CounterTack CEO Neal Creighton to Present at AGC West Conference on February 25

Showcasing Newly Patented, Deep System Inspection Technology at AGC, RSA Conferences

WALTHAM, Mass. (February 7, 2013)CounterTack, the industry’s first and only provider of in-progress cyber attack intelligence and response solutions, today announced that CEO Neal Creighton has been invited to present at America’s Growth Capital (AGC) Ninth Annual West Coast InfoSec and Technology Growth Conference on Monday, February 25, at the Westin San Francisco Market Street.

The AGC Conference will showcase the most innovative emerging growth companies, and feature dynamic panel discussions and presentations delivered by industry luminaries and leading executives of public and private information security enterprises. At the conference, Creighton will discuss the widening Detection Gap problem and how CounterTack’s innovations in deep system inspection technology are helping to close the Gap.

During the week of February 25 – March 1, AGC participants who are also attending the RSA Conference will be able to see demonstrations of CounterTack products at booth #2533. CounterTack will have a strong presence at the RSA Conference, showcasing next-generation cyber defense solutions based on its patented deep system inspection technology.  

CounterTack will also feature two book signing events at the RSA Conference at booth #2533. 

  • A visible authority on the frontlines of cyber security, CounterTack Chief Researcher Sean Bodmer will share in-depth counterintelligence tactics to fight cyber espionage from his book, Reverse Deception: Organized Cyber Threat Counter-Exploitation, on Tuesday, February 26, at 1:00 – 2:00 p.m. PST.

  • Acclaimed author, CounterTack Board Member and Cylance CEO & President Stuart McClure will showcase his latest book, Hacking Exposed: Network Security Secrets & Solutions, which has been translated into more than 30 languages and is the definitive best-selling computer security book, on Thursday, February 28, at 11:00 – 11:45 a.m. PST.

Register here to schedule a one-on-one meeting with CounterTack experts during RSA Conference 2013.

CounterTack Detects “Red October” Attack within First 90 Seconds of Infection

CounterTack to Demonstrate Deep System Inspection Capabilities at RSA Conference 2013 

WALTHAM, Mass. (February 4, 2013)CounterTack, the industry’s first and only provider of in-progress cyber attack intelligence and response solutions, today announced that its Cyber Counter-Intelligence Research Lab has successfully detected a “Red October” malware attack within 90 seconds of infection of a victim system via CounterTack’s Stateful Compromise Indicators (SCIs).

“Red October,” the notorious, highly organized cyber espionage campaign first investigated and reported by Kaspersky Labs, has infiltrated the networks of governments and enterprises in numerous regions, particularly Eastern Europe, former states of the Soviet Union and Asia, largely targeting sensitive government, diplomatic and scientific research information. Beginning in 2007, many Red October campaign components went undetected by anti-virus programs for months and even years after infection.

“Through the use of armoring techniques, which focus on evading and silently disabling host-based security systems, the Red October campaign operated undetected for several years by simply re-purposing the same crimeware tools over and over again,” said Sean Bodmer, chief researcher, counter-exploitation intelligence, CounterTack. “Today’s cyber battle is not only against the advanced crimeware itself, but also against the evasion and exploit techniques employed by the sophisticated architects behind these tools. The Red October campaign sheds light on a larger underlying issue: the widening detection gap, which is being driven by attacker innovations such as armoring.”

Through the expanded usage of next-generation honeynets, CounterTack is poised to deliver a series of innovations aimed at closing the detection gap. Over the next month and at the upcoming 2013 RSA Conference in San Francisco, Calif., CounterTack (booth #2533) will unveil:

  • The most recent findings from CounterTack’s Cyber Counter-Intelligence Research Lab – including the successful detection of Red October malware and other targeted attacks;
  • Newly patented technology that enables monitoring from deep within the operating systems of actual production assets to detect previously undetectable attacks;
  • Two new, game-changing solutions focused on deep system inspection and new Stateful Compromise Indicators, purpose-built to narrow today's existing detection gap.

To schedule a one-on-one meeting with CounterTack researchers during RSA Conference 2013, please visit here.

