FireEye and the value of information

easyDNS is pleased to sponsor Jesse Hirsh‘s “Future Fibre / Future Tools” segments of his new email list, Metaviews

What will it take for us to hold it together


We’re a couple of weeks away from the darkest day of the year, and while there’s a light at the end of the tunnel, what if that light is a train headed towards us and not an exit from the situation we’re in?

There does seem to be a rising sense of doom, amidst the death that is around us. An understandable sentiment this time of year, albeit compounded by the pandemic.

Yet there is reason for hope. Vaccines are rolling out and with it an opportunity to protect the most vulnerable. However that roll out will not happen fast, and the effectiveness remains theoretical. As does the length of its effectiveness.

Meanwhile the edges are fraying. Or perhaps we’re the ones who’re fraying.

Let your guard down for a second and you might find yourself standing among people who still refuse to wear masks. Or worse, Governors who fear accurate data on where the pandemic stands.

Rebekah Jones is a former Florida Health Department worker who built the state’s COVID dashboard and was fired after she refused to manipulate the data displayed on said dashboard.

Her response to the firing was to keep working on a public dashboard, called “The COVID Monitor” which tracks cases in every school district in the US.

On Tuesday state police raided Rebekah’s house.

Florida law enforcement agents searched the home of former state data scientist Rebekah Jones on Monday, entering her house with weapons drawn as they carried out a warrant as part of an investigation into an unauthorized message that was sent on a state communications system.

“At 8:30 am this morning, state police came into my house and took all my hardware and tech,” Jones said via Twitter. She added, “They were serving a warrant on my computer after DOH filed a complaint.”

The Florida Department of Health is the agency that fired Jones in May, after she helped create the state’s COVID-19 dashboard.

Jones has said she lost her job after she refused requests to manipulate data to suggest Florida was ready to ease coronavirus restrictions. A spokesperson for Florida Gov. Ron DeSantis said at the time that she “exhibited a repeated course of insubordination during her time with the department.”

The search warrant was authorized as investigators tried to learn who sent a chat message to a planning group on an emergency alert platform, urging people to speak out publicly about Florida’s coronavirus strategies.

It may seem that after a traumatic year we’d be numb to this sort of shit but thankfully it still elicits the kind of outrage it deserves.

It took less than 18 hours for this GoFundme to eclipse it’s goal of $150,000.

Yet it is also shocking that the act of tracking the transmission of this virus would become such a political act. A threat to a state that seeks to downplay the pandemic’s impact.

Although also a reminder of the value of data, especially when that data can undermine or subvert official narratives.

And in a pandemic, information is even more valuable, especially given the vulnerability this crisis has created for many governments.

Therefore, if you wanted to hack a government, step one would be to hack the security company that protects said government.

One example of valuable data, is the knowledge of vulnerabilities, and how they can be used to compromise or hack systems.

FireEye, a top-end cybersecurity firm that works to protect government and corporate systems alike, itself announced on Tuesday it was the target of what it described as hackers from “a nation with top-tier offensive capabilities,” with the hackers stealing FireEye’s own offensive tools which could be used for future hacking operations.

The news highlights how those in the cybersecurity industry can also be the target of hackers, and in particular, those who may hold valuable hacking techniques.

“This attack is different from the tens of thousands of incidents we have responded to throughout the years,” FireEye CEO Kevin Mandia wrote in a blog post. “The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past.”

Specifically, the announcement said FireEye found the hackers stole “Red Team assessment tools,” tools that are used to offensively test systems’ security for the benefit of customers who want to make sure that their defenses could withstand a real attack. In response, FireEye released methods for detecting the use of such tools, presumably in case the hackers decide to use them in the future.

This is a huge development, and builds off our “myth of security” issue from last week.

The tools that were stolen in this hack were offensive tools. Software intended to break into systems. While FireEye used them “ethically” to pentest and probe clients, these tools are now in the hands of whoever successfully staged this attack.

FireEye revealed on Tuesday that its own systems were pierced by what it called “a nation with top-tier offensive capabilities.” The company said hackers used “novel techniques” to make off with its own tool kit, which could be useful in mounting new attacks around the world.

It was a stunning theft, akin to bank robbers who, having cleaned out local vaults, then turned around and stole the F.B.I.’s investigative tools. In fact, FireEye said on Tuesday, moments after the stock market closed, that it had called in the F.B.I.

The $3.5 billion company, which partly makes a living by identifying the culprits in some of the world’s boldest breaches — its clients have included Sony and Equifax — declined to say explicitly who was responsible. But its description, and the fact that the F.B.I. has turned the case over to its Russia specialists, left little doubt who the lead suspects were and that they were after what the company calls “Red Team tools.”

These are essentially digital tools that replicate the most sophisticated hacking tools in the world. FireEye uses the tools — with the permission of a client company or government agency — to look for vulnerabilities in their systems. Most of the tools are based in a digital vault that FireEye closely guards.

The impacts of this hack will be far reaching and the echoes could last years.

It should also inform current debates and potential policies around how such knowledge is managed and protected.

Radicals in the opsec world argue that no backdoors should be maintained. A hole used by one can be a hole used by all.

Imagine designing data protection and privacy policy with the assumption that everyone gets hacked? That the issue is not prevention, but mitigation.

“This news about FireEye is especially concerning because reportedly a nation-state actor made off with advanced tools that could help them mount future attacks,” Rep. Adam Schiff, chairman of the House Select committee on Intelligence, said. “We have asked the relevant intelligence agencies to brief the Committee in the coming days about this attack, any vulnerabilities that may arise from it, and actions to mitigate the impacts.”

The relationship between the US and Russia has been surreal the last four years, although contentious is arguably a more accurate description. Not just contentious between the two countries, but the idea that Russia is hacking the US remains contentious. There are many who feel that Russia’s role is a fiction designed to delegitimize the outgoing POTUS.

All of which guarantees that the new administration will not only face a heightened espionage environment driven by hacking, disinformation, and sabotage. It will also face a skeptical public that doesn’t know what to believe.

Let’s just consider it a good distraction from the Bob Dylan news.

Now that Bob Dylan sold his entire catalog to Universal Music will we start seeing TikToks using his songs/lyrics?

The edges are fraying. How long until it all unravels? #metaviews

One thought on “FireEye and the value of information

  1. It is amazing how politicisation obscures rational reasoning. And also how the paucity of scientific knowledge leads partisans to want to falsify data UNNECESSARILY.

    Rebekah Jones produced a a map display of some data which appeared to contradict a correct political decision. She should not have been asked to alter the data, still less be raided.

    Here is the problem: PCR tests do not measure active virus. In fact, at the absurdly high number of amplification cycles being used, a positive PCR could pick up viral RNA fragments from an encounter with SARS-CoV-2 that the testee had vanquished months ago. So the positve test could actually be evidence of immunity.

    In other words, the map that Ms Jones was asked to produce (and then fake) provided no useful information one-way or the other re the lockdown poilcy.

Leave a Reply

Your email address will not be published. Required fields are marked *