Wednesday 20 July 2016

A Computer Security Start-Up Turns the Tables on Hackers


Standing before a crowded room of entrepreneurs and investors at a conference in San Francisco last summer, former Vice President Al Gore described how climate change could be contained, possibly even reversed.
Next to take the stage was Kevin Mandia, the founder of Mandiant, a security company acquired by another security company called FireEye, who said nothing could be done to stop hackers from conducting digital attacks.
The juxtaposition did not sit well with Oren Falkowitz, a former analyst at the National Security Agency. “I thought, ‘Really? We can solve global warming but we can’t stop cyberattacks?’” Mr. Falkowitz recalled. He didn’t buy it.
For the last two years, Mr. Falkowitz’s start-up, Area 1 Security, has been trying to persuade the owners and operators of computer servers that have been compromised by state spies, criminals and hacktivists to allow the company to tap into those servers to monitor the attackers’ activities.
Those servers have given the Area 1 team a much clearer picture of who is being targeted and what tools and websites attackers are using. And the security company has started to block attackers, heading them off days or even months before they hit their targets.
It’s a new tack in an industry that in recent years has appeared less confident that it can block digital attacks. Most security start-ups seeking funding today have resigned themselves to the inevitability of a breach and are focused more on identifying an attack as it plays out and praying that they can respond before the perpetrator makes off with something important.
It’s as if everyone in the cybersecurity industry forgot that customers pay them to keep from being hacked in the first place.
Mr. Falkowitz and his co-founders, Blake Darché and Phil Syme, think they have found a new way to turn attackers’ tools against them.
For as long as there have been cyberattacks, hackers have relied on a vast network of compromised servers around the globe to funnel their malicious code, search out targets and steal data. By watching what happens on those compromised servers at dentists’ offices, farms, welding shops and tech companies, Area 1 believes it has secured a unique vantage point for monitoring and even blocking attacks.
Area 1’s technology addresses one of the most pernicious digital threats: so-called spear-phishing attacks, which bait unsuspecting workers into clicking on links in emails and unknowingly giving attackers a toehold in their employers’ systems.
Phishing attacks have become an epidemic. To date, more than 90 percent of breaches have begun with a phishing attack, according to Verizon.
Intelligence experts say that phishing attacks are the preferred method of Chinese hackers who have managed to steal things as varied as nuclear propulsion technology and Silicon Valley’s most guarded software code.
“Oren does not take it as writ law that we have to live that way, and he wanted to do something about it,” said Ted Schlein, a venture capitalist at Kleiner Perkins Caufield & Byers, which has invested in Area 1.
“If we could look every company in the eye and say, ‘We can stop your phishing attacks,’” Mr. Schlein said, “then Oren could look Kevin Mandia in the eye and say, ‘Thanks for the inspiration, but you’re wrong.’”
One of the biggest challenges in combating phishing attacks has been a lack of information-sharing among victims, security firms and law enforcement. Victims are reluctant to publicize security breaches, potentially keeping competitors from heading off similar attacks.
And the role of the government in sharing threat data has been constrained since the former intelligence contractor Edward J. Snowden leaked documents revealing the scale of government monitoring. The Obama administration has been pushing to collect and share more threat data with the private sector. But few companies want to share any more data with the government than they are compelled to by law.
Intelligence agencies say the lack of information-sharing works to attackers’ advantage.
“We are in a very complex digital world that’s only going to get more complex as innovation presents challenges we haven’t even anticipated,” said Daniel Ennis, former director of the Threat Operations Center at the N.S.A. “People have incredible expectations of the government to keep them safe” online.
“My concern is that the bad guys are going to out-innovate us,” he added. “The only way we’re going to out-innovate them is a partnership between the government, the private sector, the victims and academia.”
Until that happens, Area 1 may have found a way to circumnavigate the politics by recruiting the owners of those compromised servers around the globe.
“Cyber is perceived as this ‘Matrix’-like structure, but people forget that it’s also physical in nature,” Mr. Falkowitz said. “The players are not just the attackers and the victim; there’s an entire underbelly of the web that has been subverted.”
Area 1 discovers, on average, 859 new targeting phishing sites a day. Now it can use its unusual vantage point to help its customers stave off attacks.
It is still early days, but Area 1 aims to eventually end phishing attacks altogether, Mr. Falkowitz said. “We just went to Mars and found water, and people are saying we can’t solve this?”