DOCSLIB.ORG

Cisco 2009 Midyear Security Report

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Cisco 2009 Midyear Security Report An update on global security threats and trends 1 Introduction 4 Online Security Risks 16 Vulnerabilities Cause for Concern: Technical Innovation and Trends The Weak Links in Social Networking of Online Criminals Malware: Conficker Combines Old Mac OS: Online Criminals Move Beyond Windows Cause for Concern: Criminal Sophistication and New Threats Cloud Computing: Protecting Data in the Cloud and Collaboration Prolific Spammers Caught and Indicted Productivity Applications: Targets of Cause for Optimism: Organizations Collaborate “Spamdexing”: SEO for Online Criminals Zero-Day Exploits to Shut Down Online Threats Financial Information Targeted by Top Alerts: January–June 2009 DNS Poisoning Web 2.0 Security: Filtering Dangerous Content Recent Social Engineering Spam Campaign: Swine Flu Conversations with a Botmaster 20 Data Loss and Compliance Botnets: The Rise — and Fall — of Data Loss Srizbi/Reactor Mailer Identity Theft The Takedown of Srizbi/Reactor Mailer Data Breaches Waledac: Storm 2.0 Insiders Battling the Botnets Web 2.0 Collaboration Quandaries and Mobile Device Threats: Text Message Scams Mobile Device Dilemmas U.S. Government: A New Administration, Compliance a New Focus on Cybersecurity HIPAA Gets HITECH The President’s Smart Phone “Addiction” New “Red Flags” Rules Technology: An Engine of U.S. Growth for the Securing Data Next “New Economy” Policies Geopolitical: Twitter Users Are Broadcasting the Revolution Economic Instability and Online Security 25 Conclusion and Recommendations Conclusion Security Community Making Strides Trends to Watch Spam to Return to Record High Levels More Attacks on Legitimate Websites Social Networking Attacks to Continue Recommendations Cisco Security Intelligence Operations All contents are Copyright © 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. As the global economy struggles to regain its footing, Security industry watchers also point to the methods Introduction one moneymaking sector remains healthy—online crime. used by Conficker to propagate and create the botnet. This sector embraces technical innovation, collaborates Instead of using newer approaches that involve social with like-minded enterprises to develop new strategies engineering, or delivering the payload via email or the for generating income, and continues to demonstrate Internet, Conficker’s creators exploited a vulnerability in adoption of the best legitimate business strategies to the Windows operating system. This was an “old-school” maximize profits. method that may not have seemed threatening, given Criminal sophistication and business acumen have the preponderance of new tactics for online scams. increased since the publication of the Cisco 2008 Annual Conficker’s creators appear to have recognized that Security Report. For instance, criminal enterprises are their entry point into computer systems might yield more innovating new business models with the creators of satisfying results. botnets—networks of compromised computers that It’s safe to say online attacks will continue to showcase can carry out the bidding of online scammers. These the most cutting-edge technology—and criminals will innovations include “botnets as a service,” a sobering spin try to use older tactics in new ways. Criminals are also on the software-as-a-service trend that has spread across closely watching security researchers and learning from the technology sector. their methods for thwarting attacks, putting the “good guy” “We see many signs that criminals are mimicking the knowledge to use so their next attack can evade existing practices embraced by successful, legitimate businesses protections. to reap revenue and grow their enterprises,” said Tom Cause for Concern: Criminal ® Gillis, Vice President and General Manager of Cisco The Cisco Midyear Security Report Security Products. “It seems the best practices espoused Sophistication and Collaboration presents an overview of Cisco security by Fortune magazine and Harvard Business School have “Bad guys” are aggressively collaborating, selling each other their wares, and developing expertise in specific intelligence, highlighting threat information found their way into the online underworld.” tactics and technologies. Specialization makes it tougher and trends from the first half of 2009. The Cause for Concern: Technical to shut down illegal activity, because there are many report also includes recommendations from Innovation of Online Criminals players in this ecosystem. Cisco security experts and predictions of The technical innovation and capabilities of online Consider the collaboration between the creators of two criminals are remarkable. The Conficker worm, which large