×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Spooks-as-a-Service Swarm RSA Conference

samzenpus posted about 2 months ago | from the if-you-can't-beat-them dept.

Security 38

itwbennett writes "As the list of victims of sophisticated cyber attacks expands, so does the need for specialized, high-priced, and hard-to-find talent to help investigate and recover from those attacks. The latest solution: hosted services offering access to cyber intelligence and incident response. 'At the RSA Security Conference this week, companies large and small are trumpeting the spy agency connections of senior staff as never before,' writes Paul Roberts. 'These new offerings — think of them as spooks-as-a-service — typically combine some degree of network and endpoint monitoring with a cloud-based management platform to gather and analyze data against data aggregated from other customers and third-party threat intelligence.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

38 comments

What, me worry? Mad Magazine called it... (1)

rts008 (812749) | about 2 months ago | (#46365481)

Spy vs. Spy slapstick at it's finest.

This world is getting so ludicrous, it makes those 1970's acid trips seem tame in comparison.

It's never a slapstick (2)

Taco Cowboy (5327) | about 2 months ago | (#46365769)

Spy vs. Spy slapstick at it's finest.

Before this, whatever we put online we have to worry about the spooks from China as well as the spooks from NSA.

Now, we have to worry about the spooks from China, spooks from NSA, and the RESIDENT spooks.

Whatever you want to call it - progression or regression - I call it scary.

Re:It's never a slapstick (1)

icebike (68054) | about 2 months ago | (#46369291)

Now, we have to worry about the spooks from China, spooks from NSA, and the RESIDENT spooks.

I agree, hiring someone who wasn't good enough to keep his job at the NSA/CIA to protect your business, seems sort of crazy. They can't even use the knowledge they might have gained while employed there. Employing one of these guys probably attracts more interest in your network from those three letter agencies.

And farming out yet more of your network to cloud providers and web based services just seems risky. Web based! Nobody has broken SSL right?

Re:What, me worry? Mad Magazine called it... (0)

Anonymous Coward | about 2 months ago | (#46366611)

Senior staff having spy agency connections turns my money to the direction of other providers. Selling their services to custom projects for the spy agencies doesn't, however, as long as they firewall their government businesses from the rest of market.

Don't understand (5, Insightful)

Anonymous Coward | about 2 months ago | (#46365493)

Aren't the spy agencies the ones doing most of the cyberattacks ?
Why do I want them associated with my security company ?

Re: Don't understand (1)

gruntspeak (1835180) | about 2 months ago | (#46365509)

What you need is a Tracebuster-buster, yo.

Re: Don't understand nigger penis! (-1)

Anonymous Coward | about 2 months ago | (#46365563)

What you need is a Tracebuster-buster, yo.

What you need is a NIGGERDICK in your mouth, yo.

Re: Don't understand (3, Insightful)

anubi (640541) | about 2 months ago | (#46365967)

In this modern land of anything goes I offer what we all need is a good, solid, minimal, and highly secure PUBLIC foundation system, of which we are all made very aware of exactly how it works, much like I had to "suffer" through years of English classes. Such a system would include a knowledge of HTML, TCP/IP, and a basic windowing system. Have this core system thoroughly understood and bug-free.

If webmasters conform to this, we should be able to limit the amount of hostile code released as there is no receptor for it in our machines, however any webmaster putting stuff on the internet requiring extensions and whatever will take the same risk as those distributing halloween candy to kids.... make those "hold harmless" clauses about as effective as someone distributing razor blades in apples and handing that to kids.

That little business phrase of "<insert applet here> required to view this page" would mean that business accepts FULL and UNLIMITED LIABILITY for mischief carried an any applet he required, just as anyone passing candy to kids also accepts full liability for what is in it.. Even requiring pop-ups would mean the business requiring the pop-ups agrees to full liability for anyone misled by an errant popup - even if that popup did not come from his site. I believe by now all of us see how pop-ups can be used for all sorts of phishing work, as once some hapless user is on some business site, he has to answer whatever the popup asks to make it go away. The popup may look real, but it could be just a planted bug to use the trust a customer had for a business.

