Skip to content ↓ | Skip to navigation ↓

Scot Terban, otherwise know as @Krypt3ia, describes himself as a “whiskey loving infosec refugee and infamous crabby old bastard,” who performs penetration testing, incident response, forensics, and information security auditing at an undisclosed aerospace company.

Terban recently did a talk at BSidesLV titled “Attribution Shmatribution! FIX YOUR S**T!” which was well received by the attendees.

Terban says that buzzwords like APT, cyberwar, Anonymous, and active defense are commonly brought up in discussions regarding accurate attribution where cyber attacks are concerned. His talk focused on the question of what the point of attribution really is, and why so many are mistakenly obsessed with it.

“This talk is a cry for sanity in a world where the ‘new hotness’ is attributing who attacked you even though the damage has already been done,” Terban said.

Terban’s talk discusses common techniques of OSINT, psychology, sociology, forensics, asset classification, and other infosec standard practices within a framework for securing your environment in a more holistic manner.

We were lucky enough to catch up with Terban at BSIDESLV and get some insights on the fascination with attribution, why resources would be better utilized for understanding the how and why of an attack rather than just on who perpetrated it, and why the notion of “hacking back” is problematic.

 

BSidesLV 2013 Featured Sessions:

 

P.S. Have you met John Powers, supernatural CISO?

 

Title image courtesy of ShutterStock