CounterTack Awarded Patent for Next-Generation Cyber Attack Detection Technology

Looking Deeper into Operating System Behavior to Detect the Undetectable 

WALTHAM, Mass. (January 18, 2013)CounterTack, the industry’s first and only provider of in-progress cyber attack intelligence and response solutions, today announced that the U.S. Patent and Trademark office has allowed the patent application for its unique cyber attack detection technology, which was developed at the company’s research and development center in Santa Monica, Calif.

“Facing the cyber arms race of this generation’s Cold War, we started with a vision that the industry needed new approaches for cyber security based on a better understanding of the attacker,” said Alen Capalik, CounterTack founder. “It’s gratifying to achieve this major milestone on our journey to help make the network, where we now all live, work and play, a safe place.”

CounterTack developed a new approach that enables data collection and intelligence gathering from deep within operating systems. Monitoring at a deeper level of the network and system architecture has demonstrated a new level of behavioral analysis that enables detection of previously undetectable attacks, such as polymorphic and armored malware, directed and personalized attacks and non-malware attacks, including those from insider threats. 

“The detection gap is as wide as ever despite continuing advancements and investments in cyber security solutions,” said Neal Creighton, CounterTack CEO. “We are very pleased to receive this patent for one of our innovations that is helping to close the gap, and which is already proving its value in next-generation honeynet solutions for major customers around the world.” 

The Washington Times: Glitch Imperils Swath Of Encrypted Records

A widely used method of computer encryption has a little-noticed problem that could allow confidential data stored by almost all Fortune 500 companies and everything stored on U.S. government classified computers to be “fairly easily” stolen or destroyed.

The warning comes from the inventor of the encryption method, known as Secure Shell or SSH.


As a teenager in the 1990s, Sean M. Bodmer hacked government computers and was arrested by the FBI. Today, he is a top researcher at the computer security firm CounterTack, based in Waltham, Mass.

“It’s quite horrific what access you can get with an SSH key,” Mr. Bodmer told The Times.

Mr. Bodmer described how a hacker could use abandoned keys to move through a supposedly secure computer network by hopping from server to server.

“It’s a domino effect” security breach, he said.

Read More >

eWEEK: DOE Cyber-Security Audit Shows Incident Reporting, Management Hurdles

An audit of the Department of Energy's Cyber Security Incident Management Program found that duplicative efforts and the inconsistent reporting of cyber incidents are challenging security management.


Government reporting and accountability of compromises, incidents and loss of protected networked knowledge remain disjointed and inadequate, according to Sean Bodmer, chief researcher at security vendor CounterTack.

The biggest issues are not the incident responders in the trenches who want to honestly do their jobs, but almost always one of the typical political or policy challenges that "plague the Information Assurance and Security professionals working for and in the U.S. government," he said.

Read More >

Clearance Jobs: Cybersecurity News Round-Up: Targeted Cyber Attack Poses ‘Credible Threat’ To U.S. Banks

The financial industry must prepare for a “mass fraud campaign” that will target 30 of the United States’ banks by spring 2013, according to a new report.

Less than three months after news surfaced that massive denial-of-service cyber attacks shuttered the websites of some the nation’s most prominent banks, including Bank of America and JPMorgan Chase, a new report from security firm McAfee advises that there is still a “credible threat.”


 “Coordinated campaigns targeting financial services organizations are not novel, and have been in play since well before 2010,” Sean Bodmer, chief researcher at cyber attack intelligence firm CounterTack told ClearanceJobs in a statement. “What’s new and most interesting is the mass profit sharing model being trumpeted.”

 “It would seem that the criminal underground is maturing at a much faster pace than world governments believe,” he added.

Read More >

IT Business Edge: Banking Industry Must Remain On Alert For DDoS Attacks

In the days after the election, I saw a headline fromThe Onion making the social media rounds that read, “Nation Horrified To Learn About War In Afghanistan While Reading Up On Petraeus Sex Scandal.”

There are three points made in that headline. First, America loves its sex scandals and meaty gossip about people they’ll never actually know — a lot. Second, the media have done a really horrible job covering the war in Afghanistan. Third, we tend to forget about important things if they aren’t making headlines every day. It is the third point that I want to focus on here.


