Thursday, January 24, 2019

The Threat Intelligence Market Segment - A Complete Mockery and IP Theft Compromise - An Open Letter to the U.S Intelligence Community

I recently came across to the most recently published DoD Cyberspace Strategy 2018 which greatly reminded me of a variety of resources that I recently took a look at in terms of catching up with some of the latest cyber warfare trends and scenarios. Do you want to be a cyber warrior? Do you want to "hunt down the bad guys"? Watch out - Uncle Sam is there to spank the very bottom of your digital irrelevance. How come?

It appears that the U.S is re-claiming back the dominance over the "communication channel" using a variety of real-life oriented cyber threats including referencing and citing security researchers and NGOs (Non-Profit Organization) as potential threats. Takes you back - doesn't it? If it's going to be massive it better be good.


It's been several years since I last posted a quality update following my disappearance and possible kidnapping attempt circa 2010. What really took place during that period of time? The rise of ransomware? The rise of Tech Support Scams? Yet another botnet currently spreading In The Wild? A market-driven buzz-word generation? Take that - ransomware is there to take care, hundreds of thousands of supposedly relevant IOCs (Indicators of Compromise) TTPs (tactics techniques and procedures) discussed to the bottom of your PR-relevant online presence. The Rise of the Threat Hunter job career opportunity basically empowering with you with the almighty skills to "track down" and "shut down" the bad guys? You wish - Uncle Sam is always there to take care.

Let's discuss the Threat Intelligence market segment and offer an in-depth discussion on its inner working including a possible discussion on the Threat Intelligence market segment in today's modern Intelligence Community successfully realizing the consequences of what was once a proprietary network known as the Internet - today's modern cyber warfare operational battlefield.


Many of my blog readers are familiar with my work throughout the years however what you might not be aware of is the fact that throughout the 90's I used to pioneer the position of Technical Collector in the context of processing hundreds of malicious and user-friendly Trojan Horses also known as Remote Backdoors what would be later on described as Remote Access Tools through my hacker enthusiast years as an independent contractor and novice hacker working with the market-leading LockDownCorp anti-trojan horse software including leading to what would be later on better described as the foundations of the Threat Intelligence market qualitative Technical Collection including the very basics of the foundations of CYBERINT.

Let's discuss in-depth the current state of the Threat Intelligence market segment including an in-depth discussion on the Threat Intelligence market segment in the context of today's modern U.S Intelligence Community.

