[Dailydave] The New York Times Plays with Fire
Brian Keefer
chort at smtps.net
Mon Feb 4 10:36:42 EST 2013
On Feb 1, 2013, at 2:19 PM, Dave Aitel wrote:
> So one thing I think is interesting is that New York Times story.
>
> Here's how it goes, in bullet points:
> 1. NYT knows it's ruffling feathers, so it hires AT&T (??) to "watch
> their network"
> 2. AT&T sees something, so NYT calls in Mandiant
> 3. Mandiant and NYT let the Chinese hack things and watch them while
> they penetrate into the domain controller and lots of other machines.
> 4. Article about this comes out on NYT.com, calling out the Chinese.
>
> <snip>
> In other words, playing games with hackers on your network for a story
> is a fundamentally bad idea. Because at some point, you're going to find
> a contractor who screws up and doesn't follow their own policy (or can't
> type) and it's going to take down your whole business.
>
> -dave
>
> --
> INFILTRATE - the world's best offensive information security conference.
> April 2013 in Miami Beach
> www.infiltratecon.com
That's Mandiant's MO, so far as I can tell. If you're getting attacked by folks you know will be back over and over again, it makes sense to learn their tactics and behavior so you're better prepared for next time. That's pretty much standard from what I've seen of the incident response scene in general the last two years. If there's a firm that's trying to kick the intruders out immediately, I'd love to hear an argument in favor of it.
--
chort
More information about the Dailydave
mailing list