Drop zones and an intelligence war

in this post ( http://www.phenoelit.net/lablog/irresponsible.sl ), fx describes a drop zone for a phishing/banking trojan horse, and how he got to it.

go fx. i will refrain from commenting on the report he describes from secure science, which i guess is a comment on its own.

we had the same thing happen twice before in 2006 (that is worth mentioning or can be, in public).

once with a very large “security intelligence” company giving drop zone data in a marketing attempt to get more bank clients (“hey buddy, why are 400 banks surfing to our drop zone?!?!)

twice with a guy at defcon showing a live drop zone, and the data analysis for it, asking for it to be taken down (it wasn’t until a week later during the same lecture at the first isoi workshop hosted by cisco). for this guy’s defense though, he was sharing information. in a time where nearly no one was aware of drop zones even though they have been happening for years, he shared data which was valuable commercially, openly, and allowed others to clue up on the threats.

did anyone ever consider this is an intelligence source, and take down not being exactly the smartest move?

it’s enough that the good guys all fight over the same information, and even the most experienced security professionals make mistakes that cost in millions of usd daily, but publishing drop zone ips publicly? that can only result in a lost intelligence source and the next one being, say, not so available.

i believe in public information and the harm of over-secrecy, i am however a very strong believer that some things are secrets for a reason. what can we expect though, when the security industry is 3 years behind and we in the industry are all a bunch of self-taught amateurs having fun with our latest discoveries.

at least we have responsible folks like fx around to take care of things when others screw up.

i got tired of being the bad guy calling “the king is naked”, at least in this case we can blame fx. :)

it’s an intelligence war people, and it is high time we got our act together.

i will raise this subject at the next isoi workshop hosted by microsoft
( http://isotf.org/isoi2.html ) and see what bright ideas we come up with.

gadi evron,
ge@beyondsecurity.com.

Share