I get the very strong idea that such a move would have a very chilling effect on the proliferation of hostile code when the ones who are encouraging its vectors to be installed are also compelled to accept liability for its actions.

If there is computing to be done, that oughta be done on the server side. In my mind, the client should be considered as dumb as a bag of rocks, only capable of sending and receiving data. It seems terribly risky to me to be running any sort of arbitrary code provided from "someone on the internet".

I know there will be cries of "assigning responsibility will be bad for business", however I assert that that is the kind of business I would be better off not having.

Re:Don't understand (1)

Anonymous Coward | about 2 months ago | (#46365603)

Aren't the spy agencies the ones doing most of the cyberattacks ?
Why do I want them associated with my security company ?

That's a nice little network you have there. It would be a shame if something happened to it.

Re:Don't understand (0)

Anonymous Coward | about 2 months ago | (#46366309)

Aren't the spy agencies the ones doing most of the cyberattacks ?
Why do I want them associated with my security company ?

Because they are the experts. You would be a fool not to take their expertise. Why would I want the services of your security company if you don't?

Cyber Intelligence (-1)

Anonymous Coward | about 2 months ago | (#46365497)

I always thought that network security guys were full of shit, and here's news tailor-made to confirm this.

NSA rules all. (0)

Anonymous Coward | about 2 months ago | (#46365537)

Accept your Masters and you will feel much better.

Re:NSA rules all. (-1)

Anonymous Coward | about 2 months ago | (#46365545)

Accept your Masters and you will feel much better.

I keep trying to explain that to the niggers!

FUD sells (4, Informative)

dutchwhizzman (817898) | about 2 months ago | (#46365573)


With all due respect, but most companies don't need this, they need to get and keep their IT secured and that should be enough.
If you *do* need this, you may not want to rely on a third party to provide you with this sort of service. Your assets are probably way too valuable to solely rely on a third party. The only reason you may want them is to keep tabs on the performance of your own resident spooks and SpookWare(tm), not to entrust the future of your company upon. While I do see a place in the market for these companies, the way they sell themselves is despicable and makes companies act lax and irresponsible towards having their security sorted out properly.

Ex-STASI swarm the conference (0)

Anonymous Coward | about 2 months ago | (#46365581)

Fixed the title for you

Cyber-war Profiteering (3, Funny)

Burz (138833) | about 2 months ago | (#46365643)

That's what it sounds like: Playing both sides.

Re: Cyber-war Profiteering (0)

Anonymous Coward | about 2 months ago | (#46368495)

Your Government is putting my kids through college.

Cybereason has a cool video (0)

Anonymous Coward | about 2 months ago | (#46365675)

Mentioned in the article, the company has a cool video showing how hacking works:
http://m.youtube.com/watch?v=8iUUirFjW5s

WTF??? (1)

Anonymous Coward | about 2 months ago | (#46365751)

Regardless of your connections as a businessman, you're not getting information out of a spy agency.

I also would trust anyone who claimed they could.

I also wouldn't trust the spy agencies not to be behind this as well.

Re:WTF??? (1)

Anonymous Coward | about 2 months ago | (#46366031)

Exactly what makes you think that spy agencies won't give information to corporations?

Re:WTF??? (0)

Anonymous Coward | about 2 months ago | (#46382723)

Precisely. Besides companies like Kroll Assoc et al, who've been in the corporate spy business for decades, now it's the 'fusion centers' that complete the 2-way info-sharing hand-shake on surveilance street.

Live long and prosper (5, Funny)

Zardus (464755) | about 2 months ago | (#46365805)

I read that as "Spocks-as-a-Service". That'd be a waay cooler market.

Re:Live long and prosper (0)

Anonymous Coward | about 2 months ago | (#46366801)

Oh, I suppose you mean S'chn T'gai / Carl / Harold. Not Benjamin, then? Ok, great.

Re:Live long and prosper (0)

Anonymous Coward | about 2 months ago | (#46367345)

(arches right eyebrow) Fascinating.

What's RSA have to do with security? (-1)

Anonymous Coward | about 2 months ago | (#46366153)

Not interested in anything that happened at the RSA Conference. I'm sure it had nothing to do with security.

Two options (0)

Anonymous Coward | about 2 months ago | (#46366335)

Either unplug completely, or become a full time hacker! The digital world is so intermixed with economics that everyone will need black-hat cyber-warfair battle skills for basic survival! It's appearantly a free for all, crazy, just crazy... I say take a hammer to the box, and physically smash it!

ISIS called (1)

drewsup (990717) | about 2 months ago | (#46366381)

They want Archer back !
in all seriousness, will this lead to multiple independent spy agencies ala Control, KAOS, ISIS? That cant be a good thing.

NSA conference (2)

Threni (635302) | about 2 months ago | (#46366551)

No-one's ever going to trust the NS..sorry, RSA again - might as well big-up the whole "we're in it together" thing while it lasts.

Refresh My Memory, Please... (2)

BlueStrat (756137) | about 2 months ago | (#46366607)

What was it you called a country where the government and powerful, "connected" private business interests merge?

Ohhh, silly me! *Now* I remember!

A Fascist Oligarchy, of course!

Welcome to the DRNA comrades! (Democratic Republic of North America) The new flag will be a black silhouette of a boot stomping a human face on a blood-red background.

Just wait until they run out of money they can rape from the domestic economy and begin a policy of international aggression to keep their hookers and blow flowing. The world is going to burn.

Strat

The old revolving door trick (1)

rmdingler (1955220) | about 2 months ago | (#46366615)

I just hope this doesn't become the IT equivalent of defense contractor morphing into DOD consultant and then back again.

Outspooking (0)

Anonymous Coward | about 2 months ago | (#46366673)

Just like 70's and 80's banana republics, where every larger business had to have a one or more generals or colonels on its Board, in order to gain "business agility". Even small businesses and individuals usually saw it expedient to gain access to some retired military officer - to smooth over necessary procedures and eventual "misunderstandings". Such as having a kid arrested on a whim, or because of a jealous neighbor, etc., by thugs demoralizing their uniformas inside-out.

Congratulations. Thugs for hire. Corporate, or "business" verion. Or, rather, "simply honest businessmen" version. As below, so "above". The same scam. It's a gangster Board. And, using the past to foresee the present it's backsliding into : "It gets even worse. Losing the metaphorical House, while trying to hold on to the devalued (I mean, inflated. No, devalued!) pennies.

Next: 'flash crash' from 'intelligence' feedback (0)

Anonymous Coward | about 2 months ago | (#46366957)

Remember how the markets escalated themselves down to a collapse when lots of automated trading programs, all watching each other's moves, made market buys and sells in a stupendous hurry and followed each other off a cliff?

Now imagine how the politics will escalate into hell as the automated spying programs watch each other.

One, two, four, eight, sixteen little actions ... after a while it's real trouble.

say what? (1)

slashmydots (2189826) | about 2 months ago | (#46367355)

The one and only definition I know for the word spooks is an offensive, racist term for black people. What exactly are they using it for?

Re: say what? (0)

Anonymous Coward | about 2 months ago | (#46368511)

Then you, sir, need to extend your vocabulary.

Re:say what? (0)

Anonymous Coward | about 2 months ago | (#46369143)

Just because you're illiterate doesn't mean everyone else is.

"Spook" is a time-honored (at least back to the beginnings of the Cold War, probably far older) term for anyone in the spy business.

Treadstone 71 and SYNCSTATE (0)

Anonymous Coward | about 2 months ago | (#46368543)

Take a look at the real deal here. Spoke with these guys at the con. Know their stuff and have a legacy running back 8 years

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...