Case study

BT Security Threat Intelligence:

Defending against cyber threats

A credible threat

In the summer of 2013 a hacker began bragging on Twitter about his exploits. He claimed to have attacked 50 websites in the space of a single fortnight, launching distributed denial of service (DDoS) attacks against government and commercial systems throughout the UK.

Apparently affiliated to the notorious hacker network calling itself Anonymous, he obviously thought he was invincible and untraceable. Yet within weeks he was under arrest – thanks largely to the vigilance of security experts at BT Security.

Kevin Brown, general manager, threat intelligence and investigations at BT Global Services, says: “To protect our own networks and those of our customers, our security specialists constantly monitor the internet and social media for signs of potential threats. It was boasts from the hacker that put him on our radar.”

To assess how serious a threat he posed, security experts from BT tried to access the websites the hacker had threatened. Sure enough, over a two-week period 24 out of 50 were unreachable at the precise times he had promised to target them. These ranged from banks and financial institutions to political parties, local government and even the security services.

The BT team identified that the hacker was now threatening a BT client and were, within minutes, able to verify and ensure appropriate mitigation was in place (although the system was protected and the attack was unsuccessful).

How to catch a hacker

Simultaneously, forensic experts at BT were closing the net. From his Twitter account they deduced that he was a UK resident living in the North West and had been in dispute with his neighbours.

“He had posted photographs, apparently taken from his home, suggesting that he lived in a cul-de-sac,” explains Kevin. “Our experts scoured Google Earth for likely streets, scrutinising photographs posted by the hacker to find a match.”

Having identified the address the team could use the public internet to find who lived there. None of the listed residents was a BT customer. But one had posted several entries on websites relating to his dispute with his neighbours, his mental health and encounters with the police and social services. This explained some of the DDoS targeting and Twitter comments.

Now the BT team had all the evidence they needed. The file was handed to the police, with whom BT works closely. This later led to a man being arrested on suspicion of offences under section 3 of the Computer Misuse Act (1990).

Thanks to the BT security team, the hacker was anonymous no longer. And the internet was a slightly safer place.

About BT Security Threat Intelligence

As one of the world’s largest network operators BT devotes huge resources to protecting its own systems from possible attack. It employs hundreds of security specialists who regularly scan thousands of information sources – ranging from social media to specialist blogs and underground forums – for anything that could impact or interrupt its services. The company also has strategic partnerships with intelligence-gathering organisations around the world.

All this gives BT a unique insight into global and local security threats that is not obtainable from any other single source. Now the company is offering to share this insight with its customers as part of its BT Security Threat Intelligence service, providing weekly intelligence reports detailing likely threats and their level of seriousness.

Customers can also choose to receive bespoke intelligence reports relating to their own operations, and ad-hoc reports on key threats as they emerge. At its highest level, BT Security Threat Intelligence also offers technical intelligence, customer workshops to establish intelligence requirements, and regular reviews of these requirements with the customer’s own security professionals.

Armed with these insights customers can better identify their key current vulnerabilities and mitigate these before they can be exploited – or, in plain English, shut the stable door before the horse has bolted.

Core services

  • BT Security Threat Intelligence