botnets, Conficker and Waledac see( page 10). In how identified trends will evolve. began infecting computer systems in late 2008 and early April, the Conficker botnet monetized itself by delivering 2009 (and is still infecting thousands of new systems daily), the Waledac malware via Conficker’s own hosts, along with provides the best example. Several million computer scareware—scam software sold to consumers based systems have been under Conficker’s control at some on their (often unnecessary) fear of a potential threat—to time as of June 2009, which means the worm appears to generate revenue from victims. In other words, Conficker have created the largest botnet to date. (Read more about served as a large-scale distributor for Waledac’s wares. Conficker on page 4.) All contents are Copyright © 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Cisco 2009 Midyear Security Report 1 The Conficker-Waledac collaboration is an example of the researchers learned that botnets can be sold off at a given networked and persistent threats that will likely become price per “node” or infected system. As botnet creators more prevalent. The threats are networked because they become more capable of operating in stealth mode for involve at least two enterprises collaborating with each longer periods of time, they will be able to earn more other for illegal purposes, and they are persistent because money before the botnets are detected and dismantled. the same attacks are launched from the same hosts over Depending on situation and opportunity, those who a long period of time—which means they can inflict engage in online attacks have also been known to both greater damage. collaborate with, and target, each other. One security Cisco security experts expect to see cyber criminals researcher discovered that a major botmaster used an engaging in similar joint ventures in the coming months. online forum to ask other criminals for help after his own In fact, they have located online advertisements that offer botnet was hacked. other criminals the ability to access existing botnets. In a recent online conversation with a botmaster, Cisco Cause for Optimism: Organizations Collaborate to Shut Down Online Threats As online criminals constantly adapt and refine their techniques for reaping illegal revenue, security profes- sionals and individual computer users must become even more sophisticated in their own approaches to combating security threats. There are encouraging signs that aggressive “good guy” collaboration can succeed. The Conficker Working Group is an excellent example. The group was founded in early 2009 as the Conficker botnet continued to spread, and now boasts more than 100 security organizations (including Cisco) as members. The group’s website (www.confickerworkinggroup.org) publicizes news about recent Conficker infections, the latest patches to block the Conficker worm, and tests to check for infection. The collaborative efforts of Conficker members helped disrupt most of the worm’s activities earlier this year (see page 5). As these advertisements indicate, online criminals see revenue opportunity in selling or renting out botnets. 2 Cisco 2009 Midyear Security Report All contents are Copyright © 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Another positive example is the crippling of the Srizbi/ According to the Cyberspace Policy Review report Reactor Mailer botnet (see page 9). One Internet hosting released by the White House in May 2009, the United company, McColo, hosted the Reactor Mailer command States looks to “harness the full benefits of innovation to and control infrastructure that controlled Srizbi/Reactor address cybersecurity concerns . [and] develop the Mailer. After an aggressive campaign documenting policies, processes, people, and technology required to McColo’s activities, the company’s upstream Internet mitigate cybersecurity-related risks.” The report also notes providers terminated McColo’s service. Once McColo that the country “faces the dual challenge of maintaining was shut down, worldwide spam volumes plummeted. an environment that promotes efficiency, innovation, However, Srizbi/Reactor Mailer was able to shift its economic prosperity, and free trade while also promoting operations to a hosting company based in Estonia, and safety, security, civil liberties, and privacy rights.” spam volumes originating from the botnet rose until The United States is not alone in its desire to improve Microsoft’s Malicious Software Removal Tool (MSRT) cybersecurity and prevent cyber criminals from achieving disabled the majority of the bots. The availability of the success. Because these are issues of global concern, it is MRST demonstrates how coordinated
Recommended publications
  • Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress

    Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress

    Order Code RL32114 Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Updated January 29, 2008 Clay Wilson Specialist in Technology and National Security Foreign Affairs, Defense, and Trade Division Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Summary Cybercrime is becoming more organized and established as a transnational business. High technology online skills are now available for rent to a variety of customers, possibly including nation states, or individuals and groups that could secretly represent terrorist groups. The increased use of automated attack tools by cybercriminals has overwhelmed some current methodologies used for tracking Internet cyberattacks, and vulnerabilities of the U.S. critical infrastructure, which are acknowledged openly in publications, could possibly attract cyberattacks to extort money, or damage the U.S. economy to affect national security. In April and May 2007, NATO and the United States sent computer security experts to Estonia to help that nation recover from cyberattacks directed against government computer systems, and to analyze the methods used and determine the source of the attacks.1 Some security experts suspect that political protestors may have rented the services of cybercriminals, possibly a large network of infected PCs, called a “botnet,” to help disrupt the computer systems of the Estonian government. DOD officials have also indicated that similar cyberattacks from individuals and countries targeting economic,
  • The Internet and Drug Markets

    The Internet and Drug Markets

    INSIGHTS EN ISSN THE INTERNET AND DRUG MARKETS 2314-9264 The internet and drug markets 21 The internet and drug markets EMCDDA project group Jane Mounteney, Alessandra Bo and Alberto Oteo 21 Legal notice This publication of the European Monitoring Centre for Drugs and Drug Addiction (EMCDDA) is protected by copyright. The EMCDDA accepts no responsibility or liability for any consequences arising from the use of the data contained in this document. The contents of this publication do not necessarily reflect the official opinions of the EMCDDA’s partners, any EU Member State or any agency or institution of the European Union. Europe Direct is a service to help you find answers to your questions about the European Union Freephone number (*): 00 800 6 7 8 9 10 11 (*) The information given is free, as are most calls (though some operators, phone boxes or hotels may charge you). More information on the European Union is available on the internet (http://europa.eu). Luxembourg: Publications Office of the European Union, 2016 ISBN: 978-92-9168-841-8 doi:10.2810/324608 © European Monitoring Centre for Drugs and Drug Addiction, 2016 Reproduction is authorised provided the source is acknowledged. This publication should be referenced as: European Monitoring Centre for Drugs and Drug Addiction (2016), The internet and drug markets, EMCDDA Insights 21, Publications Office of the European Union, Luxembourg. References to chapters in this publication should include, where relevant, references to the authors of each chapter, together with a reference to the wider publication. For example: Mounteney, J., Oteo, A. and Griffiths, P.
  • A the Hacker

    A the Hacker

    A The Hacker Madame Curie once said “En science, nous devons nous int´eresser aux choses, non aux personnes [In science, we should be interested in things, not in people].” Things, however, have since changed, and today we have to be interested not just in the facts of computer security and crime, but in the people who perpetrate these acts. Hence this discussion of hackers. Over the centuries, the term “hacker” has referred to various activities. We are familiar with usages such as “a carpenter hacking wood with an ax” and “a butcher hacking meat with a cleaver,” but it seems that the modern, computer-related form of this term originated in the many pranks and practi- cal jokes perpetrated by students at MIT in the 1960s. As an example of the many meanings assigned to this term, see [Schneier 04] which, among much other information, explains why Galileo was a hacker but Aristotle wasn’t. A hack is a person lacking talent or ability, as in a “hack writer.” Hack as a verb is used in contexts such as “hack the media,” “hack your brain,” and “hack your reputation.” Recently, it has also come to mean either a kludge, or the opposite of a kludge, as in a clever or elegant solution to a difficult problem. A hack also means a simple but often inelegant solution or technique. The following tentative definitions are quoted from the jargon file ([jargon 04], edited by Eric S. Raymond): 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.
  • Fortinet's March Threatscape Report Shows Domination of Ransomware and Troublesome Zero-Day

    Fortinet's March Threatscape Report Shows Domination of Ransomware and Troublesome Zero-Day

    Fortinet's March Threatscape Report Shows Domination of Ransomware and Troublesome Zero-Day Rise of Ransomware Is Primarily Driven by Bredolab and Pushdo Botnets SUNNYVALE, CA, Apr 01, 2010 (MARKETWIRE via COMTEX News Network) -- Fortinet(R) (NASDAQ: FTNT) -- a leading network security provider and worldwide leader of unified threat management (UTM) solutions -- today announced its March 2010 Threatscape report showed domination of ransomware threats with nine of the detections in the malware top ten list resulting in either scareware or ransomware infesting the victim's PC. Fortinet observed the primary drivers behind these threats to be two of the most notorious botnet "loaders" -- Bredolab and Pushdo. Another important finding is the aggressive entrance of a new zero-day threat in FortiGuard's top ten attack list, MS.IE.Userdata.Behavior.Code.Execution, which accounted for 25 percent of the detected activity last month. Key threat activities for the month of March include: -- SMS-based Ransomware High Activity: A new ransomware threat -- W32/DigiPog.EP -- appeared in Fortinet's top ten malware list. DigiPog is an SMS blocker using Russian language, locking out a system and aggressively killing off popular applications like Internet Explorer and Firefox until an appropriate code is entered into a field provided to the user. To obtain the code, a user must send an SMS message to the provided number, receiving a code in return. Upon execution, DigiPog registers the user's MAC address with its server. It is the first time that SMS-based ransomware enters Fortinet's top ten list, showing that the rise of ransomware is well on its way.
  • Fully Automatic Link Spam Detection∗ Work in Progress

