Q&A: Cyber-security expert Chris Coleman
Just a few keystrokes and bang!—your life is suddenly upside down, inside out and out of control. You want it back in your control? Bank on cyber-security troubleshooter LookingGlass Cyber Solutions, which specializes in flagging online security threats and protecting information—for companies, governments, and even executives—from the insidious tentacles of what CEO Chris Coleman describes as “malicious actors.” Ahead of this year’s Black Hat Conference on July 30-Aug. 4 at Mandalay Bay—at which LookingGlass will prominently participate—Coleman talked to Las Vegas Magazine about the challenges of staying safe in the cyber realm.
Why is Open Source Intelligence—information collected from publicly available sources—so vital to how LookingGlass helps its clients?
The Internet is not just used for us to Google and learn about the world; it can also be used to keep us safe. Open Source Intelligence is about gleaning information from the open Internet to help customers stay ahead of threats—whether it be a group planning a protest, somebody making a physical threat to an executive online, or hackers selling compromised credentials or new malware. It’s having the capability to go through billions and billions of records and delivering intelligence about risks our customers care about.
How vulnerable are we to threats?
We have a lot of customers concerned about the digital footprint of their executives. How much information is out there that can be used by somebody wanting to track or use blackmail or any type of malicious activity against an executive? Even if they don’t use Twitter or social media, if their friends or family or their children are over-sharing information, it can present a risk to that executive. All of those things are potential risks not just to an executive from a reputational perspective but to a whole slew of things that come into play.
How do phony “phishing” websites work to fool people and gain access to information?
The more effective method is called spear-phishing. Let’s say I want to get into your employer’s computer network. I know you work for them but I’m having a hard time getting in using other channels. But I find information about you—your hobbies, family members, things that are publicly available about you on the internet, and then I create a highly suitable email that sparks on your interests and hobbies, references your children’s names, things they are doing. You want to click that email because it contains things that are near and dear to your heart.
How does LookingGlass combat this?
We take what our customers care about, whether it be information protection, executive protection or physical security issues, and we tune our system to search for relevant threats so we can notify our customer immediately of some type of risk—whether it be on a social media site, in a document-sharing site, some type of blog or on the Dark Web, an area not reachable by search engines where bad guys hang out.
Once you identify risks, how can you help protect them?
Here’s an example. We have a customer that was threatened to be a target of a distributed denial of service (DDoS) attack, which would flood their website with useless traffic if they didn’t pay a ransom. The customer gave us that information and we hunted down who these actors are, did an assessment of their technical capabilities, and reported back to the customer and said, “You don’t have to worry; they are not capable of doing what they say they are going to do.” We gave them recommendations on a variety of different things and with that information, the customer knew whether the actors were capable of going through with their threat.
Are there cyber threats specific to Las Vegas?
Las Vegas is really no different than any financial center because of all the money that comes in and out of here. But let’s focus on the more free-spirited side that happens to people when they get here that winds up as social media posts. Yes, what happens in Vegas stays in Vegas—until they put it on the internet. It’s amazing how many companies now are combing through social media regarding potential employees. You might be an outstanding citizen, but one day you let loose in Vegas. Maybe your friends took the picture, you don’t even know, and then they tag you. That is now searchable. Vegas can accentuate your reputational risks even if you’re just minding your own business and having a good time.