Some findings need to be disclosed in the public domain. Some findings need to be protected until the affected parties can mitigate the exposure. We seek to balance responsible disclosure and private interest and to delve into the complexity of this intersection.
When you are a security researcher who is in the middle of a major cyber incident that potentially affects millions of computer users, you are oftentimes challenged how to warn the public regarding the incident, maintain operational security of your sources, and simultaneously disrupt major cybercrime operations.
While notifying law enforcement is both a moral and ethical duty of any threat intelligence firm, revealing the victim identities turns into a "tightrope walking." On one hand, private disclosures without naming the exact victims assist them to remediate the threat.
At the same time, public disclosure increases situational awareness and preparedness of regular computer users who might become secondary and/or tertiary targets. In other cases, disclosures force the cybercriminals to terminate their public and private operations thereby directly disrupting their networks.
We are strong believers in the ethics of both responsible disclosure and no victim shaming. AdvIntel reports incidents in ways that allow us to warn the public without harming the remediation efforts.
Security is about human beings, and we know that behind the brand names and logos of victim entities, there are real people, and we–as a company and as a community–are obligated to keep them informed and protected in the course of a major cyber incident.
Security and intelligence are about human beings: not everything should remain a paid-fee private intelligence report; the public has a right to know.
Oftentimes, cyber-actors perceive compromised victim entities as gateways to other compromises. It happened during the recent events affecting Avast, a Czech multinational cybersecurity software company, and, more recently, ASUS, a Taiwan-based multinational computer company, affecting real people.
We are all in together in the battle against cybercrime.
Intelligence is the backbone of our operations. Our techniques and advanced methodology enables us to establish resilient intelligence-gathering networks. This allows us to maintain long-term visibility into the major cybercrime events in light of public disclosures.
The level of our disclosure is always dependent upon our assessment of intelligence loss and intelligence gain. We release information publicly when we have high confidence in our source veracity and can provide additional evidence upon the trusted party request. As a US intelligence firm, we are proud and extremely diligent in assisting long-term intelligence operations of the law enforcement and always meticulously calculate risks of public disclosure.
Indeed, major cyber events cause us to examine the dilemma of information sharing seeking the balance of the public interest versus private disclosure.