Thing is, even when the attacks against the banks were initially announced earlier this year, it was still old news, according to Sean Bodmer, chief researcher at CounterTack, who told me:

"Coordinated campaigns targeting financial services organizations are not novel, and have been in play since well before 2010. Banks have been targeted for years, by carders and crimeware operators alike. Almost every black-market forum has a Web-inject that will steal user credentials from top financial services organizations. It’s old news, really. What’s new and most interesting is the mass profit sharing model being trumpeted – it’s very unique at a broad level of operation. Cybercriminal operations and black-market sales have commercially leveraged sales options, such as suggestion/comment forums, service level agreements, an d guaranteed response times. Not to be forgotten are bulk sales discounts of criminal tools, money transfers, product demonstrations, product evaluation periods, and now we’re seeing profit sharing… It would seem that the criminal underground is maturing at a much faster pace than world governments believe."

Read More >

Bloomberg Businessweek: Threatened Cyber Attack On Banks ‘Credible,’ McAfee Says

A cyber fraud campaign targeting U.S. brokerages and banks is a “credible threat,” and at least 500 accounts are vulnerable after early attacks planted software that could help thieves steal money, according to a report released today.


While coordinated fraud campaigns against banks aren’t new, the latest threat is noteworthy for the mass profit-sharing model the attackers have proposed, said Sean Bodmer, chief researcher at CounterTack Inc., a computer security firm.

“It would seem that the criminal underground is maturing at a much faster pace than world governments believe,” Bodmer wrote in an e-mail.

Read More >

Network World: Enterprises Are Buying Host-Based Advanced Malware Detection/Prevention Tools To Capture Forensic Data

APTs and advanced malware are having a profound effect on cybersecurity technologies. One notable change is the rise of new Advanced Malware Detection/Prevention (AMD/P) technologies from vendors like Bit9, Bromium, CounterTack, Invincea, Malwarebytes, and Sourcefire that detect and block advanced malware on servers and endpoints.

Aside from acting as another layer of defense, CISOs tell me that these tools provide another valuable security function – they capture host activities (i.e. file downloads, processes, registry settings, network activity, etc.). Some tools also provide analytics while others hand the data to SIEM platforms, cloud analytics, etc. Host behavior data is then used as part of advanced malware detection and also provides basic forensic information for incident response.

Let me step back and bit and provide some context here. Advanced malware circumvents traditional security controls and ends up compromising host computers (mostly endpoints). In spite of the fact that enterprises typically have thousands of Windows PCs, they are virtually blind to what happens on the actual devices. This issue was illustrated in a recent ESG Research survey where security professionals working at enterprise organizations (i.e. more than 1,000 employees) were asked to identify their weakest areas of endpoint security monitoring.

Read More >

Enterprise Systems: Top 3 Trends For Cybersecurity In 2013

What should IT security professionals be watching out for this year? Here are the top three trends they should be paying attention to.

2013 Trend #1: A new emphasis on catching criminals

In 2012, Microsoft inadvertently informed the primary authors and operators of the Zeus and SpyEye crimeware platforms of an upcoming civil lawsuit. A subpoena of the defendants’ Gmail accounts prompted Google to notify the suspects about the lawsuit being issued on behalf of Microsoft and potentially law enforcement. This disclosure, ironically a result of Google’s privacy policy, included the level of attribution that had been collected over years by a working group and independent security researcher. A few months prior, the Koobface gang was outed, prompting criminals throughout the world to begin evaluating their operational security and asking themselves questions about the footprint of their digital identities. In doing so, they began to get smarter -- and harder to isolate.

In 2013, we foresee this trend continuing: international law enforcement agencies and world governments peel apart the Internet in attempts to identify criminals, including digital hacktivists, such as the Anonymous group. For example, if just a fraction of the sum of Anonymous members can be identified and tied to some of the more prevalent threats to e-commerce from 2012, it will only be a matter of time until it becomes easier to attribute specific illegal online activities to these criminals.

Read More >

For Media Inquiries

Please email

View News Mentions from Previous Years:

2018 News Mentions

2017 News Mentions