Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

OPERATION SHADY RAT: Or As I like To Call It; Operation Shady Crap

with 3 comments

First, let me preface with an expletive laced rant that will be stripped for the straights at Infosecisland.. Please forgive the capslock shouting, but I cannot contain myself here!

//CUT HERE

HOLY WHAT THE FUCK?

McAffee WHAT IS THIS EPIC BULLSHIT YOU ARE PUTTING OUT THERE TO FUD THE CONGRESS INTO WANTING TO SEE IT? ARE YOU THAT FUCKING DESPERATE TO APPEAR AS TO KNOW WHAT THE FUCK IS GOING ON WITH REGARD TO APT THAT YOU PUT THIS “BOOGA, BOOGA, FEAR, FEAR, FEAR, FUD, BUY OUR PRODUCTS CUZ WE SAW SOME SHIT” LIGATT-IAN PRESS RELEASE?

YOU ARE WASTING OUR COLLECTIVE TIME AND IF YOU FUCKING GO TO CONGRESS WITH THIS BS I FULLY EXPECT TO SEE A NO CONFIDENCE VOTE IN THEM AND YOU!

NO.. WAIT…I ALREADY THINK YOUR PRODUCT IS JUST SHIT.

CONGRESS… WELL WE KNOW HOW USELESS THEY ARE TOO.. I GUESS YOU SHOULD BE FAST FRIENDS HUH?

END CUT//

Ok, now that I have that out of my system, I will now attempt to explain a few things in a civil manner on the RAT/APT situation. First off, there is nothing new here as I have said before on numerous occasions. This type of activity says more about the laxity of the targets security as well as the intent of the adversary in gathering state desired secrets on the part of China. The simple facts are these;

  1. China wants to have an edge and it finds itself using the Thousand Grains of Sand strategy to its benefit in the digital arena
  2. We have made it easy for them to compromise our systems due to lack of accountability and the short term gains seen by individuals within companies
  3. The adversary is smart and will do what it takes up to even intercepting helpdesk tickets and fielding problems to keep their persistent access!
  4. This has been going on for a long time and now is just getting out to the press.. Ok, I get that, but really, sowing FUD to win business will not help

It is readily apparent from this POS that McAffee has put out that they are just fishing for some press here for their flagging AV sales. This paper gives nothing relevant to the story around APT and as such, it should be just relegated to the dustbin of the internet and forgotten. Yes, the US was a major target but others were as well. This is a nation state working on these APT attacks, come on now! They have more interests than just the US! Just as much as you (McAffee) had access to ONE server out of many! Never mind all the others that were fleeting and pointed to by DYNDNS sites!

Really McAffee, you come off looking like rank amateurs here… Well, I guess you are really for pulling this little stunt altogether.

The adversary has been around for a long time. No one product nor service is going to protect us from them (that means you McAffee) so it is useless to try and sell us the snake oil you would like to. It is our own human natures that we have to overcome to handle the least of the problems that feed into group think and herd mentality in corporations and governments. Face the facts, they are here to stay and we need to learn the game of ‘Go’ in order to play on their field.

Unfortunately, we get dullards like these (McAffee) crying wolf and offering unctions to take our troubles away.. Unfortunately all too often there are too many willing to buy into their crap.

… And we keep losing.

K.

Written by Krypt3ia

2011/08/15 at 18:25

3 Responses

Subscribe to comments with RSS.

  1. To be fair, such mongering seems to be par these days. (witness recent Sabu the Islamic terrorist bullcrap.). Doesn’t help that the higher up one goes in .gov, the more credulous the audience.

    Asherah

    2011/08/15 at 20:02

  2. Asherah,
    Yeah, I know.. It sucks really that people just buy into BS but this paper was just over the stop stupid with a side of pandering.

    Krypt3ia

    2011/08/15 at 20:05

  3. When I got my first gig in security, I was told “two things sell products – fear of loss or hope of gain. We operate under fear of loss.”
    But, to be honest, I was stunned when this whole thing came out, because to me, for some reason, it wasn’t new. It was mentioned and then hushed up about years ago, but there were no really specific, firm details released then.

    skullaria

    2011/08/31 at 10:05


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: