The increased number of cyber attacks against government entities and the hypothesis that the U.S. government should take an offensive strike against hackers who hit the countries raised the discussion on the problem of the attribution.
Prevention, mitigation and response to cyber attacks must rely on a deep knowledge of the potential attackers and their tactics, technique, and procedures (TTPs).
The analyzing of various sources is a critical factor to gather intelligence information on cyber threats and government entities are looking with increasing interest in the Dark Web. Intelligence experts are aware that cyber criminals, terrorists, and lone hackers crowd the dark park on the web to communicate each other, to exchange information and for many other illegal activities.
The US Government analysts are confident that the analysis of the Dark Web data could help to warn industry about planned attacks.
However, this process is not so simple, as highlighted by security experts there are two factors to carefully consider:
“Tipping your hand could mean compromising your sources close to the adversary and disrupt a valuable information-gathering process” explained Shane Harris, Daily Beast senior intelligence and national security correspondent, speaking at IBM’s i2 Summit for a Safer Planet.
By sharing the information with companies there are enormous benefits in the short terms, but as explained by Matthew Wong, director of intelligence for Flashpoint, there is the risk to lose the long-term gain of intelligence.
The question is “whether the government has a responsibility to help its citizens or its corporations,” said Wong “And sadly, the act of helping sometimes causes undesired effects. If you help a company, you’re risking your sources and methods, so that’s why the government sometimes doesn’t help citizens and companies even though it has the power and ability to do so,” “You can have a short-term gain now, if you use this intelligence to protect this asset, and then you lose the long-term gain of intelligence and you potentially lose the ability to leverage that information to protect yourself in the long term.”
Part of the security community is convicted that divulging the information collected during the investigation, especially from Dark Web resources, may induce changes in the modus operandi of the attackers that are difficult to predict and would risk undermining the efforts of previous intelligence operations.
Keeping confidential the information collected during the information gathering activities could give the intelligence agencies and law enforcement the opportunity to conduct further researches on the attackers, profile them and uncover completely the infrastructure they plan to use in the attacks.
“Just because we have the intelligence to stop every intrusion doesn’t mean we should,” Wong said.
(Security Affairs – Dark Web, intelligence)