I decided to post this here rather than in the forums, as it would likely be more appropriate as an extension of the Information Warfare thread if posted there. For my Cybercrime class, we have to write a paper about any topic pertaining to computer crimes or information warfare. I am really interested in learning more about Advanced Persistent Threats, which were brought to my attention following the recent Operation Aurora attacks. (Yeah, I know, how can I research Information Warfare and totally miss that until now?) My research thus far has turned up several sources I cannot use (wikipedia, blogs by people who are not considered to be experts, classified govt/mil documents I cannot access, etc.) I have found a few things here and there from Wired, Dark Reading, SANS, Mandiant, and several other sites that I can use, but most of it is the same basic information in a different form and is not detailed enough for my paper. I have seen a few scheduled webinars and presentations on the subject, but most of them will take place after my paper is due.

In addition to the information I already have, I am trying to find out how (forensically) these attacks are discovered and defining characteristics that cause them to be categorized as an APT. Anything short of the source code would be great. I am also looking for strategies for preventing these attacks. Obviously a lot of the traditional security mechanisms do not detect or stop these things, and most of the "recommendations" I have seen thus far are the same defense-in-depth strategies and employee security awareness training programs that should already be in place anyway.

Here is a basic outline of what I wanted to include in the paper:

- Intro and overview of what APT are (got it)
- Implications - a few generalized examples of how they can be used for industrial espionage and information warfare (got it)
- Case study of Operation Aurora (got it)
- How to recognize an APT attack (forensic discovery of and characteristics/signature traits that distinguish APT from other attacks) (need more info)
- Strategies for protecting against APT attacks (need more info)

If you have more information about APTs, have contact with someone who knows a lot about them, or know of other non-classified resources I have overlooked, then please comment or PM me. If you or a colleague have planned to do a presentation or release a white paper on this subject and are willing to help, if necessary I can make arrangements with my professor to ensure that only she and I have access to my paper prior to the public release of your information. I actively look for new news, blogs, etc. on this daily, but if anyone is willing to assist in alerting me to something I have missed, I would really appreciate that as well. I habitually check Wired, Cnet, and Dark Reading daily and subscribe to SANS News Bites, so I will probably have any information released by or cited by those outlets.

This semester just started on February 1st, and I am trying to get ahead on my homework assignments and research papers as I will have to deal with a few "life interruptions" in the next several weeks - namely moving to another state (and all the things that implies) and helping a soldier readjust to somewhat normal life post-deployment.