Today Active Directory Security has become mission-critical to organizational security worldwide and thus mission-critical to Cyber Security worldwide. On this blog, former Microsoft Program Manager for Active Directory Security, and today, CEO of Paramount Defenses, shares valuable technical insights on Active Directory Security.

Gold Finger The Paramount Brief Gold Finger Mini World Peace

Sunday, September 1, 2013

Declassifying #1 Cyber Security Risk to Active Directory - Final Countdown


As we were getting ready to declassify the #1 cyber security risk to Active Directory deployments worldwide today, we received a request to consider delaying its declassification, in light of the possibility of more cyber attacks from the Syrian Electronic Army (SEA), as Washington mulls possible military action against Syria.

About the Syrian Electronic Army

According to Wikipedia the Syrian Electronic Army is a collection of pro-government computer hackers aligned with the Syrian President -

"The Syrian Electronic Army (SEA), also known as the Syrian Electronic Soldiers, is a collection of pro-government computer hackers aligned with Syrian President Bashar al-Assad. Using denial of service attacks, defacement, and other methods, it mainly targets political opposition groups and western websites, including news organizations and human rights groups. The Syrian Electronic Army is the first public, virtual army in the Arab world to openly launch cyber attacks on its opponents, though the precise nature of its relationship with the Syrian government is debated."

Earlier last week, the Syrian Electronic Army disrupted major media websites, including that of the New York Times.

In recent months, the Syrian Electronic Army has taken credit for Web attacks on media targets that it sees as sympathetic to Syria's rebels, including prior attacks at the New York Times, along with the Washington Post, Agence France-Press, 60 Minutes, CBS News, National Public Radio, The Associated Press, Al-Jazeera English and the BBC.

Although their attacks have been thus far been simplistic (DDOS), one of the latest ones was a sophisticated spear phishing attack, they thus do seem capable of attempting sophisticated attacks, especially if they might be receiving technical assistance from the Russians, the Iranians, or others.

Quoting, Helmi Noman, a senior researcher at the Citizen Lab, Munk School of Global Affairs at the University of Toronto, who has been tracking the Syrian Electronic Army since May 2011-  "They said they are determined to escalate attacks on websites belonging to the United States, European countries and all the countries preparing a possible military action against Syria," Noman said. He also said that "This suggests that the group will try to carry out more serious attacks."

Just this morning, the Syrian Electronic Army hacked the website of

As Washington mulls possible military action in Syria, the next few few days are sensitive.

Abundance of Caution

The entity that made this request has expressed concern that the Syrian Electronic Army, or their allies, could potentially misuse such new information to develop and deploy exploits possibly aimed at attacking corporate infrastructures of major media outlets as well as military agencies and business organizations (, both that of the US, and those of its partners, notably England, France, Australia and others.)

Although, there are already numerous other attack vectors (such as the Pass-the-Hash attack) that are publicly known, out of an abundance of caution, as patriots, we have decided to honor the request, and postpone the declassification of this risk by 9 days.

Our stance on this is that the SEA is not the only malicious entity out there, and that others might already know about this attack vector. Furthermore, we do not expect organizations to rely on "security by obscurity" because they should know that advanced malicious perpetrators are highly skilled, informed and capable these days. (In fact, the only reason we are making this public is because we have reason to believe that at least one prominent advanced persistent threat may have already figured this out.)

Final Declassification Date

The final declassification date is September 12, 2013.

This is the very LAST time we are postponing this. To demonstrate our earnestness, here is a link to a password-protected version of the document we were about to declassify. On Sep 12, we will share the password, and you will see that the document is identical to the one we declassify that day. (If you can guess the password, you can access it right away.)

This is the Final countdown.

Thank you for your patience. Come rain, wind, war or shine, we will not change the date again.

Here is the link to the declassified risk -

Best wishes,

No comments:

Post a Comment