Re: The New York Times Plays with Fire

[Brian Keefer <chort () smtps net>]

On Feb 1, 2013, at 2:19 PM, Dave Aitel wrote:

> So one thing I think is interesting is that New York Times story.
>
> Here's how it goes, in bullet points:
> 1. NYT knows it's ruffling feathers, so it hires AT&T (??) to "watch
> their network"
> 2. AT&T sees something, so NYT calls in Mandiant
> 3. Mandiant and NYT let the Chinese hack things and watch them while
> they penetrate into the domain controller and lots of other machines.
> 4. Article about this comes out on NYT.com, calling out the Chinese.
>
> <snip>

> In other words, playing games with hackers on your network for a story
> is a fundamentally bad idea. Because at some point, you're going to find
> a contractor who screws up and doesn't follow their own policy (or can't
> type) and it's going to take down your whole business.
>
> -dave
>
> -- 
> INFILTRATE - the world's best offensive information security conference.
> April 2013 in Miami Beach
> www.infiltratecon.com

That's Mandiant's MO, so far as I can tell. If you're getting attacked by folks you know will be back over and over 
again, it makes sense to learn their tactics and behavior so you're better prepared for next time. That's pretty much 
standard from what I've seen of the incident response scene in general the last two years. If there's a firm that's 
trying to kick the intruders out immediately, I'd love to hear an argument in favor of it.


--
chort

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave