Cyber security: the tipping point
Rick Howard, director of intelligence at iDefense, discusses how the cyber security landscape has evolved, and predicts future threats to watch out for
One of the most distinctive characteristics of the Internet is how quickly and fluidly it evolves. Technology originally designed for research and collaboration is now an everyday part of life for hundreds of millions of people. As the Internet has evolved, so have threats to its users. Now we have reached the tipping point where any modern Internet user, from a child at home to the network engineers of multinational corporations, must seriously consider how best to secure their assets.
If one drew a timeline of some of the well-known global cyber security events that have occurred since the Internet's inception., it would began with the Morris Worm in 1988. Robert Tappan Morris was a college student at the time and decided to try to build a piece of software that, he said, mapped the Internet. The experiment got away from him and soon crippled college and military networks for nearly three days. On the day his experiment went awry, Morris invented malicious code.
When the Slammer Worm hit in January 2003, it reportedly infected more than 90 percent of vulnerable hosts within 10 minutes. Before Slammer, security professionals thought they had time to react to a worm attack. Slammer, in some ways causing a tipping point of its own, changed those perceptions forever.
Looking at the lay of the cyber security landscape today, several issues are clear. The malicious actors targeting the modern enterprise are no longer just 'script kiddies'. Today's cyber criminals have formed groups, which iDefense refers to as 'cartels' for their similarity in structure and operational plan to the American drug cartels of the 1980s. These cyber cartels have focused their combined efforts on building their own infrastructure and on attacking Internet infrastructure for profit. From using Fast-flux networks to defeat phishing takedown services, to hiding behind bulletproof hosting services, to establishing entire underground markets to sell iFrame attacks, the bad guys have even fooled home users into purchasing malicious Trojan programs that claim to provide security protection.
Conversely, and adding to the richness of the landscape, was the moderate success that law enforcement had last year. This notably includes the FBI's Operation Dark Market where law enforcement officials from various countries launched an elaborate sting and cooperated to arrest several key carders. However, this bust has proven double-edged. While authorities have brought some successful cases against noted users of the illicit forum, the activity has spooked, dispersed and driven most other suspects further underground.
Cyber warfare is no longer something that might happen in the future. In 2007, Russian sympathizers launched a distributed denial of service (DDoS) attack against Estonia. In 2008, a similar group of Russian sympathizers launched a DDoS attack against Georgia, to coincide with military ground operations in a disputed area. In both cases, the events could be characterized as more of a "cyber riot" than a cyber war, but the success of these attacks illustrated that it is possible to launch cyber attacks as an instrument of war to serve a political purpose. Russian hackers, both individually and in cartels, are skilled at attacking an opposing government's infrastructure in campaigns of annoyance and frustration. With these developments, cyber warfare has gone from purely theoretical to technically practical.
Cyber espionage is also now in the open. PricewaterhouseCoopers claims that, "Corporate espionage costs the world's 1,000 largest companies in excess of $45 billion every year." In July 2007 German-based technology giant SAP admitted to 'inappropriate downloads' from arch-rival, Oracle, in the US. In September 2008, a former Intel designer who joined competitor AMD was accused of stealing Intel trade secrets. The situation is no less dire in government circles. It is almost a matter of public knowledge that the Chinese routinely compromise Western networks. The US government is so affected that it will spend billions of dollars over the next few years to shore up security concerns in a classified operation they are calling "Byzantine Foothold." In fact, many Chinese amateur hackers belong to State militias that align themselves with prominent universities. Members consist of students and educators, who perform various missions across the Computer Network Operations (CNO) doctrinal spectrum, such as Computer Network Defence, Computer Network Exploitation (CNE) and Computer Network Attack (CNA).
Cyber terrorism, too, is evolving. Most experts believe that there will be a cyber terrorist attack in the future, but it will most likely come at the beginning or end of a physical attack. This is not a new idea, but recent developments in the Middle Eastern hacker community are cause for concern: several religious leaders have issued fatwas, or official Islamic statements, that authorize the use of cyber fraud operations in support of Islam. Islamic cyber groups have already conducted cyber fraud operations against Western banks to fund their own agendas.
We are now approaching a crossroads. Either malicious activity continues to flourish online, or law enforcement begins to get the upper hand. At present, both scenarios are equally likely with competing evidence supporting each. Malicious use of cyber space has now reached a tipping point, and failure to contain its growth in the short-term will make it exponentially difficult to do so in the long-term. In developed countries, intelligence and law enforcement agencies have accepted the benefits and challenges cyber space poses to them, and they are going head-to-head with state-sponsored and criminal activity. It is possible that this struggle will characterise the way in which the Internet evolves throughout 2009.
