Security Market Segment LS
Wednesday, 31 May 2017 11:03

Tech pro cautions on attribution of cyber attacks Featured


Anyone attributing cyber attacks to Russia or any other country or hacker group should proceed with the utmost caution, the chief technology officer of data protection and insider threats at security provider Forcepoint says.

Brandon Swafford told iTWire during an informal chat that there could be various reasons as to why various charges were being flung this way and that in the US.

In recent days, two security companies, Symantec and Kaspersky Lab, have attempted to lay blame for the recent WannaCry ransomware attack on a group that has been connected to North Korea.

Prior to that, iTWire has been sent detailed studies by the companies SecureWorks and Trend Micro which have attempted to lay blame on Russia for the hacks of the Democrat National Committee's emails last year.

And Kaspersky Lab has been under attack in the US, with doubts being raised as to whether the software produced by his company should be used in the US public sector.

Brandon SwaffordSwafford said, as far as he was concerned, he needed to see proof: emails, communications, trusted witnesses who could testify under oath and the like. Else, he said he would prefer to reserve judgement.

He added that as far as he could see, nothing definitive had yet emerged to blame one country or party for the DNC attacks or the WannaCry episode.

Before Swafford joined Forcepoint, he was a security product manager and insider threat analyst for the world’s largest hedge fund located in Connecticut.

He has also been a cyber counter-intelligence consultant and analyst across several agencies in the classified space. In this role, he was responsible for deploying insider threat collection platforms and worked closely with the National Insider Threat Task Force and the National Counter-Intelligence Executive to contribute to national-level guidance on insider threat detection techniques and technology.

Asked whether there was a need for change in the US government's policy on disclosing cyber vulnerabilities which were discovered by any of its agencies, Swafford said he was not at liberty to comment given his position.

Last year, following attacks on the DNS provider Dynamic Network Services, the Mozilla Foundation called on the White House to put in place bug bounties for those who found flaws in Internet-connected devices.

There has also been debate about the NSA's retention of vulnerabilities which ultimately were leaked and used to attack businesses and other organisations. This runs contrary to published US government policy.

Swafford said his role at Forcepoint revolved more around the human element in data protection, hunting out malicious users and understanding the human behaviour that led to data breaches.

With regard to the whole Russian business, he said he hoped that one day it would all become clear, adding that he was at a loss sometimes to know who should be trusted.

The head of one security company, Immunity, has been arguing that there should be no change in the government's policy of security flaw disclosure. Dave Aitel's company makes use of undisclosed vulnerabilities to sell security products, disclosing the flaws to his customers but not to the company whose products are flawed.

Asked about this, Swafford said it was not a new practice and that many companies had similar business models, citing the case of a company named Endgame.

He said that the business models adopted by others was not his concern; his job was to ensure his customers were protected and do necessary research so that his customers were not vulnerable.

In 2014, the US Department of Justice indicted five people who worked for China's People's Liberation Army. And earlier this year, two Russian FSB officers were indicted along with two other hackers.

Asked what level of proof would be needed for indictments such as these, Swafford said there would need to be evidence that a judge was convinced would hold up in court. Only if he was convinced, would such indictments be issued, he added.

Forcepoint is owned by US defence contractor Raytheon and was previously known as Websense and Raytheon/Websense.


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments