For anyone in the business of securing IT, reading about cyber security can be both fascinating and frightening at the same time. At a national level cyberware is in the spotlight. Numerous sites are covering the latest news including this article that recently discussed in detail how, just last fall, ‘cyberweapons’ were cleared for use alongside other weapon systems in the US. And yes this includes a scenario where they can be used pre-emptively (and who knows - maybe they already were...anyone remember stuxnet?)
It’s not just national security. The means that hackers have at their disposal seem to be ever creative and sophisticated. Classic social engineering will never go away, but terms like ‘Zero Day Exploits’ and ‘Advanced Persistent Threats’ are formidable enemies to plan for. So what can a company do to try and stay one step ahead? No doubt hearing details behind a successful security breach are intriguing. But when we're fortunate enough to get details about proactively preparations, they can be equally fascinating.
Enter ‘Operation Loopback’ conducted at Facebook. As details have emerged on numerous sites, the steps the executive team went thru are indeed the stuff of high drama. The story starts with a short, urgent e-mail from the FBI with just enough details to get the security response team engaged. Having no idea this is "just a drill", the reported incident quickly escalates to ‘unbreak now’ status (the Facebook label for “DEFCON 1”). Along the way the numerous internal teams at Facebook coordinate and communicate to discover both a zero-day exploit and some nasty backdoor code. The drill was so elaborate it involved the help of former employees (software developers) to make the attack and code look as realistic as possible. As an executive described the drill, it was as much about the human interaction as the technical details:
"The team had grown substantially in the prior year, and we wanted to see if everyone is going to start screaming at each other or blaming each other because 'your logging system broke,' or 'your automated alerting should have triggered over here.' That was the human side of the test."
You can find a full write up on Operation Loopback at numerous sites, including here at ars technica Anyone have a story to share on proactive testing? How do you feel your team would react to a similar drill as 'Operation Loopback'? Are you sure?