http://analysisintelligence.com/cyber-d ... nizations/" onclick="window.open(this.href);return false;
very good read..
DNR
Pattern of Life and Temporal Signatures of Hacker Orgs
Pattern of Life and Temporal Signatures of Hacker Orgs
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
Re: Pattern of Life and Temporal Signatures of Hacker Orgs
very
knuffeltjes voor mijn knuffel
[img]http://i911.photobucket.com/albums/ac320/stuphsack/Sig.jpg[/img]
[img]http://i911.photobucket.com/albums/ac320/stuphsack/Sig.jpg[/img]
-
bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: Pattern of Life and Temporal Signatures of Hacker Orgs
good one...but I disagree on the "This might just be the peak of internet traffic" for wednesdays, because the peak is definitely on sunday afternoons, at least for "standard" users (the kind that causes those comparatively high loads on my servers then)... 
Re: Pattern of Life and Temporal Signatures of Hacker Orgs
well some of the tactics were pretty obvious and used a while back.
People are creatures of habit, they tend to eat, sleep, go online at close to same time everyday or on a weekday/weekend pattern as well. Work can add to time schedule available for that person to be online (some login mostly at work).
Then checking IPs of the poster was typical - you would find the IP range is issued to a country. If it is USA, you might find it geolocated to a particular state or region. Normal people awake 6am and go to bed about midnight - Eastern time, Pacific time, whatever.
topics of conversation - people talk about lame shit - "oh I am eating breakfast" or "Go Giants! (sabu lol!)" The Giants comment about the New york football team - helped confirm Sabu's ID as a person in NYC.
I also try to analyze their posts - how they write, and the topics they talk about - it can also profile a person just based on their text.
-
You can break this pattern - by using multiple IDs online, one day you use "ID#1", the next day you use "ID#2" - now people trying to track "ID#1" will not know about "ID#2" and the online patterns of "ID#1" will be missing the activity of "ID#2". You can also intentionally shift your online 'time zone' - change your online internet activity to '9 to 5' of a different time zone. Change your sleep/awake time.
DNR
People are creatures of habit, they tend to eat, sleep, go online at close to same time everyday or on a weekday/weekend pattern as well. Work can add to time schedule available for that person to be online (some login mostly at work).
Then checking IPs of the poster was typical - you would find the IP range is issued to a country. If it is USA, you might find it geolocated to a particular state or region. Normal people awake 6am and go to bed about midnight - Eastern time, Pacific time, whatever.
topics of conversation - people talk about lame shit - "oh I am eating breakfast" or "Go Giants! (sabu lol!)" The Giants comment about the New york football team - helped confirm Sabu's ID as a person in NYC.
I also try to analyze their posts - how they write, and the topics they talk about - it can also profile a person just based on their text.
-
You can break this pattern - by using multiple IDs online, one day you use "ID#1", the next day you use "ID#2" - now people trying to track "ID#1" will not know about "ID#2" and the online patterns of "ID#1" will be missing the activity of "ID#2". You can also intentionally shift your online 'time zone' - change your online internet activity to '9 to 5' of a different time zone. Change your sleep/awake time.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
Re: Pattern of Life and Temporal Signatures of Hacker Orgs
I've been thinking about this article today, and I think at least a portion of the collected data is available because we have not evolved to use the internet asynchronously.
A hacker, whether funded or not, could do their job when ever, and where ever they pleased... making observations of time hacking vs. work week ineffective.
So this data is interesting because it shows that both the attackers profiled and the profilers are still looking at the internet as a 2 dimensinal world where everything is still as it seems; when it has as much depth as we care to use these days.
I see now that DNR has come to the same conclusions... and while I can see that using metaphore to describe what I'm thinking can lead to confusion, I don't have a better way to phrase it
A hacker, whether funded or not, could do their job when ever, and where ever they pleased... making observations of time hacking vs. work week ineffective.
So this data is interesting because it shows that both the attackers profiled and the profilers are still looking at the internet as a 2 dimensinal world where everything is still as it seems; when it has as much depth as we care to use these days.
I see now that DNR has come to the same conclusions... and while I can see that using metaphore to describe what I'm thinking can lead to confusion, I don't have a better way to phrase it
knuffeltjes voor mijn knuffel
[img]http://i911.photobucket.com/albums/ac320/stuphsack/Sig.jpg[/img]
[img]http://i911.photobucket.com/albums/ac320/stuphsack/Sig.jpg[/img]