In April we wrapped up our first installment of the Rapid7 Threat Intel Book Club. Much to our delight, our New Year’s resolution/grand experiment on hosting a regular threat intel book club was a success! We got to dive into The Cuckoo’s Egg with a few dozen of our closest internet friends, discuss the things that have changed since the 1980s (and the things that haven’t), and look at some early applications of threat intelligence. We also gathered some great ideas for future books—which brings us to the point of this post: We are happy to announce plans and content for our next book club!
What We're Reading
The second installment of the Rapid7 Threat Intelligence Book Club will be (drumroll please) Kim Zetter’s Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon! If you want to join us for this next round of threat intel discussion, grab a digital or analog copy from your bookshop of choice, or head over to your local library. As a reminder, you do NOT need to be familiar with threat intelligence to join the fun.
Our winter reading focused on the first documented case of cyber espionage; our summer reading will fast forward to a much more recent case. In fact, the events chronicled in Countdown to Zero Day are so recent that we are still discovering new pieces of information and learning about the implications of this type of attack as the threat continues to evolve and as additional threats to industrial control systems appear.
The book club continues to evolve as well, and based on participant feedback we are making a few changes:
- Look for discussion questions a few days before meetings.
- If you have any questions you want to focus on ahead of time, please send them to firstname.lastname@example.org.
- Since Countdown to Zero Day covers an area where there is a lot of additional research, look for suggestions for (suggested but not required) additional readings on Stuxnet-related material.
Our first meeting will be July 11 at 8 PM EDT (5 PM PDT). We’ll cover chapters 1-6, which span 129 pages and will be just enough to suck you into the book. Registration is required, but your email doesn’t get added to any lists as a result of signup.
Among the general discussion points:
- What is this malware?
- How sophisticated is it?
- What exactly does it have to do with the ancient town of Natanz and the unfortunately-acronymed Institute of Science and International Studies (ISIS)?
UPDATE June 28: Discussion questions for the first session are below. Want to add something? Sound off in the comments. See you July 11!
- What did you already know about Stuxnet before you started reading Countdown to Zero Day? What have you learned so far that you did not expect or hadn't realized before?
- What conclusions did Ulasen come to about the presence of the zero day exploit and a legitimate digital certificate? Did you come to the same conclusions?
- Just like Cliff in The Cuckoo’s Egg, the researchers at Symantec had to convince their management to let them continue to work on the Stuxnet code. How important is a personal sense of curiosity when it comes to understanding complex problems or unraveling incidents?
- What different disciplines did Kim Zetter pull from in the first six chapters? How critical do you think each discipline is? Are there any other sources of information that would help to understand the situation at this point?