Plausible Deniability

A growing number of firms are trying to capitalize on the trend toward proactive intelligence and prevention of e-crime, and the announcement today of the acquisition of Arlington, VA-based cyber intel firm Cyveillance by defense contractor Qinetiq speaks directly to the fundamental underlying trend behind this.

As we wrote recently in our ESP Quarterly, ‘The Evolving Endpoint Agent‘, the past three years have witnessed a revolution in malicious code writing. Professional, well-funded organized criminal groups have poured resources into the development of more powerful and versatile programs. Their goal is the theft of personally identifiable information, the theft of intellectual property, and the enrollment of millions of hosts into large botnet armies designed to distribute tasks, generating the computing power necessary to perpetrate fraud, theft and brute-force attacks.

More important, the criminal groups committing these crimes have become larger and more sophisticated. As criminals go, so do terrorists and those who seek to fund terror. For the first time, this brings the world of viruses, phishing scams and other fraud out of the realm of commerce and smack into the world of nation-state intelligence services: when your enemy is funding his operations through phishing, phishing becomes a security priority. For government, leaving commercial, public networks out of the picture when it comes to cyber security is simply no longer a tenable option.

This is not to suggest that government has responded in an organized or consistent fashion to the threats at hand: it has not. Lumpy and uneven distribution of understanding of the core issues; a notable lag in government agencies’ ability to formulate a response, lobby for budget and gain mandates to conduct cyber-intelligence operations; and internecine squabbling over turf and other issues have plagued efforts to enumerate, let alone catch, bad guys. But the will is there, efforts are underway and the response will come – it’s just a question of working the system until it’s good to go.

At the same time, those at the business end of the battle over cyber crime and cyber terror – financial institutions, mainly – are facing challenges like never before. Some time ago, we saw a sea change: banks began to cooperate in ways previously unseen in terms of the sharing of information about common threats. Until very recently, this kind of information was considered to be competitively sensitive – by revealing specific threat vectors, one risks having a rival reverse-engineer an IT landscape in the same manner as it has been reverse-engineered by a cyber criminal creating malware that specifically targets a given bank.

Yet the volume of attacks and their sophistication increased so dramatically that banks had no choice but to begin teaming up to confront a common enemy. The National Cyber-Forensics and Training Alliance (NCFTA), for example, was created to be a neutral collaborative forum in which critical and confidential information about cyber incidents could be shared among industry, academia and law enforcement.

Conversations with information security professionals of the type that would join NCTFA, informal polling of banking IT security professionals and general industry scuttlebutt holds one thing to be true: at this point, we are approaching the ceiling of what we can do reactively. People want proactive tools.

Not to put too fine a point on it, people want aggressive preemptive action taken against bad guys. The use of force, something which is rare to hear information security professionals talk about, is now being discussed at least theoretically. But to even consider any kind of action, you have to find out who’s doing what, when, to whom, and how. Then at least you can have discussions about a range of pre-emptive moves. Until you do that, you’re shouting at the surf.

Cyveillance gathers intelligence about the villainous and illegal use of digital content, and the misrepresentation and resale of digital content into real-world assets. The high-level issues that concern Cyveillance’s client organizations around the world involve cyber-squatting for the purposes of fraud and phishing; online sales of counterfeit and stolen goods; and the peddling of stolen digital assets. In addition, the vendor can provide valuable insight into a slew of other areas, from mere smut peddling, distribution of dangerous child pornography and criminal communications to other spooky stuff. Typically, Cyveillance messages around the first three areas, and conducts the latter quietly on behalf of various government and law enforcement agencies.

We have written a deal analysis of the acquisition which runs tonight in our TechDealmaker service containing target and acquirer profiles, deal rationale and deal details.