability or threat goes unchecked greatly increases an attack and the damage it can cause. Who knows what the prospects for a cascade of failures across US infrastructures could lead to. What type of group or individual would exploit this vulnerability, and why would they do it? “Inside the Mind of a Criminal Hacker” sets the stage and cast of characters for examples and scenarios such as this, providing the security specialist a window into the enemy’s mind – necessary in order to develop a well configured defense. Written by leading security and counter-terrorism experts, whose experience include first-hand exposure in working with government branches & agencies (such as the FBI, US Army, Department of Homeland Security), this book sets a standard for the fight against the cyber-terrorist. Proving, that at the heart of the very best defense is knowing and understanding your enemy.
* This book will demonstrate the motives and motivations of criminal hackers through profiling attackers at post attack and forensic levels.
* This book is essential to those who need to truly “know thy enemy” in order to prepare the best defense.
* . The breadth of material in “Inside the Criminal Mind” will surprise every security specialist and cyber-terrorist buff of how much they do and (more importantly) don’t know about the types of adversaries they stand to face.
“The Forgotten Homeland” gathers some of the leading homeland security experts to analyze the United States’ most significant vulnerabilities and to propose strategies to reduce them. The report addresses terrorist as well as non-terrorist threats, and offers ideas for strengthening all aspects of emergency response – including the ability to respond to natural disasters such as Hurricane Katrina.