BY CHRIS LUCAS
Cyber Intelligence Specialist
The Source Intelligence Center (TSIC)
Former FBI Cyber Special Agent Andre McGregor says cyber terrorist operations are highly effective despite their unsophisticated nature. McGregor – now director of security at endpoint protection company Tanium – spoke earlier this month at the RSA Conference in San Francisco shedding light on cyber-terrorism and the subject of state and non-state actors attempting to launch attacks against countries by targeting critical infrastructure systems, in addition to focusing on cyber warfare and attempts by nation-state actors to gain an advantage on enemies by sabotaging military and critical infrastructure targets. Regarding cyber terrorist attacks, McGregor says attackers often boast about their activities and successful attacks.
Now that McGregor works in the private sector he directs teams that constantly monitor cyber activity of countries of interest. Notably, Iran was characterized as not having any cyber capabilities in 2010. That said, Iran’s cyber capabilities since 2010 have evolved as a result of the Stuxnet worm attack on the Natanz nuclear facility that same year. Iran’s cyber attacks started out as simple website defacing but evolved into more malicious attacks later on that have involved Distributed Denial-of-Service (DDoS), spear-phishing, Remote Access Trojans and other exploits. Additional cyber threat actors discussed by McGregor included ISIS (notably Junaid Hussain of Team Poison), the Syrian Electronic Army and North Korea….
Subscribe now to continue reading this premium content from The Source Worldbeat.
Many of the attacks mentioned above have been unsophisticated and have not required any target analysis, a command and control system, or extensive learning. McGregor believes that Iran is the only threat actor so far to have launched well-structured attacks that required a high degree of planning, target analysis, C&C and learning capabilities. ISIS (Daesh), North Korea and the Syrian Electronic Army, Iran’s earlier attacks all fall into the “simple-unstructured” attack category according to McGregor. Still, many of these attacks have managed to achieve their end-goals. McGregor believes however, a cyber 9/11 like attack is unlikely to come from terrorist organizations. China, Russia and Israel all possess far more sophisticated cyber capabilities, but the probability any of these countries would launch a destructive attack against the United States is slim based on the interconnectedness with Western economies. Both Moscow and Beijing also realize that the United States would retaliate. However, McGregor stated his greatest concern is still Iran as they are the least predictable.
Finally, McGregor deems that terrorist-launched cyber attacks will continue to see success as long as organizations fail to secure their systems. Cyber terrorists have many of the same capabilities as cyber criminals but where cyber criminals are after information to turn a profit, cyber terrorists are not as financially motivated if it all and will let their target know they have been breached. The U.S. government is taking steps to address these data protection shortfalls, particularly after the Office of Personnel Management (OPM) breach McGregor stated, but organizations that don’t have the technical capabilities and finance of top-tier agencies will continue to be vulnerable. Even so, McGregor believes this problem can be addressed by focusing efforts on management and increasing education.
To view McGregor’s RSA presentation Click Here .