    Fully Automatic Link Spam Detection∗ Work in Progress

    SpamRank – Fully Automatic Link Spam Detection∗ Work in progress András A. Benczúr1,2 Károly Csalogány1,2 Tamás Sarlós1,2 Máté Uher1 1 Computer and Automation Research Institute, Hungarian Academy of Sciences (MTA SZTAKI) 11 Lagymanyosi u., H–1111 Budapest, Hungary 2 Eötvös University, Budapest {benczur, cskaresz, stamas, umate}@ilab.sztaki.hu www.ilab.sztaki.hu/websearch Abstract Spammers intend to increase the PageRank of certain spam pages by creating a large number of links pointing to them. We propose a novel method based on the concept of personalized PageRank that detects pages with an undeserved high PageRank value without the need of any kind of white or blacklists or other means of human intervention. We assume that spammed pages have a biased distribution of pages that contribute to the undeserved high PageRank value. We define SpamRank by penalizing pages that originate a suspicious PageRank share and personalizing PageRank on the penalties. Our method is tested on a 31 M page crawl of the .de domain with a manually classified 1000-page stratified random sample with bias towards large PageRank values. 1 Introduction Identifying and preventing spam was cited as one of the top challenges in web search engines in a 2002 paper [24]. Amit Singhal, principal scientist of Google Inc. estimated that the search engine spam industry had a revenue potential of $4.5 billion in year 2004 if they had been able to completely fool all search engines on all commercially viable queries [36]. Due to the large and ever increasing financial gains resulting from high search engine ratings, it is no wonder that a significant amount of human and machine resources are devoted to artificially inflating the rankings of certain web pages.
  • The Downadup Codex a Comprehensive Guide to the Threat’S Mechanics

    The Downadup Codex a Comprehensive Guide to the Threat’S Mechanics

    Security Response The Downadup Codex A comprehensive guide to the threat’s mechanics. Edition 2.0 Introduction Contents Introduction.............................................................1 Since its appearance in late-2008, the Downadup worm has become Editor’s Note............................................................5 one of the most wide-spread threats to hit the Internet for a number of Increase in exploit attempts against MS08-067.....6 years. A complex piece of malicious code, this threat was able to jump W32.Downadup infection statistics.........................8 certain network hurdles, hide in the shadows of network traffic, and New variants of W32.Downadup.B find new ways to propagate.........................................10 defend itself against attack with a deftness not often seen in today’s W32.Downadup and W32.Downadup.B threat landscape. Yet it contained few previously unseen features. What statistics................................................................12 set it apart was the sheer number of tricks it held up its sleeve. Peer-to-peer payload distribution...........................15 Geo-location, fingerprinting, and piracy...............17 It all started in late-October of 2008, we began to receive reports of A lock with no key..................................................19 Small improvements yield big returns..................21 targeted attacks taking advantage of an as-yet unknown vulnerability Attempts at smart network scanning...................23 in Window’s remote procedure call (RPC) service. Microsoft quickly Playing with Universal Plug and Play...................24 released an out-of-band security patch (MS08-067), going so far as to Locking itself out.................................................27 classify the update as “critical” for some operating systems—the high- A new Downadup variant?......................................29 Advanced crypto protection.................................30 est designation for a Microsoft Security Bulletin.
  • Post-Mortem of a Zombie: Conficker Cleanup After Six Years Hadi Asghari, Michael Ciere, and Michel J.G

    Post-Mortem of a Zombie: Conficker Cleanup After Six Years Hadi Asghari, Michael Ciere, and Michel J.G

