Hacking Back: Offensive Cyber Counterintelligence

Sean M. Bodmer CISSPi? CEHi? Sean M. Bodmer is Director of Federal and Military Programs at Savid Corporation, Inc. Sean is an active Honeynet researcher specializing in the analysis of signatures, patterns, and behaviors of malware and attackers. Most notably he has spent several years leading the operations and analysis of advanced intrusion detection systems (honeynets) where the motives and intent of attackers and their tools can be captured and analyzed in order to generate actionable intelligence to further protect customer networks. Sean has worked in various Systems Security Engineering roles for various federal government entities and private corporations over the past decade in the Washington D.C. Metro area. Sean has lectured across the United States at industry conferences such as DEFCON, PhreakNIC, DC3, NW3C, Carnegie Mellon CERT, and the Pentagon Security Forum all covering the aspects of attack and attacker assessment profiling in order to identify the true motivations and intent behind cyber attacks. Gregory Carpenter, CISM, has earned numerous professional awards including the Joint Task Force for Global Network Operations Officer of the Quarter, recognition in the Who's Who in International Business, and serves on the U.S. Government's Cross Domain Solution Working Group, the Joint Wireless Working Group, and many others. As Team Chief of Information Operations, He develops plans and oversees the use of full -spectrum Information Operations which includes Computer Network Operations, Electronic Warfare, Operations Security, Psychological Operation and Military Deception in support of military and National Objectives. He develops, reviews and proposes Military Operational and & National Policy strategies for Cyber Operations. He has received numerous professional awards, including the prestigious National Security Agency Military Performer of the Year in 2007 and the Joint Task Force for Global Network Operations Officer of the Quarter, 2nd Qtr 2006. He was recognized in Whos Who in International Business in 1997 the same year he was the 1st US Army Non-Commissioned officer of the Year (1st Runner-up). Lance James is founder of Secure Science Corporation in 2003, which provides intelligence-based services and products for computer forensics and anti-phishing applications for major financial institutions and government agencies. Also founder of invisiblenet.net, a distributed cryptographic framework for the internet for anonymity and privacy. Hes been a keynote speaker at Secret Service meetings focused on electronic crimes, at major universities, and is a frequent speaker to law enforcement, regulatory, and government intelligence agencies, as well as serving as an expert witness in U.S. Congressional hearings. He has been quoted on the subject in multiple media outlets, including CBC, CNN, the BBC, the David Lawrence Show, ZDNet, Wired News, CSO, USA Today, Fox News, and the Washington Post David Dittrich has been actively involved in security operations for nearly 20 years. He got his start supporting others whose computers had been compromised and maintains an applied focus to his research, striving to teach others what he has learned. Dave was the first person to publicly describe Distributed Denial of Service (DDoS) attacks in 1999, precursors to today's botnets, and has a keen interest in identifying technical, legal, and ethical options to allow advanced responses to advanced threats. Dave was one of the original members of the Honeynet Project and has served as an Officer for much of the group's history (currently as Chief Legal and Ethics Officer). He coined the term "Active Response Continuum" in 2005 to describe the socio-technical hurdles that defenders must overcome and to guide researchers and security operators in bridging the gaps between skill levels of responders and between private actors and law enforcement, all the while acting in ways that maintain trust and confidence from the general public. Recently, Dave has published several documents concerning the ethical issues faced by computer security researchers and others responding to advanced malware threats, and has served as a member on one of the University of Washington's Institutional Review Board (IRB) Committees since 2009. He, along with Erin Kenneally, are co-authors of the Department of Homeland Security document, "The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research," published in the Federal Register in December, 2011.

Preface
Ch 1. Introduction
Ch 2. Deception Throughout History to Today
Ch 3. The Applications & Goals of Cyber Counterintelligence
Ch.4. The Missions and Outcomes of Criminal Profiling
Ch 5. Legal & Ethical Aspects of Deception
Ch 6. Attack Tradecraft
Ch.7. Operational Deception
Ch 8. Tools, Tactics & Procedures
Ch 9. Attack Attribution
Ch 10. Black Hat Motivators
Ch 11. Understanding Advanced Persistent Threats
Ch 12. When To & When Not To Act
Ch 13. Implementation & Validation Tactics
References
Appendices