U.S. Expands Role in Cyber Defense

Your next video will start in

Recommended Videos

  • Info

  • Comments


July 12 (Bloomberg) -- Former Director of Incident Response at GE Richard Bejtlich discusses cyber espionage with Cory Johnson on Bloomberg Television's "Bloomberg West." (Source: Bloomberg)

Reports on chinese hacking activity -- let's bring in a chief security officer at a cyber security firm who has published several reports on chinese hacking activity.

This is a fairly new program.

It's important to realize that the information direction here is from the government to isp's and consists of very specific information, namely the ip addresses of computers that the government excesses as being under the control of chinese -- assesses as being under the control of chinese hackers.

The isp can see that activity and potentially stop it.

The court says, these are the individuals, these are the computers, this is the problem, or is it a different methodology altogether?

This is completely separate.

This is the idea of the government to has some visibility into adversary activity, sharing specific threat intelligence to an isp for the purpose of trying to interject that activity and defend a customer.

Whether or not that is valuable is another question.

This has nothing to do with monitoring the activity, surveillance, or anything having to do with the latest disclosures.

What do you mean, it's another question?

Is it useless stuff anyway?

Information like this has some value.

It's mostly useful in a forensic manner when you want to say, have any of my computers been talking to these ip addresses.

If they have, there is a chance they are compromised and have been under someone else's control.

It is easy for an adversary to figure out and then change that information.

To abandon those computers that were taken over illegally, shift to new computers, and continue their hacking activity.

We constantly track this activity.

When we released the report in february we were watching a change from the set of indicators released to new indicators that nobody knew about.

The record is mixed about whether or not this actually works.

I'm thinking of drug dealers with burner phones where they have the device they are using to make their illicit deal and then getting rid of the device.

That's a very good analogy, except in this case, imagine that the phones have all been stolen from their legitimate users and the users don't necessarily even know that the phone is being used by a hacker.

Do we expect that this is -- the justice department is doing this, or whom?

From what i have read this is a dhs program.

Threat intelligence sharing with private sector is mostly run out of dhs.

There is been mention of the fbi as well.

The reason for fbi involvement is the fbi is responsible for counterintelligence in this country.

What if we seen in terms of activity from chinese hacking?

You guys have come out with groundbreaking stuff.

Really tying it to the chinese army.

Are we seeing this as a steady pace?

Where are we now?

The report we released, a pt -- apt 1, they decreased their activity, changed some of their actions, changed their online profiles right when we released the report within 48 hours.

Then they decrease some of the activity and in recent weeks have come back to regular levels.

This is one group out of dozens that we track.

The other groups continue their activity.

It's the same thing with other groups from russia or iran.

There has not been a dip in overall threat activity over the last six months.

Is there a threat to businesses here?

There can always be a threat, but is there a sense that they are really going after -- ties between government and business and technology are very strong.

I'm wondering if there is corporate spying going on here and if that is a threat to technology and businesses.

It is a tough time to be in business from the digital perspective.

There are plenty of gains to be made from exchanging information, but depending on industry are in, you have to worry about state-sponsored intruders, organized crime.

There are hacktivists you are looking to make a name for themselves or damage your brand.

-- who are looking to make a name for themselves or damage your brand.

I'd been in this industry for 15 years and never seen so much activity coming to the surface.

We are working 12 to 15 engagements a week but nobody hears about.

I think the business community has come to realize that.

So it's the tip of the iceberg, or the shark nato is out there?

There's a lot of activity going on.

Unless there is some mandatory requirement to disclose, as you might have with the loss of customer information, personally identifiable information, industry seeks to fix a problem, cooperate with law enforcement, and since many of these cases cannot really result in prosecution, it never sees the light of day.

Chief security officer, thank you for joining us.

This text has been automatically generated. It may not be 100% accurate.


BTV Channel Finder


ZIP is required for U.S. locations

Bloomberg Television in   change