Fredric Morris
Editor-In-Chief
Connect-World
“Comes the storm…”- winning or losing the cyber-security battle
Trying to keep track of the cyber-security question is a bit like watching a ball game where no one, even the players, knows the score. The security companies all huff and puff about the difficult battle they are winning, but the bad guys just don’t seem to stay down – they get flattened into pancakes by the steamroller, get up, and keep coming. It’s Looney Tunes all over again.
Surfing the web, I came across some predictions by Symantec’s Director of Emerging technologies, Oliver Friedrichs, concerning the biggest security problems for the coming year. The scary list includes:
* Bot evolution – decentralised, peer-to-peer hacker networks built from co-opted PCs exemplified by the so-far undefeated Stormbot network;
* Web threats: known trusted websites infected with malware – malicious code that attacks site visitors;
* Mobile threats – Hackers and crackers will certainly target mobile threats. The Apple iPhone, Google’s ‘GPhone’ Android software, Microsoft Windows Mobile and other platforms that offer kits to applications developers will be hit. Financial services, such as online banking, auctions and funds transfer applications will certainly be among the targets;
* Virtual Worlds, especially those with virtual property that can be sold for real money and sites where personal information can be obtained from unwary users will be especially sought out by hackers;
* Presidential elections – According to Mr Freidrichs, during the last US presidential elections, there were phishing attacks and denial of service attacks aimed at certain candidate’s sites. This election, according to statements on the Web, he expects a number of ‘typo-domain sites’ will mimic the candidate’s sites. If someone mistypes the official site address they might accidentally open a false, look-alike, site. Some will donate money to the campaign through the false sites, so, “when contributions come in, they’re either pocketed or contributed to someone else’s campaign.”
The director of antivirus research for F-Secure, Mikko Hypponen, according to ZDNet UK, claims that the database of malicious code it has built over the last 20 years has doubled since the beginning of this year. That is an astounding number; I am sure they have not been sleeping for 20 years.
Spending an hour checking security-related sites on the Web is enough to convince one that the crooks are getting bolder, more sophisticated, stronger, richer and harder to find. Companies and individuals alike are being taken in, used and abused.
What happened to the nerds who hacked for fun and prestige and the geeks who cared only about their technical prowess and their membership in the elite hacker community?
The malware industry is more daring, audacious and commercial than ever. Those that know where to look can buy enough malware software and services online to go into business for themselves. Some hacker software is sold as legitimate tools, to find vulnerabilities and check the security of a user’s own system – and some people actually use them for this purpose; many others, though, use these tools as weapons for less innocent ends. Really nasty stuff, I’m told – I didn’t find, or at least recognize, any of this myself – is also available online.
A lot of effort goes into hiding the traces of illegal activity, so the hacker/cracker and malware sector of the economy is not easily measurable, but it seems obvious that it is growing by leaps and bounds and is siphoning significant amounts of cash into its coffers.
The site of the CSI Computer Crime & Security Survey for 2007, states: “The average annual loss reported more than doubled, from US$168,000 in last year’s report to US$350,424 in this year’s survey. Reported losses have not been this high in the last five years. Financial fraud overtook virus attacks as the source of the greatest financial loss. Virus losses, which had been the leading cause of loss for seven straight years, fell to second place. Of respondents who experienced security incidents, almost one-fifth said they’d suffered a ‘targeted attack’, i.e. a malware attack aimed exclusively at a specific organization or targeted group.”
An acquaintance of mine who claims to be an old-time ‘do it for the glory’ hacker who has even tipped off software manufacturers about vulnerabilities in their systems, says that “virus and Trojan kits” often come from the developing regions of the world. He assures me that, despite their dubious origin, some even sell technical assistance contracts for their products. Much of this business is conducted via Internet relay chats (IRCs) and forums where boasts abound. Spammers are a big market for the hackers’ services. They need all the help they can get to sneak past the increasingly sophisticated anti-spam defences deployed in recent years.
Spammers can buy or even rent, so I’m told, a wide variety of sophisticated software to torment us all. The Internet-based malware supermarket has a variety of services and tools for botnets, phishing, denial of service attacks, Trojans, worms, anti-detection software and much else besides. Indeed, you can find just about anything you need to intrude, take-over, borrow, trick, or steal can be found, bought or hired on the Net or through the IRCs. Russians hackers are said to be the scourge of the Net; they offer everything, often at very low prices. There is also an open market in stolen credit card details. Credit card details, according to several Web reports about the ‘industry’, cost very little – less than one dollar per card in bulk quantities. Enough information to get away with identity theft costs less than US$100.
Organised crime, it is said, is often involved in online schemes; it can be more profitable and less risky than traditional crime.
Of all the threats in hacker/crackerdom, the ‘Stormbot’ is possibly the most nefarious. Named after the subject of the email it was first sent out with, “230 dead as storm batters Europe“, thousands of variations of the same ‘bot’ have been sent out since it was first launched in the beginning of 2007.
A Botnet is a network of sorts comprised of software robots – the ‘bots’, which are bits of software that travel automatically through the Internet carrying out their own programmes. Hackers normally use groups of ‘Zombie’ computers to disseminate the bots. The Zombies have been taken over, without their owners’ knowledge, by malware programmes call Trojan Horses, backdoors, worms and such, and can be remotely controlled by the hacker to spread and control a great variety of viruses, spam and bots. The use of Zombie computers makes the source of the attacks they spread devilishly difficult to spot.
The Storm botnet supposedly consist of more than one million co-opted computers tied together in dynamically changing configurations. Since the servers that control ‘Storm’ constantly change their names and location within the botnet’s peer-to-peer network, they are exceedingly difficult to find and stop. The botnet’s commanders have launched denial of service attacks against security experts that have tried to find and neutralise (kill) the bot’s control centres.
The bot’s controllers are very sophisticated – some of the communications with the bots use encryption and they can generate hundreds of functionally different versions per day. Security vendors and law enforcement agencies have not yet been able to get a fix on the ‘Storm’.
While writing about the ‘Storm’ just now, I recalled one of my professors dramatically quoting a line from an anonymous Anglo-Celtic poem. I checked the only words I remembered – “When comes the storm”, on Google and found it at once. The poem is bad, even worse than I had remembered, but – when comes a Stormbot – it can be far worse.
Still, the complete line from which the words I remembered came is strangely prophetic: “When comes the storm of rain, and gusty air / your secrets close are scattered everywhere.”
____________________________________________________
Our next Connect-World Asia Pacific issue will be published later this month. The issue will be widely distributed to our reader base and, as well, at shows where we are one of the main media sponsors such as: PTC, Hawaii, USA, 13-16 January 2008 and Carriers World, Hong Kong, 11-13 March 2008.
The theme of this issue of Connect-Word Asia Pacific will be: Broadband – network strategy for core and access.
Broadband is the game, the future of telecommunications – wired and wireless alike. What are the today’s best growth strategies? How do you pay for the buildout? How do you fill the pipes later? How do equipment manufacturers, the software developers, content providers, regulators and, yes, the users, fit into the new environment?
Asia-Pacific I 2008 Media Pack; Click here