Reverse Deception: Organized Cyber Threat Counter-Exploitation (127 page)

RAT (Remote Administration Tool or Remote Access Trojan)
A tool used for legitimate and nefarious purposes to access a client or private computer by someone who is not the local user.

RBN (Russian Business Network)
The underground and illegal operations of Russian enterprise.

ROI (Return on Investment)
A calculated step that evaluates the resources applied to an activity/process/problem set to see if the utilization of the aforementioned resources is worth the investment.

RSYNC (Remote Synchronization)
The ability to synchronize folders on a computer and another component.

SALUTE (Size, Activity, Location, Unit, Time, Equipment)
An acronym used for succinct reporting by US military forces to summarize foreign force activity.

SCADA (Supervisory Control and Data Acquisition System)
A computer system used to manage and control industrial processes and activities across an infrastructure-based system’s (power, water, gas, oil, etc) operations.

SLA (Service-Level Agreement)
A standard document used to define the level or depth of services from one organization to another, generally regarding the level of service a vendor will provide a customer.

SSCT (State-Sponsored Cyber Threat)
A cyber actor or entity that is resourced by a formal government.

SSH (Secure Shell)
A network protocol for secure communications through tunneling.

SSID (Service Set Identification)
A unique identifier of 32 characters attached to the header of packets sent over a wireless local area network (WLAN), used as an authenticating agent or password for all traffic operating within that IEEE 802.11 WLAN.

SSL (Secure Sockets Layer)
Cryptographic protocols providing security, which encrypt above the transport layer by using asymmetric, symmetric, and message authentication codes.

SSR (System Security Readiness)
The approach to security wherein the system’s settings are ready for security inspections or testing of its security settings.

TLD (Top-Level Domain)
A domain that sits at the highest level in the hierarchy of the Domain Name System (DNS), such as .com, .net, and .edu.

TTP (Tools, Tactics, and Procedures)
The ways, resources, and means of categorizing a number of operations, their methods, and their preferred tool set and methods.

URI (Universal Resource Identifier)
A unique string that defines the location of files and other resources stored on web servers across the Internet that are both publicly and securely visible to those with the appropriate credentials (generally synonymous with URL).

URL (Universal Resource Locator)
A unique address that correlates to a web page on the Internet.

US-CERT (US Computer Emergency Readiness Team)
The US government organization subordinate to the Department of Homeland Security and charged with improving the US cyber posture and informing US cyber users of impending threats and existing vulnerabilities.

USCYBERCOM (US Cyber Command)
A US subunified command responsible for defending US critical infrastructure and military systems of interest, which is subordinate to the US Strategic Command (USSTRATCOM).

UTC (Universal Time Clock)
Greenwich Mean Time (GMT), commonly identified as Zulu time in military operations.

VM (Virtual Machine)
A computer system that operates within another operating system, independent of its host.

VMM (Virtual Machine Manager)
Software that provides for centralized control of IT infrastructure.

VPN (Virtual Private Network)
A secure network that operates over the Internet or through other shared and unsecure areas.

Index

9/11 attack

100 Acre Wood Boot Camp

2009 FBI Uniform Crime Report

A

abuse.ch
data repository

academic research abuse

access control lists (ACLs)

ACLs (access control lists)

acquisition security

actionable intelligence

actions

ACTs (advanced cyber threats)

Adobe

advanced cyber threats (ACTs)

advanced persistent threats.
See
APTs

adversaries.
See
attack characterization

adversary environment

advertising campaigns

Ahmadinejad, Mahmoud

Allee, Verna

AmaDa tracker

ambiguity-decreasing deceptions

analysis detection systems

annotated codes

anonymity

“Anonymous” hactivist group

Anti-Malware tool

antivirus.
See
AV

Anubis data repository

application vulnerability scenario

APTs (advanced persistent threats).
See also
threats

        conclusion

        considerations

        criteria

        defined

        defined by Wikipedia

        examples of

        history of

        Internet value chain and

        investing in

        sizing up

        value networks and

        value of

        vs. persistent threats

ARPANET

Assange, Julian

asset development/handling

asset validation

AT&T wiretaps

attack attribution.
See also
profiling

        civilian cyber warrior

        conclusion

        example study

        levels of information in objects

        overview

        profiling vectors

        references

attack characterization

        conclusion

        events

        forensic adversary characterization

        motive/intent

        overview

        postincident characterization

        real-world tactics

        starting point for

        theoretical

        threats

attackers.
See also
hackers; victims

        antisocial behavior

        blocking vs. monitoring

        characterizing.
See
attack characterization

        commuters

        educational level

        marauders

        motivation.
See
motivation

        organized vs. disorganized

        personality traits/behaviors

        profiling.
See
profiling

        skill level

        social networks.
See
social networks

        social psychology

        state-sponsored

        symbols

        time considerations

        understanding

attacks.
See also
engagements; threats

        attribution.
See
attack attribution

        balance of power and

        blocking vs. monitoring

        characterization.
See
attack characterization

        cost vs. profit

        into criminal infrastructures

        detection of.
See
detection

        e-mail-based

        hacking back

        infiltration response planning

        isolating

        measuring resources

        metrics applied to

        numbers involved in

        opportunistic

        opportunistic turned targeted

        origination points

        overkill

        planned vs. premeditated

        postmortems

        risk tolerance

        skill level

        skills/methods

        targeted

        timeliness aspect of

        when to act/not act

Attorney General Guidelines

autopsy, psychological

Autopsy Browser

AV (antivirus)

        described

        fake antivirus (FAV)

        rogue AV-based products