John Wetzel Profile picture
Mar 21 4 tweets 1 min read
The problem if you’re USG is something like this: you have good information that attacks are imminent but not enough to prevent attacks outright. What do you do?
US intelligence likely based estimates on a wide variety of sources, such as spies, intercepted comms, even implants of their own. So you could KNOW the orders’ been given but not know specifics. Reading for nuance and details is key
So as USG do you warn? Probably, even if you know it’s somewhat futile. And there’s subtle messaging such as the note on “evolving” intelligence—Likely speaks to fluidity of Russia decision more than uncertainty of intelligence
As for actionable, to paraphrase @RobertMLee, best action now is to get some rest. You prepare for crises ahead of response—unless you’re already nearing the completion of MFA deployment, likely too late to start. Best thing is take care of your ppl: you might need them soon

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with John Wetzel

John Wetzel Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @johnwetzel

Mar 24
So how do you *prevent* #insider threats?
Short answer is you don’t
Long answer is you spend a lot of money…and still don’t

But you CAN monitor, identify, and react to insiders and insider-like threats #lapsus$
(🧵)
I worked counterintelligence from 2003 to 2016 with US military and civilian agencies. In that time, I investigated, taught, and helped build insider threat programs. One big lesson learned: insider threats are usually caught from the outside. But how?
Because insider threat *always* has an external nexus. Whether it’s a foreign gov, LAPSUS$, or even a reporter looking for a scoop, there’s always an external actor washingtonpost.com/national-secur…
Read 17 tweets
Mar 22
LAPSUS$ is the group on everyone’s mind today, having just leaked data around a potential breach of #Okta, a widely-used SSO & identity provider. So let’s take some time to dive into #LAPSUS$, where they came from, how they’ve evolved, and how to defend against them.
LAPSUS$ appeared in only a few months ago, in December 2021. They appear to be Brazilian-based or affiliated, going off of their initial targets and the languages used on their Telegram channels
Notable analysts have described them as “erratic and unusual” (@BrettCallow in Wired) and “competent and incompetent at the same time” because of their seeming inability to monetize their successful breaches
Read 16 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(