By Val Saengphaibul, Director of Threat Response at Fortinet
Hi there!
Please let me introduce myself I’m Val Saengphaibul, Director of Threat Response at Fortinet. I also sit on the Steering Committee of the Cyber Threat Alliance, and I’d like to tell you a story.
I’ve been in the cybersecurity field for over 20 years. My initial foray was at Microsoft (Law and Corporate Affairs (LCA), now renamed Corporate External and Legal Affairs (CELA), where I was the only tech guy amongst a sea of law enforcement and lawyers – a Technical Analyst. Our team was an unorthodox and talented motley crew of former investigators from the FBI, Scotland Yard and U.S. Marshalls service, including the best lawyers from the United States Department of Justice (no ambulance/bankruptcy chasers) that investigated online threats focusing on malware and cybercrime (and sometimes source code leaks).
Reflections on the Past, Blaster
On a beautiful rare sunny summer day in 2003; only two months into my role; I remember sitting in my office looking outside the windows of the former Building 8 (where Bill Gates sat at Microsoft’s Redmond Campus), towards the newly constructed football fields.
As I was daydreaming, I noticed my infection machine rebooting on its own. The infection machine is a computer to visit nefarious parts of the Internet and analyze malware, etc. This was before virtualization was widely available, so it was common for researchers to reinstall from CDROMs. I had no idea what was going on. The computer kept on booting repeatedly in a loop. Was I compromised?
Anyway, much to my surprise – the machine was stuck in an infinite loop and displayed the dreaded blue screen of death (BSOD). What was it I installed? I then heard others gasp down the hallway and they too had the same symptoms. I then realized that this was a global cyberattack. This was a shock, to us all as many had no other options get back online on an alternative device even at Microsoft. Back up computers were not common in many households then (smartphones/iPads didn’t exist).
The next day, we got calls from local and federal law enforcement agencies for assistance. I had first-hand experience dealing with the nation’s top tier of investigators and forensics teams trying to piece together the details of this threat. The teamwork culminated in what was a first, an arrest and conviction led by Microsoft and the United States Department of Justice, led by investigators from the FBI and Secret Service on the creator the Blaster B variant.
Humble Beginnings and a Storage Room in an Underground Parking Lot
Back then, cybersecurity/cybercrime was a term that was not widely used or understood. Cybercrime was in its infancy, and the topic alone would have likely gone over one’s head. The world was barely connected as it is today, and most people were relegated to a machine (and was usually shared within a household) that was tethered to a CAT5 cable. WiFi wasn’t available. Social media in its current form was nonexistent (which was a good thing), MySpace was a year old and everyone was Tom’s friend, Facebook and YouTube were a year away from their debuts respectively. It was only five years prior that most of the country was using dial up services, meaning connections were slow, unreliable and content publication was relegated to those who knew how to setup a webserver along with knowledge of HTML.
Companies didn’t focus on security during this time or even have departments dedicated to this space, as it was ultimately a cost center, meaning it didn’t generate any revenue. Developers got paid two to three times more than security folks, as we were often the lowest man on the totem pole.
Shortly after the Blaster incident, one investigator and I had the idea of starting a small cybersecurity investigations team that would assist Law Enforcement in what was a likely first, an industry and government partnership against cybercrime. Our idea was simple, to setup shop where we could have a few simple things – a pool of computers, whiteboards and shared space where we all could brainstorm and discuss cases we were working on.
We found a storage room in an underground parking lot on Microsoft’s campus. We created the first team to support law enforcement, the Internet Safety team, which was the precursor to the Digital Crimes Unit (DCU).
A few months later we were kicked out of the storage unit because of the lack of ventilation and the risk of carbon monoxide poisoning. However, management saw the value of this and decided to give us a conference room, which culminated in many more arrests and takedowns and the rest is history.
Joining the Cyber Threat Alliance
A few years ago, I was asked by our Vice President and CTA Board Member Derek Manky, if I’d like to partake in CTA meetings and later join the Steering Committee. I was ecstatic, and realized the importance of this role in helping shape all things cybersecurity for the immediate term and future.
The Cyber Threat Alliance is one of the most influential and important organizations I’ve participated in. Its members comprise of the who’s who in cybersecurity – industry leading companies and the smartest and talented individuals in the industry. Our organization is the global leader for all things threat intelligence, cyber security policy and other cyberspheres of influence that only a collective organization like the CTA can provide.
Members share a common goal and voice, which are represented by employees who are also experts in this space. Data shared by partners also helps protect customers of CTA members as data is shared downstream before the public is aware If you have gotten this far reading and are wondering why your cybersecurity solution vendor is not part of the Cyber Threat Alliance; you might want to ask your representative why and how come.
As you can imagine, I’ve seen a lot in the past 20 years. The knowledge and experience that I’ve gained here was something I’d not imagine when I first started my career. The CTA just came into existence eight years ago, 12 years into my career. Cyberspace now affects all of us daily and we are more connected than ever. Just like the disruptors of the previous century – the automotive and aerospace industries safety and compliance has improved leaps and bounds over time. CTA will have its hand in moving and shaping this special space that has transcended all of our lives and will be highly influential moving forward.
We’ve come a long way but still have a lot to go.
Happy 8th Birthday CTA and many more years to come!