The Financial Express (Delhi Edition)
A computer security start-up turns tables on hackers
June 13: Standing before a crowded room of entrepreneurs and investors at a conference in San Francisco last summer, former Vice President Al Gore described how climate change could be contained, possibly even reversed.
Next to take the stage was Kevin Mandia, the founder of Mandiant, a security company acquired by another security company called FireEye, who said nothing could be done to stop hackers from conducting digital attacks.
The juxtaposition did not sit well with Oren Falkowitz, a former analyst at the National Security Agency. “I thought, ‘Really? We can solve global warming but we can’t stop cyberattacks?’” Falkowitz recalled. He didn’t buy it.
For the last two years, Falkowitz’s start-up, Area 1 Security, has been trying to persuade the owners and operators of computer servers that have been compromised by state spies, criminals and hacktivists to allow the company to tap into those servers to monitor the attackers’ activities.
Those servers have given the Area 1 team a much clearer picture of who is being targeted and what tools and websites attackers are using. And the security company has started to block attackers, heading them off days or even months before they hit their targets.
It’s a new tack in an industry that in recent years has appeared less confident that it can block digital attacks. Most security start-ups seeking funding today have resigned themselves to the inevitability of a breach and are focused more on identifying an attack as it plays out and praying that they can respond before the perpetrator makes off with something important.
It’s as if everyone in the cybersecurity industry forgot that customers pay them to keep from being hacked in the first place.
Falkowitz and his cofounders, Blake Darché and Phil Syme, think they have found a new way to turn attackers’ tools against them.
For as long as there have been cyberattacks, hackers have relied on a vast network of compromised servers around the globe to funnel their malicious code, search out targets and steal data. By watching what happens on those compromised servers at dentists’ offices, farms, welding shops and tech companies, Area 1 believes it has secured a unique vantage point for monitoring and even blocking attacks.
Area 1’s technology addresses one of the most pernicious digital threats: socalled spear-phishing attacks, which bait unsuspecting workers into clicking on links in emails and unknowingly giving attackers a toehold in their employers’ systems.
Phishing attacks have become an epidemic. To date, more than 90% of breaches have begun with a phishing attack, according to Verizon.
Intelligence experts say that phishing attacks are the preferred method of Chinese hackers who have managed to steal things as varied as nuclear propulsion technology and Silicon Valley’s most guarded software code.
“Oren does not take it as writ law that we have to live that way, and he wanted to do something about it,” said Ted Schlein, a venture capitalist at Kleiner Perkins Caufield & Byers, which has invested in Area 1.
“If we could look every company in the eye and say, ‘We can stop your phishing attacks,’” Schlein said, “then Oren could look Kevin Mandia in the eye and say, ‘Thanks for the inspiration, but you’re wrong.’”
One of the biggest challenges in combating phishing attacks has been a lack of information-sharing among victims, security firms and law enforcement. Victims are reluctant to publicize security breaches, potentially keeping competitors from heading off similar attacks.
And the role of thegovernment in sharing threat data has been constrained since the former intelligence contractor Edward J Snowden leaked documents revealing the scale of government monitoring. The Obama administration has been pushing to collect and share more threat data with the private sector. But few companies want to share any more data with the government than they are compelled to by law.
Intelligence agencies say the lack of informationsharing works to attackers’ advantage.
“We are in a very complex digital world that’s only going to get more complex as innovation presents challenges we haven’t even anticipated,” said Daniel Ennis, former director of the Threat Operations Center at the NSA.
“People have incredible expectations of the government to keep them safe” online.