Sir, may I ask: what hat are you wearing tonight?

"No tree, it is said, can grow to heaven unless its roots reach down to hell." — Carl Jung

My Dear Edge Readers,

Tonight, I would like to discuss with you about Duality of things.

Psychologically, duality may refer to the presence of two conflicting parts within a person's psyche. For instance, one might struggle with the duality of altruism and selfishness, or the desire for both freedom and security. Or the willingness to do good, while enabling the bad.

Before I get to the main message: >> IT IS STORY TIME << Sit back, my dear friend. Take a sip of hot tea or coffee. And enjoy this tale of cyber lore:

The genesis of an eternal dance between chaos and order

In the digital realm of the early computers, long before the age of the Internet as we know it, there lurked a benign but mischievous spirit known as the Creeper. Born from the depths of experimental code, this entity was not of malicious intent but one of curiosity and exploration. Crafted by the wizardly hands of an arcane programmer at BBN Technologies, the Creeper began its journey across the ARPANET, the ancestor of our modern-day internet, a web of mystical portals connecting mighty computational fortresses.

The Creeper was a wraith-like presence, drifting through the network with an echoing whisper that proclaimed its existence: "I'm the creeper, catch me if you can!" It was a specter that could clone itself, moving from one mainframe to another, displaying its message before vanishing into the ether, leaving no trace of its presence save for the words that flickered on the screens.

But in this land of circuit and wire, balance was the law, and for every action, there was an equal and opposite. Thus, as the Creeper made its playful haunt through the machines, there arose a guardian, a sentinel of the silicon, known as the Reaper. The Reaper was not borne of human hands but was seemingly conjured from the necessity of the digital cosmos to restore equilibrium.

The Reaper's sole purpose was to seek out the Creeper and to silence its whispers, to close the doors it had opened, and to banish it from whence it came. Unlike the Creeper, the Reaper left no echoes of its passage, only peace where there had once been the soft footsteps of the Creeper. It traversed the ARPANET with a silent resolve, cleansing each fortress of the Creeper's touch, restoring order to the realm.

The two entities, Creeper and Reaper, became legend: the first known entities of their kind, one bringing the thrill of the chase and the other the solace of security. They were the genesis of an eternal dance between chaos and order, a dance that continues in the vast, sprawling kingdom of cyberspace to this day.

And so the tale of the Creeper and the Reaper is whispered in the hallowed halls of cyber lore, a reminder of the delicate balance that keeps the digital and human worlds intertwined in an endless ballet of creation and protection, innovation and guardianship.

—

A magnificent tale, right? It is indeed the beginning of what we today refer to as an eternal ‘Cat & Mouse’ game between adversaries and cyber defenders. But that is just what bugged me and motivated me to write this journal entry.

You see Creeper’s intent was never malicious, it was developed by someone wearing a White Hat, if we may borrow the phrase. Now the origin of Reaper is a bit unclear, but it hints it was also developed by someone working at the same company as the developer of Creeper. Again, two fellows wearing a White Hat. But where is then the Black Hat? I am intentionally objective here - we know that Creeper was a demonstration project, but it gives hint to what my message is today.

Preposterous Assumptions

What if we dare to assume that some of the things (i.e. Tools, Apps, People) we accuse of wearing the Black Hat, some days wear the White one?

Now this is not me saying that every ‘good’ guy is also a ‘bad’ guy, but the duality of both is at times deemed necessary to assure others existence. And thus there is a risk for one if the other happens to no longer be. Even further: one enables the other.

Maybe let us observe some more angles.

What if we say that there is a Good Guy Idaho, who lives in Country A. The Country A feels threatened by Country B, so they task the Good Guy Idaho to cause cybernetic harm to the Country B.

Country B detects the attack coming from Country A, and employs Good Guy Nevada, to protect themselves and issue a counter-attack.

Now you see - Country A believe that Good Guy Nevada is actually a Bad Guy Nevada, while Country B decided that Good Guy Idaho is in fact Bad Guy Idaho.

While cyber criminal intent is not necessarily always like that (straight confrontations), but this does mostly apply to Nation State Threat Actors. And when we discuss nation state Threat Actors we have to admit that sometimes the Good Guys are the Bad Guys - the matter of perspective.

On the other hand, when we discuss the financially motivated cyber criminals, we speak of opportunists. They seek more money - ransomware seems a good business model to gain that money with their skillset, so they operate with it. In this case, it is fair to assume that in everyone’s eyes this person is the ‘Bad Guy’. Because they are.

But here is my preposterous assumption:

If the ‘Bad Guys’ did not have resources that were produced by the ‘Good Guys’, the ‘Bad Guys’ would not be able to develop sophisticated malicious software and infrastructure required to launch such cyber attacks.

And resources can be anything from Schools, to IaaS / SaaS / PaaS and all the way to People themselves.

So, in a way the Good Guys enable the Bad Guys. This duality will always haunt us. And not just in cyber space - it just the nature of duality within us and within the universe - the desire to chase that equilibrium. The White Hat tool can be easily abused by the Black Hat person.

So how do we fight the fight against ourselves?

Together.

We must overcome this by joining our strengths, by sharing the knowledge we have. Because guess what, on the other side - they are embracing what is given (even by us!), they are sharing and cooperating way more than we do on the Blue side.

Sometimes our business policies are unnecessary strict or badly interpreted and thus we tend to not share much of the knowledge - as business leaders would worry that we give out our ‘IP’.

Maybe this does not apply to you - maybe it is limited on cultural and geo-region, it is just my experience.

That is why I am glad to work with Threat Intelligence. It is the field in Cybersecurity that not only allows us to share the knowledge about cyber threats, but also to investigate, research and develop defensive mechanisms and systems to counteract the malicious actors.

Even more I appreciate the Cybersecurity conferences and Events created by the community, where we can attend and finally blow some steam off and discuss the techie stuffs between us. To really improve each other.

—

Allright. We came to the end of the entry. Take this journal with a bit of grain of salt. I am a bit bias here as I do work in CTI, and when you do this for years, you tend to see things that may not be necessarily exactly seen the same way by everyone. It is purely my experimental interpretation when I digest and analyze cyber threats daily, that there must be some sort of co-existence between the Good and the Bad. And someone out there may consider me as the Bad, while I consider myself to be Good. The Judge is the Law.

Yet we need us both.