The Duality of Attackers – Or Why Bad Guys are a Good Thing™
The Duality of Attackers – Or Why Bad Guys are a Good Thing™
It’s no secret I’ve been on a spiritual journey the last few years. I tell most people it’s fundamentally changed my life and how I look at the world. I’m also a hacker and I’m constantly thinking about how to apply metaphysical or spiritual concepts into my daily life. Because if they are true they should apply broadly and also to many aspects of our lives. One of the key things I’ve learned is thatperspectivedrives an individual’s opinion of a situation or event. Is something good? Is something bad? It all depends on the observer’s perspective of the situation.
My first Battalion Commander in the Army when I was having my welcome to the unit meeting said something I’ve never forgotten. He said “On any given day it’s better to be a Soldier, a DA Civilian, or a Local National (I was in Belgium)”. This stuck with me ever since even though i didn’t know what to call it at the time….perspective.
In late 2019 the Irresponsible Open Source Tools (intentionally not linking) debate took over Infosec twitter for a few weeks. Ever since that time I’ve been thinking about – “Are attackers a good thing?” Not red teaming, not pentesting but straight up criminals. The real steal your shit type, not the point and laugh type, the wreck all your things, steal all the things, potentially end your business type attackers. There were several people basically stating life would be better if attackers did not exist and I wasn’t so sure about this.
TLDR; I think Yes, attackers are a Good™ thing or rather not a Bad™ thing because they force us to adapt and grow. Growth Through Struggle.
But first, definitions:
“The art of drawing solid objects on a two-dimensional surface so as to give the right impression of their height, width, depth, and position in relation to each other when viewed from a particular point.”
“A particular attitude toward or way of regarding something; a point of view.”
Another way to think about perspective and how everyone can have their own is that “Everything (every person, place, thing, situation, event) is fundamentally neutral – they are neutral props with no built in meaning”  – the observer of the situation or event gives the event meaning.
The meaning we put, the meaning we assign to these neutral things completely determines the effect that we get out of them. Every situation can be viewed in many different capacities and it solely depends upon how you perceive it and the association that you create with it and your beliefs about the situation or event. I’m currently fascinated with TV Shows that tackle this subject. Lucifer and Good Omens come to mind where the idea that the “bad” guy is sometimes the good guy if you evaluate their actions and the “good” guy is the bad guy as dictated by their actions or listening to their superiors.
As hinted at by the word “dual” within it,dualityrefers to having two parts, often with opposite meanings, like thedualityof good and evil.
If there are two sides to a coin, metaphorically speaking, there’s a duality. Peace and war, love and hate, up and down, and black and white are dualities. Another term for a duality is a dichotomy. Duality has technical meanings in geometry and physics. In geometry, duality refers to how points and planes have interchangeable roles in projective geometry. In physics, duality is the property of matter and electromagnetic radiation to be understood best through wave theory or particle theory.
“Your truth is truth, my truth is truth, but your truth is not necessarily my truth.”
Understanding and being aware of duality is vital to our human experience, as it allows us to see things from ‘both sides of the coin’ and better understand ourselves and others amid the collective. Most individual’s version of ‘truth’ culminates according to their past and current experiences, social conventions, and worldly views. To put it simply, duality is the nature in which everything holds opposing truths — all of which are true — at least in a relative sense.
I’ll be honest, after a lifetime growing up in the United States worrying about the next foreign country boogeyman and over a decade in the Army where the primary motivation was giving soldiers someone to “hate” it’s been quite a journey to try to see things other than a binary right/wrong & good/evil, etc. The intersection and interdependence of good and evil manifested for me (and I think plenty of others) in the following way: we don’t feel we are good unless we are fighting against evil. It’s the American Way! We can feel comfortable and secure in our own goodness only by attacking and destroying the evil outside us. I was, and still am to an extent, looking for evil to vanquish. This interdependence is at the core of Infosec. Without APT groups, criminals, malware, and every other form of virtual boogeyman (aka “the other(s)” or “the bad guys”) most of us have no reason for our Infosec existence.
Thinking of everything as fundamentally neutral has helped me drop some, but not all, of my old vocabulary and has given me space to pause and to think about how I feel about issues at a micro level and macro level. Taking that pause allows me to understand that my perspective on the situation is entirely what matters and that another person could have a TOTALLY different perspective on the situation (and Infosec twitter shows me…quite frequently does).
Criminals, Attackers, Bad People, etc and their actions can have a multitude of perspectives.
Take a company that gets compromised so badly they go out of business. From the perspective of the company CEO this is BAD. From another perspective, perhaps of a competing company CEO, this is GOOD, from the perspective of the attacker they got what they wanted so (GOOD) perhaps a bonus is coming, perhaps their family gets to eat or maybe they just get another BTC in their nano ledger. In-house defenders have “failed their mission” and now are out of work or maybe this was the event that finally prompted management to spend that money they’ve been asking for. Perhaps their failures were so embarrassing they have made it by name in tech-crunch articles and their careers may be over or at least paused. Perhaps they “lost” but their response was good enough that the general public thinks things are ok inside the company anyway.
For Infosec, I’m going to make the case that attackers are GOOD; at least from my perspective (as every opinion piece is). But, I’ll attempt to lay out bullet points for rationale for my current perspective. The following can be summed as “Growth through struggle”:
Attackers force defenders to consistently up their game. Attackers constantly innovate to get around the current detection techniques and technologies.
Attackers force Red Teams to up their game to keep up with their TTPs.
Defenders force attackers and Red Teams to up their game to keep up with current defenses.
Attackers force visibility into their politics and perspectives through the investigations into their motivations and TTPs.
They give a large portion of Infosec a “purpose”. I’ve dedicated the last 20 years of my life in various verticals of IT to “keep bad guys out” and I’m positive I’m not alone.
If you’ve made it this far. Thank you! I realize the title is a bit click-baity and not really in line with the idea of duality or perspective but no one would have read “attackers are fundamentally neutral.” Although my hope is that are open to exploring that perspective now. I welcome your thoughts on the subject.