OnDemand Includes 4 Months Access to Course Content - Special Offers Available Now!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Throwback: How Social Media has Ushered a Re-emergence of Traditional Espionage Tradecraft (and how defenders can exploit it)

  • Tuesday, December 06, 2016 at 3:00 PM EST (2016-12-06 20:00:00 UTC)
  • Michael Cloppert

You can now attend the webcast using your mobile device!



In recent years, we have observed a substantial increase in even more tailored intrusion attempts by well-resourced and experienced adversaries employing a mixture of traditional human intelligence tradecraft as an enabler of computer network operations. These HUMINT/CNE blended operations have been disclosed in operations documented by various threat intelligence vendors, as well as observed in private by skilled and attentive network defenders.

As internet users increasingly move their lives into social media, these outlets have become a technological enabler of traditional HUMINT tradecraft, behind the thick veil of anonymity provided by the cyber domain. Besides providing a direct avenue to users with access to targeted data and services, social networks permit adversaries to conduct operations outside of the control of network defenders seeking to deploy countermeasures to their objectives. BUT FEAR NOT! These operations actually provide opportunities for network defenders in the first phase of the kill chain never previously imagined. In this webinar, I will lay out how these operations do (and don't) align to our models like the kill chain, and discuss potential countermeasures against these actions that permit defenders to operate earlier in the kill chain than previously imagined.

Speaker Bio

Michael Cloppert

Michael has been a security and threat intelligence analyst since 2001, and has been an IT practitioner since 1997. He is an original author of the SANS FOR578 Cyber Threat Intel Analysis course, the seminal paper Intel-driven CND Through Analysis of Adversary Campaigns and Intrusion Kill Chains, and has co-chaired the SANS CTI Summit since its inception in 2013. Michael holds a B.S. in Computer Engineering from The University of Dayton and an M.S. in Computer Science from The George Washington University. He has also earned GIAC GCFA gold and GCIA gold certifications (among others) throughout his career. Michael presently works as a consultant for PriceWaterhouseCoopers after over a decade with Lockheed Martin, where he helped build their world-class CIRT from the ground up, and supported clients in the pharmaceutical, energy, DoD, and Intelligence Community. Previous to LM, he worked full time in the federal government and financial industry. He is a professional member of ACM and IEEE, and in his spare time is an amateur bassist and semi-professional jazz trombonist.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.