    Post-Mortem of a Zombie: Conficker Cleanup After Six Years Hadi Asghari, Michael Ciere, and Michel J.G. van Eeten, Delft University of Technology https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/asghari This paper is included in the Proceedings of the 24th USENIX Security Symposium August 12–14, 2015 • Washington, D.C. ISBN 978-1-939133-11-3 Open access to the Proceedings of the 24th USENIX Security Symposium is sponsored by USENIX Post-Mortem of a Zombie: Conficker Cleanup After Six Years Hadi Asghari, Michael Ciere and Michel J.G. van Eeten Delft University of Technology Abstract more sophisticated C&C mechanisms that are increas- ingly resilient against takeover attempts [30]. Research on botnet mitigation has focused predomi- In pale contrast to this wealth of work stands the lim- nantly on methods to technically disrupt the command- ited research into the other side of botnet mitigation: and-control infrastructure. Much less is known about the cleanup of the infected machines of end users. Af- effectiveness of large-scale efforts to clean up infected ter a botnet is successfully sinkholed, the bots or zom- machines. We analyze longitudinal data from the sink- bies basically remain waiting for the attackers to find hole of Conficker, one the largest botnets ever seen, to as- a way to reconnect to them, update their binaries and sess the impact of what has been emerging as a best prac- move the machines out of the sinkhole. This happens tice: national anti-botnet initiatives that support large- with some regularity. The recent sinkholing attempt of scale cleanup of end user machines.
  • PC Anti-Virus Protection 2011

    PC Anti-Virus Protection 2011

    PC Anti-Virus Protection 2011 12 POPULAR ANTI-VIRUS PROGRAMS COMPARED FOR EFFECTIVENESS Dennis Technology Labs, 03/08/2010 www.DennisTechnologyLabs.com This test aims to compare the effectiveness of the most recent releases of popular anti-virus software1. The products include those from Kaspersky, McAfee, Microsoft, Norton (Symantec) and Trend Micro, as well as free versions from Avast, AVG and Avira. Other products include those from BitDefender, ESET, G-Data and K7. The tests were conducted between 07/07/2010 and 22/07/2010 using the most up to date versions of the software available. A total of 12 products were exposed to genuine internet threats that real customers could have encountered during the test period. Crucially, this exposure was carried out in a realistic way, reflecting a customer’s experience as closely as possible. For example, each test system visited real, infected websites that significant numbers of internet users were encountering at the time of the test. These results reflect what would have happened if those users were using one of the seven products tested. EXECUTIVE SUMMARY Q Products that block attacks early tended to protect the system more fully The nature of web-based attacks means that the longer malware has access to a system, the more chances it has of downloading and installing further threats. Products that blocked the malicious and infected websites from the start reduced the risk of compromise by secondary and further downloads. Q 100 per cent protection is rare This test recorded an average protection rate of 87.5 per cent. New threats appear online frequently and it is inevitable that there will be times when specific security products are unable to protect from some of these threats.
  • The Botnet Chronicles a Journey to Infamy

    The Botnet Chronicles a Journey to Infamy

    The Botnet Chronicles A Journey to Infamy Trend Micro, Incorporated Rik Ferguson Senior Security Advisor A Trend Micro White Paper I November 2010 The Botnet Chronicles A Journey to Infamy CONTENTS A Prelude to Evolution ....................................................................................................................4 The Botnet Saga Begins .................................................................................................................5 The Birth of Organized Crime .........................................................................................................7 The Security War Rages On ........................................................................................................... 8 Lost in the White Noise................................................................................................................. 10 Where Do We Go from Here? .......................................................................................................... 11 References ...................................................................................................................................... 12 2 WHITE PAPER I THE BOTNET CHRONICLES: A JOURNEY TO INFAMY The Botnet Chronicles A Journey to Infamy The botnet time line below shows a rundown of the botnets discussed in this white paper. Clicking each botnet’s name in blue will bring you to the page where it is described in more detail. To go back to the time line below from each page, click the ~ at the end of the section. 3 WHITE
  • MODELING the PROPAGATION of WORMS in NETWORKS: a SURVEY 943 in Section 2, Which Set the Stage for Later Sections

