Cyber Operations, Ogsm, League discussed on Malicious Life
The team spent months gaining access to the network and learning what was in there. He couldn't go into detail about the techniques used but he didn't give me include that it all starts with email. 'cause I can't speak specific to us but if you look at you look at Cyber Operations Writ Large Ninety. I think this was in. This is in the hacking podcast over ninety percent of cyber attacks. Today start with email. And it's not just a spearfishing link it's access to that email account the username the email the email address in the password. That's that's that's where you can start and you can pivot everywhere from that. I've looked into a lot of hacks and whether it's an AP tea or just a bunch of teenage hackers yet. They love getting into email accounts to poke around. This is common for hackers and effective for getting more information and to move further into the network getting into an email account is golden. You can pivot from the email account into the other accounts associated to that email. Any thing that's tied to that email password reset so you can pick from email address into the aws account into the cloudflare count. Whatever that may be the email is the key that is the core piece to pivot through. Whoa that make sense. Yes of course. If you have access to my email address you could go to another service. I have my web hosting and Tell Them. I lost my password. And they'll send a link to my account with the password reset and if you had access to my email then you could see that and reset passwords so yeah getting access to someone's email account can open the doors to tons of other things. That person has to you so take note on this. Protect your email access. Make it a high priority to secure it. I give it a long complex password. Then enable two factor authentication on it make it hard for anyone to get in your email because of someone does get in. They could access to almost everything to operation. Going symphony was getting into their email accounts. This was getting them access to a ton of stuff and once they got in. They needed to establish persistence. This is where they can stay in the network hidden unseen even if how they got in got fixed or patched and this might be enabling a root kit or opening back door or leaving some program running that lets you connect back in later. We had multiple access vectors into the whole system. So it wasn't there wasn't just there wasn't just one one piece of software or exploit or something there was. It was a whole suite of things that that gave us the understanding in the access network doing this time the learned about what's in the network and they spent time pairing the infrastructure with the exploits needed us and they had a lot of meetings on what the best course of action was to take it all out if you make it on their list. It's it's not a matter of if it's just went like I was amazed working there that any challenge that would come to the folks at NSA or any of the developers. It was just a matter of time before they figured it out. There was nothing that I saw them. You know throw their hands up and say it's impossible. It might not be the way that you thought they would find a way to answer your question. Forget where you wanted to go. The assembled other people in deems. We're we're getting them ready. We had four or five of those teams because we had so many targets and they each got ten to fifteen targets right because we had to do the whole operation as quick as we could and because we didn't want to enemy no once part of the network was being taken down or locked out and then they start to they kind of like shut us off from getting to the rest. We had to do it all at the same time before they could catch on. So I'M GONNA assume targets are our servers social media accounts email addresses bank accounts mobile accounts like just. Let's try to completely delete as much as possible. All of those targets were on the docket. It was lockout. The League. Miss configure reroute. Sees anything that you could do to stop the network from functioning. We had to come up with. Who had which targets and then which ones it was. It was planned out to a T. Like down to the keystroke of this is the one I'm talking to. This is the one that I'm going. After first. And then second third fourth fifth and it was and they were pivoting and they were all dependent upon each other and the other team had their same list of starting with this one in going down the list and moving in pivoting and working their way through so we planned that out in detail and rehearsed it in detail prior to the operation. That was the that was the next step. That's amazing because when I was a network engineer I would get my scripts approved by other people before making a change and I never imagined hackers also getting their scripts approved before and they'll and then practicing as well. That's really something. Oh Yeah we we would. You had your plan to t- in we scripted it in a test environment to make sure that it worked all the way through to automate some things we automated as much as we could but then you still have to do some hands on stuff but we tested it. We had developers and technical directors review before we went to go and do it. We had an extensive amount of a Hertzel's before anything was actually executed on the real target. Everyone's got their practice on. This is their primary focus right. This is they're the one operation. Everyone was working on and focused on when you woke up when you go. This team was Ogsm all day every day. Osias operation going symphony in case. You're wondering it's name of this operation and yet the people on the team would come in and nights and weekends to conduct a lot of this preparation because there are certain things you want to do. When nobody's around to reduce your chances of being caught and certain tools and software had to be custom built to get it just right so people were working really hard to get everything ready for this cyber strike. The lastingly needed to do was pick a time window and when they can do this operation. The ten minute window was picked. Because that's when we.