Home » News » Confessions Of A Nation-State Penetration Tester — Facing Centralized Technology

Confessions Of A Nation-State Penetration Tester — Facing Centralized Technology

Spread the love

I was a developer and cybersecurity expert for a government-level institution. My responsibilities included various implementations in the area of THIS and cybersecurity.

It started with adding and implementing various technology such as intrusion detection systems. That is, detecting attacks and tracking down malicious packages in the network in real-time, deducting them, and implementing countermeasures on a physical and routing protocol layer.  

Fundamentally, I worked on everything associated with modern (government) technology from a security standpoint. These incorporated threats in cyberspace, like attack scenarios and the attack areas which malicious actors might exploit.  

Seeing it all from the inside

I learned a great deal about the technologies available to state actors in the field of OpSec.

For example , technologies exist that inject small pieces of data into malicious data packages. Thus, allowing authorities to collect information regarding the source plus destination of the package.

With our clearance, we could communicate with various internet service providers plus centralized network relay nodes. You would track the malicious packets to the final location and learn about where everything came from.  

If someone, for example , were hiding behind the virtual private network or various proxy redirecting protocols, I would track the package on the physical coating. So , we were still in a position to determine where the package came from.  

We would study man-in-the-middle attacks. We would determine within real-time how we could secret agent on two connections to understand how malicious actors believe and execute attacks.

As part of our duties, all of us also trained those doing work in other government departments. These included teaching law enforcement firms and others about tracking cybercriminals.

Over the years working in the OpSec field, I came to understand a lot about how the world functions. I learned there is a cyber war going on.

Risks in cyberspace are growing past the rate and scope that will countermeasures can be implemented.

No matter how decentralized the software is the fact that we’ re using, no matter how huge this peer-to-peer system is, we’ d always have to ask ourselves one question: Where is this software running? All too often, blockchain technology—DeFi included—runs on centralized technologies.      

The crypto industry deals with the existential threat associated with centralized tech

In the crypto industry, we are still married to centrally managed infrastructure. We are using federal government infrastructure, ISP infrastructure, central DNS nodes, and companies.

So the technology we create in crypto may very well be decentralized, but , at the end of the day, the actual physical layer—indeed, the whole base foundation—is pretty centralized.

Unless there’ s a true alternative—a second or decentralized internet—the industry faces an issue at the cyber OpSec plus DevSec layer. Addressing this particular shortcoming with a truly decentralized Web3 is of the utmost significance for the future of money.

We’ lso are at the point where there are so many threats and risks within the cyber world that we all must be aware and extra cautious. This really is true, even if we keep a low profile online.

The majority of internet users nowadays don’ t take OpSec seriously—even people in the crypto market.

Unless you’ ve been a victim of a hack, scam, virus, or worm, you might not even have correct antivirus or basic firewalls set up. These are, admittedly, just the beginning of good operational security.  

Protecting decentralized technology

Indeed, as the cyber battles wage on, the public will become increasingly aware. The future of the modern world depends in some ways on cybersecurity. We must protect privacy and decentralization.

It is abundantly clear that an unsecured physical layer poses an existential threat to any decentralized technology since the users themselves are the network.

Security might seem such as an inconvenience, but it is essential. If we are going to share the global Bitcoin network and broader crypto networks, which could one day underpin a future iteration of the internet, our own security is a part of greater social responsibility.

We must all be ready to learn simple security safety measures and implement them within our use of crypto.

The write-up Confessions Of A Nation-State Penetration Tester — Facing Centralized Tech appeared first on BeInCrypto.