    MODELING the PROPAGATION of WORMS in NETWORKS: a SURVEY 943 in Section 2, Which Set the Stage for Later Sections

    942 IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 16, NO. 2, SECOND QUARTER 2014 Modeling the Propagation of Worms in Networks: ASurvey Yini Wang, Sheng Wen, Yang Xiang, Senior Member, IEEE, and Wanlei Zhou, Senior Member, IEEE, Abstract—There are the two common means for propagating attacks account for 1/4 of the total threats in 2009 and nearly worms: scanning vulnerable computers in the network and 1/5 of the total threats in 2010. In order to prevent worms from spreading through topological neighbors. Modeling the propa- spreading into a large scale, researchers focus on modeling gation of worms can help us understand how worms spread and devise effective defense strategies. However, most previous their propagation and then, on the basis of it, investigate the researches either focus on their proposed work or pay attention optimized countermeasures. Similar to the research of some to exploring detection and defense system. Few of them gives a nature disasters, like earthquake and tsunami, the modeling comprehensive analysis in modeling the propagation of worms can help us understand and characterize the key properties of which is helpful for developing defense mechanism against their spreading. In this field, it is mandatory to guarantee the worms’ spreading. This paper presents a survey and comparison of worms’ propagation models according to two different spread- accuracy of the modeling before the derived countermeasures ing methods of worms. We first identify worms characteristics can be considered credible. In recent years, although a variety through their spreading behavior, and then classify various of models and algorithms have been proposed for modeling target discover techniques employed by them.
  • Compu Talk Vol

    Compu Talk Vol

    Sri Sathya Sai College for Women, Bhopal 2017 A newsletter from the Dept. of Computer Sci. & Appl. Compu Talk Vol. III Cyber Security job oppurtunities Botnet Department of Computer Computer Network Science and Application Firewall Departmental News Now Trending: including smartphones, televisions and tiny devices and integration of these as part of the Job Opportunities under the Cyber Internet of Things. Boom in cyber threats has Security Umbrella been an integral part of boom in information technology . Cyber security also known in simpler terms as computer security or IT security involves the Typical cyber security job titles and protection of computer systems from theft, descriptions may include the following: damage or destruction of 1. Security Analyst their hardware, software, data and information, as well from disruption, misuse or A Security Analyst analyzes and assesses misdirection of the services provided through vulnerabilities in the infrastructure which them to cause damage to the fellow humans or includes software, hardware and the society. associated networks. He/she performs The role of cyber security involves investigation using available tools, suggests controlling or limiting physical access to the counter-measures to remedy the detected hardware, as well as protecting them against any vulnerabilities, and recommends solutions harm or attack that may come via network and best practices. He/she analyzes and access intrusion, data insertion and code assesses the damage done to the injection and remote control. IT security is data/infrastructure as a result of security susceptible to being tricked into deviating from incidents, examines available recovery tools secure procedures through various methods. and processes, and recommends solutions.
  • Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism

    Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism

    Journal of Strategic Security Volume 6 Number 5 Volume 6, No. 3, Fall 2013 Supplement: Ninth Annual IAFIE Article 3 Conference: Expanding the Frontiers of Intelligence Education Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism Gary Adkins The University of Texas at El Paso Follow this and additional works at: https://scholarcommons.usf.edu/jss pp. 1-9 Recommended Citation Adkins, Gary. "Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism." Journal of Strategic Security 6, no. 3 Suppl. (2013): 1-9. This Papers is brought to you for free and open access by the Open Access Journals at Scholar Commons. It has been accepted for inclusion in Journal of Strategic Security by an authorized editor of Scholar Commons. For more information, please contact [email protected]. Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism This papers is available in Journal of Strategic Security: https://scholarcommons.usf.edu/jss/vol6/iss5/ 3 Adkins: Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism Gary Adkins Introduction The world has effectively exited the Industrial Age and is firmly planted in the Information Age. Global communication at the speed of light has become a great asset to both businesses and private citizens. However, there is a dark side to the age we live in as it allows terrorist groups to communicate, plan, fund, recruit, and spread their message to the world. Given the relative anonymity the Internet provides, many law enforcement and security agencies investigations are hindered in not only locating would be terrorists but also in disrupting their operations.