Scot Terban, otherwise know as @Krypt3ia, describes himself as a “whiskey loving infosec refugee and infamous crabby old bastard,” who performs penetration testing, incident response, forensics, and information security auditing at an undisclosed aerospace company.
Terban recently did a talk at BSidesLV titled “Attribution Shmatribution! FIX YOUR S**T!” which was well received by the attendees.
Terban says that buzzwords like APT, cyberwar, Anonymous, and active defense are commonly brought up in discussions regarding accurate attribution where cyber attacks are concerned. His talk focused on the question of what the point of attribution really is, and why so many are mistakenly obsessed with it.
“This talk is a cry for sanity in a world where the ‘new hotness’ is attributing who attacked you even though the damage has already been done,” Terban said.
Terban’s talk discusses common techniques of OSINT, psychology, sociology, forensics, asset classification, and other infosec standard practices within a framework for securing your environment in a more holistic manner.
We were lucky enough to catch up with Terban at BSIDESLV and get some insights on the fascination with attribution, why resources would be better utilized for understanding the how and why of an attack rather than just on who perpetrated it, and why the notion of “hacking back” is problematic.
BSidesLV 2013 Featured Sessions:
- BSidesLV Preview: The Object Monitor for Enhanced Network Security (OMENS)
- BSidesLV Preview: Fun with WebSockets Using Socket Puppet
- BSidesLV Preview: Open Source Pentesting and Forensic Distribution
- BSidesLV Preview: Vulnerabilities in Application Whitelisting
- BSidesLV Preview: Effective Communication in IT Security
- BSidesLV Preview: Baking Assurance into Software
- SidesLV Preview: Wireless Pen Testing and Assessments
- BSidesLV Preview: Using Machine Learning for Security Analytics
- BSidesLV Preview: Wireless Pen Testing and Assessments
- BSidesLV Preview: No Magic Bullets
P.S. Have you met John Powers, supernatural CISO?
Title image courtesy of ShutterStock