  • Indicators of Compromise - the vary basics of formulating a new buzz-word for what was once a proprietary-term coined by the Intelligence Community to populate and disseminate actionable nation-state Cyberspace data to a variety of defensive and offensive Cyber Warfare Units can be best described as a New Age in the area of responsive and proactive OSINT type of acquisition methodologies that can be best described as a new way to acquire leaked and potentially data-and-resource exposure in a variety of automated ways. Generalizing the very basics of the Threat Intelligence market segment in the context of potential Indicators of Compromise leaks can be best tackled in a way of offering central repositories including "government-free" access including a nation-state Early Warning System for potential Cyberspace threat data including a variety of Indicators of Compromise to prevent wide-spread data and information leaks further protecting the U.S Government from current and emerging threats.
  • Corporate Sector Data Mining Should Considered - what was once best known as "conducting cyber espionage through botnets" including the conducting of "cyber espionage through data mining of malware-infected corporate networks" can be best described as today's proposed central Incident Response based central-repository empowering the U.S Intelligence Community with the necessary data and expertise to stay ahead and act upon current and emerging cyber threats.
  • Private Sector Cooperation and the "You Wish" mentality - the general assumption that the private sector will continue to cooperate and empower the U.S Intelligence Community with the necessary data information and knowledge should be considered a wrong approach on the U.S Intelligence Community's way to further protect the U.S national infrastructure including the proactive response to current and emerging cyber threats. What can be best done to further protect the U.S Government from current and emerging threats can be best described as a modern central-repository of "government-free" access based Cyber Threat Data type of platform.
  • Slicing the Threat on Pieces Should be Ignored - What can be best described as the process of slicing the threat "on pieces" is today's modern World of PR agencies and Threat Intelligence market segment intermediaries including the active labeling of a particular group of interest or an individual as a separate entry leading to an overall mis-confusion in the context of actually providing actionable Threat Intelligence to the U.S Intelligence Community that could ultimately better protect the U.S National Infrastructure. With the mainstream media continuing to raise the buzz around popular terms and newly coined cyber threat actor groups in the face of the rise of the advanced persistent threat media-buzz generating initiative it should be clearly noted that the overall irrelevance of labeling a specific cyber threat actor in the public domain should be considered as an irrelevant exercise in the broad context of providing the U.S Intelligence Community with the necessary data information and knowledge to stay ahead of current and emerging cyber threats.
  • Tactics Techniques and Procedures Should Be Buzz-Word Ignored - The very basics of coining a term term for the purpose of describing what can be best described as a general cyber threat methodology known as qualitative assessment should be considered as a possible flag raising operation that should be considered as a possible source for mis-confusion in terms of the broader context of discussing and reacting to current and emerging cyber threats.
  • The Rise of the "Threat Hunter" Cyber Security Career Position Is Already Causing Headaches - The rise of the "Threat Hunter" career position can be best described as a complete failure to understand the basics that drive today's modern Cyber Warfare Team including possible defensive and offensive Cyber Warfare Units and Cyber Operations Groups. With everyone "interested" in becoming a Cyber Warrior including a possible "Threat Hunter" it should be noted that the over-supply of private-sector companies stealing revenue from Uncle Sam for the purpose of enriching and disseminating actionable Threat Intelligence is overly increasing resulting in the overall demise of what was once a proprietary technology and know-how in the hands of a few that truly grasped the market and its potential successfully serving the needs of the U.S government for years to come.
  • The Rise of Secondary Markets for IOCs Should Provide "Government-free" Access - The general over-supply of market-segment driven repositories of actionable Threat Intelligence data should be greatly attributed to a variety of factors including the rise of the Threat Intelligence market segment and should be considered as a way for the U.S Intelligence Community to clearly seek a technical and potentially market-segment relevant way to populate a potential Cyber Threats data-base using public and proprietary sources with a clear "government-free" access in mind.



Current Proposals to U.S Intelligence Community in Terms of Threat Intelligence and Nation-State Actors:

  • Clusted Activity - Taking into consideration the fact that on the majority of occasions the majority of quality Threat Intelligence type of data is publicly obtainable using a variety of public and potentially proprietary sources is should be considered feasibly possible for the U.S Intelligence community to build manage and operate a proactive-based Cyber Threats anticipating platform including a possible Early Warning Based type of OSINT-capable system able to anticipate and act upon current and emerging threats with a possible cluster-based type of data mining and information processing capabilities potentially serving the needs of the U.S Intelligence Community.
  • Government-free Access - The very notion that an Indian-based company will successfully manage launch and operate a Threat Intelligence business should be largely ignored for the very sake of figuring out a way to obtain access to a particular company's Threat Intelligence data information and knowledge citing potential Nation Security issues. What should be considered in terms of obtaining access to a company's data-base citing potential National Security issues is the so called notion of "government-free" access based type of private sector partnership.
  • Talent Acquisition Roles - In today's modern Talent Acquisition Wars it should be clearly noted that a select set of key individuals can greatly contribute to the overall demise of cybercrime internationally taking into consideration the overall demise of the "Wisdom of the Crowds" market-segment driven-concept. What should be considered when hiring a potential top-notch Cyber Warfare and Information Warfare-based type of personnel shouldn't be necessary years and decades worth of experience but the overall disruptive degree of the individual in terms of "making a change" and "making an impact" compared to a certification-based-driven crowd of individuals.
  • Central Repository - What the modern U.S Intelligence Community can better do to better protect the nation's Infrastructure should be considered in something in the lines of a central-private-sector driven repository of Threat Intelligence type of data including the notion of a "government-free" access in terms of obtaining access to a public or a proprietary company information and data assets.