Hack the hackers: Eavesdrop for intel on emerging threats

Listening to online chatter in hacker forums can give you a jump on juicy vulnerabilities your vendor hasn't fixed

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

In a sea of vulnerabilities clamoring for attention, it’s almost impossible to know which IT security issues to address first. Vendor advisories provide a tried-and-true means for keeping on top of known attack vectors. But there’s a more expedient option: Eavesdrop on attackers themselves.

Secure your systems by eavesdropping on hackers A. Strakey via Flickr

Given their increasingly large attack surfaces, most organizations tie their vulnerability management cycle to vendor announcements. But initial disclosure of security vulnerabilities doesn’t always come from vendors, and waiting for official announcements can put you days, or even weeks, behind attackers, who discuss and share tutorials within hours of a vulnerability becoming known.

“Online chatter typically [begins] within 24 to 48 hours of the initial public disclosure,” says Levi Gundert, vice president of threat intelligence at Recorded Future, citing the firm’s in-depth analysis of discussions on foreign-language forums.

Vendor advisories, blog posts, mailing list messages, Homeland Security CERT alerts -- defenders aren’t the only ones reading these announcements. Knowing what piques attackers’ interest -- and how they plan to exploit holes before vendors can respond -- is a great way to get a jump on the next wave of attacks.

To continue reading this article register now

Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.