Living in the Shadow of the Shadow Brokers - SANS DFIR Summit 2018
Published 2018-10-11
Have something you absolutely wanted to know about this great spy vs. spy saga, but were afraid to ask? This is your chance!
Jake Williams (@MalwareJake), Senior Instructor, SANS Institute
When a complex cyber attack put a private equity investment of more than $700 million on hold, the stakes couldn't have been higher. But that's exactly the kind of challenge that motivates Jake Williams, a computer science and information security expert, U.S. Army veteran, certified SANS instructor and co-author of FOR526: Memory Forensics In-Depth and FOR578: Cyber Threat Intelligence. To help mitigate the attack, Jake plied his information security expertise, discovered that not one but three different attackers had compromised the firm's network, and went about countering their moves.
Jake relishes the idea of meeting adversaries on the cyber battlefield. "I went into this field because I wanted a challenge," he says. "Infosec is like a game of chess to me. The attacker plays their moves and you play yours."
Jake started his information security career doing classified work with the U.S. government and was awarded the National Security Agency (NSA) Exceptional Civilian Service Award, which is given to fewer than 20 people annually. "I am immensely proud of the things I've accomplished," Jake says. "I'm positive the world is a safer place because of my work."
Today, Jake runs a successful Infosec consultancy. He's been involved in high-profile public sector cases including the malware analysis for the 2015 cyber attack on the Ukraine power grid. He's also tackled a variety of cases in the private sector. In one, Jake discovered attackers compromising a custom service the client had distributed to all its endpoints. Leveraging experience and insight with advanced persistent threats helped Jake "think like the attacker" and determine the attacker's likely hiding spots.
All Comments (2)
-
More US officials and commentators should heed what Edward Snowdon said in 2019. "If its electronic it can be hacked; if it travels through the air or along wires it can be collected and analysed; anything that is on your phone, your laptop, your work computer is vulnerable to US and overseas agencies and their proxies. If you use any Google products and software, anywhere in the world, on any device, everything on them or passes through them is archived. If you work in any sensitive area in government or private industry, leave your laptop and phone at work when you go home, and never work from home and never carry a smartphone." Is that enough? We in agencies in Australia have a rule. If you get a job at ASIS, ASIO, DSD, DIO, local versions of FBI, CIA, NSA and Defense Cyber Command, and you leave, you can never work in any technology or communications field ever again. With DSD and DIO, your employment record does not exist. You cannot even tell your family what your job is. You know this when you join. There is no HR department, no recruiting, no job description. Nothing is kept on paper or electronically that you exist. You are known as a number and your pay comes from a big government department thats part of a totally unrelated area like Fisheries. You cannot use your time as a reference because you will not exist. You don't even do a tax return. You are secret and you are told this when you are approached to "do a job of national importance". They will even go so far as keeping you on the payroll forever if necessary. You are sworn to secrecy for life. If you breath security you are imprisoned indefinitely. There is no public trial. Thats how secure this stuff has to be. We do not have leaks. The consequences are unimaginable. The NSA is completely insecure as are all its employees. The thought that you could leave and get a job using what you learned there in private industry, has us rolling our eyeballs. But that employees with a social conscience have leaked their hacking tools and used them to hack back in, is excuisite irony.
