Recently we talked to Matt Monte, author and security expert, about his book, the cyber implications of the pandemic, and more.
For those of you that don’t know him, Matt has 20 years’ experience developing computer security tools and strategies for companies and the U.S. government. His career includes technical and leadership positions in industry and the U.S. Intelligence Community. He holds a Bachelors and Master of Engineering in Computer Science from Cornell University. He is currently leading efforts at Kudu Dynamics, a small software company that specializes in understanding and exploiting the asymmetries of the networked world.
RIFT: Why did this book need to be written?
MATT: The original idea came after reading William McRaven’s “Spec Ops: Case Studies in Special Operations: Theory and Practice.” And I thought, “My field needs something like this.” And so I began searching and reading, and came across “Principles of War for the Information Age” by Leonhard, and kept reading more. And while there were great ideas, many of which I used or adapted, there were no guiding principles specific to targeted computer espionage that I could find and therefore, little structured thought as to how to counter it. So, I started writing down ideas with a working draft title of “0wn3d: A Theory of Computer Network Exploitation” and over time I eventually expanded that into the book.
RIFT: What experiences did you draw from in this book?
MATT: It’s not a specific experience per se, but one of the early insights was that detection and adaptation were not included as part of anyone’s attacker lifecycle. I have a slide somewhere that shows 6 or 8 vendor lifecycles, and they all end with “exfiltration” or “mission complete.” We have all witnessed offensive actors adapt, and I felt that needed to be included in any discussion of offensive or defensive operations.
RIFT: Which chapters did you have the most fun writing and why?
MATT: Chapter 7: Offensive Strategy – Because it made me step back and really think about how an adversary could build up a sustained program of offensive operations, and the effort and planning that that requires. That said, my favorite photo is in chapter 2 where I tried to show the “attacker lifecycle” by taking a bunch of Christmas lights and computer cables and dumping them onto the floor for a picture. I really wish the color version could have been in the final print.
RIFT: There’s a recent article which suggested that Coronavirus “Just ripped open every company’s virtual defenses” and that the “ largest cyberattack in HISTORY will happen within the next six months.” What do you think about this?
MATT: My quick reaction is the author underestimates the amount of effort it requires for offensive actors to operate and achieve something. Even if you accept the article’s premise that a lot more companies are vulnerable now, it’s not like there was a dearth of vulnerable organizations before. Yes, Lockheed Martin may have been initially compromised via remote access, but as I wrote in the book, gaining initial access is often the smallest part of the lifecycle. How much time was spent mapping, escalating, and moving throughout the network to find things of value? More potential initial access points does not immediately mean that everyone is going to get hacked. The caveat is I am looking at this from the context of a targeted objective, be that intellectual property theft, specific disruption. Indiscriminate worms may have a larger spreading ground, but if you look at things like NotPetya, I’m not sure the general security posture is significantly worse than it was before.
RIFT: It’s been 5 years since Network Attacks and Exploitation was published (which means it’s been even longer since you wrote it), what’s happened in the last 5 years that you wouldn’t have seen coming?
MATT: My focus was on the strategy and means of offense and defense. I did not give much thought to how stolen information was used after it was acquired. I did not foresee how all of it would become so public. Whether it’s the election influence, the release of toolsets (HackingTeam, Shadow Brokers), or even the most recent alleged attack on an Iranian port, I would not have predicted this to play out in newspapers, never mind the front pages of them.
RIFT: Cybersecurity can feel like a rapidly changing field with new “game changing” threats around every corner. How do you write a book that’s still current by the time that you’ve finished it?
MATT: It depends what your goals are. It’s hard if not impossible to be current if one is focused on the technology. That’s why I and others have tried to focus on things that have slower adaptation rates, i.e. people. In 2013 when I was first writing down thoughts, the idea that a program could beat the world champion at Go seemed distant (at least to me), and yet that happened the year after the book was published. But what didn’t change, and is not going to change, is the human desire to develop and craft better strategies, whether for games or life.
RIFT: What’s your favorite Computer Security / Hacking / Heist film (or scene) and why?
MATT: This question sounds like you are trying to get an answer to reset my password somewhere :-). The scene of Ethan Hunt coming down on wires above the pressure sensitive floor in the first Mission Impossible is classic. It’s a great example of how we all make assumptions (“Someone would need to walk into the room to get access”) without even realizing it.
Check out Matt Monte’s book, “Network Attacks and Exploitation: A Framework”, here.