Richard joins MANDIANT after four successful years at General Electric, where he served as Director of Incident Response and led GE’s Computer Incident Response Team (CIRT). We are excited to have Richard join our executive team to architect additional offerings and focus on protecting our own enterprise.

In Richard’s words: “A priority for MANDIANT in 2011 is to expand the team and the capabilities we use to defend our customers and our company. Organizations across the globe depend on MANDIANT to protect their information from an array of digital threats. I welcome the challenge posed by my new role, and the opportunity to join this distinguished group.”

Prior to GE, Richard operated TaoSecurity LLC as an independent consultant, protected national security interests with me at ManTech Corporation’s Computer Forensics and Intrusion Analysis division, investigated intrusions with Kevin Mandia at Foundstone, and monitored client networks for Ball Corporation.

Richard began his digital security career as a military intelligence officer at the Air Force Computer Emergency  Response Team (AFCERT), Air Force Information Warfare Center (AFIWC), and Air Intelligence Agency (AIA).

A graduate of Harvard University and the United States Air Force Academy, Richard is the author of both The Tao of Network Security Monitoring and Extrusion Detection, and co-author of Real Digital Forensics. He also writes for his blog taosecurity and teaches for Black Hat.

We welcome Richard to the rapidly growing MANDIANT team and look forward to his many valuable contributions.

In our always-on, breaking news culture, jumping the gun on the intent and origins of an attack can put geopolitical relationships at risk. The job of the media is to deliver facts that can be verified, and support its news content with insight, expertise and speculation from industry sources on what transpired and who might be responsible.

In the case of the U.S. and South Korean web site denial of service attacks, it took less than 24 hours for the world media to independently confirm, and largely dispel, reports that this particular spate of attacks was ‘state-sponsored’ by the North Korean government or its sympathizers, after reports to the contrarydominated the headlines in Asia the preceding night.

In an interview with Reuters, MANDIANT Executive Vice President Michael Malin outlined the following differentiators between spot attacks committed to disrupt and gain attention, and state-sponsored cyber-attacks conducted with deeper scale and intent. Malin’s view was corroborated by other industry research and opinions:

1.) Sophistication
Low-tech attacks, Distributed Denial of Service (DDoS) for example, were more commonplace in the late nineties. They feature less sophistication, greater disruption and are designed to make a point, grab attention or feed into a hacker’s notoriety and ego.

State-sponsored attacks, commonly known in government circles as the Advanced Persistent Threat (APT), are far more sophisticated and perpetual in nature. These attacks are intricate, complex and involve a consistent attack stream using a marked increase in human and technology resources to keep its enemy constantly in a reactive position.

2.) Anonymity
Home-grown, low-tech cyber-crime is more likely to be detected eventually and unearthed through traditional criminal investigation and forensic analysis. In many instances, these hackers operate in small clusters or individually, and enjoy the limelight of their acts, including being brought to justice.

State-sponsored cyber-crime is more mysterious, typically conducted under the mainstream radar, highly covert, and targeted at government, energy, financial services or other critical infrastructure. These conspirators are backed by governments or regimes, and identified more as state-sponsored organizations rather than individuals.

3) Sensitivity
Very simply, applying the same characteristics and profile types of our serial cyber-offenders, was the crime specific to the compromise of classified or confidential information? Or more focused more on creating spot havoc and high-profile disruption?

The MANDIANT view:
This attack appeared to be more of a denial of service attack rather than the traditional state-sponsored act. In our experience, state-sponsored actors fly under the radar to either gain access or steal information versus denying or degrading a service.

By better understanding the scope, profile and motives of cyber criminals, we can more effectively identify, anticipate and remediate the crimes they commit.

MANDIANT continues to address the Advanced Persistent Threat, finding evil and solving crime for some of the most critical government organizations and high-value commercial enterprises.

For more in-depth coverage on the South Korea/US web site denial of service attacks, including commentary from MANDIANT Executive Vice President Michael Malin, access the following story from Reuters: http://www.reuters.com/article/newsOne/idUSTRE5680CC20090709