Former Scotland Yard detective discusses cybercrime and threat intelligence

Steve Santorelli, passionate about Internet security and committed to bringing folks together to attack the problem in many ways.

By Richard Starnes
April 5, 2016

You are the director of analysis and outreach for Team Cymru, a not-for-profit cybersecurity research firm, could you tell us a bit about how your firm came to be and what it does?

We were founded over a decade ago by four geeks who became obsessed with understanding the motivations behind the early denial of service and malware attacks. What makes us unique is that, from the very early days, we have been entirely mission focused as opposed to profit centered. Our motive has always been to 'save and improve human lives' and we really cleave to that in everything we do. We have the support we need to do (somewhat) crazy things that don't generate any profit, but benefit the infosec community and frankly, need to be done by someone to prevent the criminals from utterly ruining the Internet for the next generation. That's why we get to attract so many talented people: you bring your 'A-game' every day and you get to really see the difference you make to the Internet, not just a spreadsheets bottom line.

4) What are your thoughts about the recent cyberattacks on the Ukrainian power grid and Kiev Airport? Are we seeing the start of cyberterrorism or is this nation state posturing using vulnerable technology as a diplomatic weapon? Perhaps a bit of both?

It's an inevitable evolution in motivation but one that is actually a natural progression of the second oldest profession in the world. We've been seeing this kind of attack since the Georgian and Balkan conflicts, the attack surface is now much broader and the skillset needed by the attacks is commensurately lower in that they can outsource a lot of the tools needed, buy them in or simply deploy automated tools to look for that single mistake that gives them the foothold they need. I often reflect back on this quote from the IRA after the Brighton Bombing: "Today we were unlucky. But remember, we only have to be lucky once - you will have to be lucky always."...its as relevant today in the cybercrime fight as it was back then, all it takes is one error on our part, one missed anomaly and we might miss our chance to prevent something horrific. 

A question you yourself would like to be asked... Is there any hope for the future of the Internet?

Not really. We have been talking about this for years and the fundamental dichotomy relates to funding and collaboration. The miscreants are light years ahead of the Internet security community in terms of their R&D budgets and the maturity of their marketing and sales operations. They don't need the MLAT procedure and a book worth of paperwork for the simplest of tasks.

Previous Page  1  2  3  4  Next Page