Latest Ramblings

Kids or corporations – who’s looking at your data?

July 13th, 2011 | 3 Comments

Once upon a time, conventional opinion was that major cyber-attacks required major resources, such as those available to foreign governments seeking to damage their targets. These opinions are out of step with today’s reality. Michael Chertoff, former DHS secretary, told attendees during keynote remarks at the 2011 Gartner Security & Risk Management Summit that in recent years he has seen technology evolve to the point where government resources aren’t needed to launch large-scale information security attacks.

http://searchsecurity.techtarget.com/news/2240037100/Chertoff-warns-of-growing-information-security-attacks-from-small-cyberattack-groups?asrc=EM_NLN_14170536&track=NL-102&ad=838494USCA&

Recent attacks have sometimes involved small groups or even teenagers, possibly acting alone, such as this 19-year old recently arrested in England as a suspect.

http://www.cbsnews.com/stories/2011/06/21/scitech/main20072930.shtml

Before you think this is only about teenagers, know that corporations get involved as well. The following case, (and here the corporation is not the victim but the alleged perpetrator), involves News Corporation ($32 billion in revenue) and its British tabloid News of the World.

http://www.bbc.co.uk/news/uk-14070733

Apparently, the newspaper had for years made a habit of hacking the mobile phones of celebrities, politicians and crime victims to spice up the contents of its reporting. News Corp has basically admitted guilt by their decision to shut down the newspaper permanently. This still leaves the News International paper, also owned by News Corp. who specifically targeted the British Prime Minister:

http://www.guardian.co.uk/media/2011/jul/11/phone-hacking-news-international-gordon-brown

Hackers operate under a rather murky set of ethics and codes of conduct. Corporations practicing industrial espionage may believe that the end justifies the means. Individual hackers may see themselves in a “Robin Hood” role, but who their beneficiaries are is difficult to say. Sometimes they like to be viewed as performing a valuable service, such as this group warning of a weakness in Apple’s developer website. Hard to say if this will help Apple more than it would help others immediately exploit the weakness:

http://arstechnica.com/apple/news/2011/06/hacker-group-says-apple-developer-site-susceptible-to-phishing-hacks.ars

Obviously there is no more room for complacency in today’s security world. Information piracy has evolved to a new level and become accessible to many more participants. Experts are increasingly saying that many recent high-profile breaches have not even involved any advanced or groundbreaking techniques. And now you don’t know whether to be on the lookout for a teenage intruder, or a corporation with substantial resources, who is testing the defenses of your networks.

Security administrators have to similarly step up their game.

Tags: , , ,

About This Site

What do these battleships have to do with cyber security? The large, cumbersome ships are being successfully attacked by smaller, faster boats, just like corporate enterprise systems are being raided by cyber pirates.

Categories

Archives

Calendar

August 2016
M T W T F S S
« Jul    
1234567
891011121314
15161718192021
22232425262728
293031  

TweetBottom by iMod