Print
Discuss
Send to friend
RSS feeds
You would laugh at me if I suggested that I could predict what you're like by finding out where your parents were born. And yet this is often exactly how we treat people ð and programs.
What we should do is judge them by how they behave. In the case of humans, there's a risk attached to this: a suicide bomber can't be captured after the first attempt. With software, however, things are very different.
The world is full of stories of people who have been refused entry into the US, not because they are in any way suspect, but because they come from the wrong part of the world.
Reading these stories, Europeans (and other non-American nationals) are astonished at this naive approach, which assumes that anybody living in the US must be a fervently patriotic defender of the union. And yet, most security plans behave in much the same way.
Increasingly, our systems are being compromised by organised criminals who take advantage of this. The biggest victims, say my sources in the security arena, are internet gambling sites. "They are approached by enforcers, who ask them for money ð protection racket money," said one.
"They refuse; the syndicate then launches a devastating denial of service attack on their servers, closing the site down for 24 hours. Then the request for money is made again, with the observation that 'You wouldn't want that to happen during the World Cup, or the Grand National, would you?'"
I've even been told ð and my source is one I trust ð of merchant banks that have caved in under these threats. The threats are effective because the world's PCs are protected against viruses, but not tunnelling exploits.
I had first-hand experience of how effectively a network of PCs can be protected from tunnelling Trojans at a recent Microsoft conference in The Netherlands.
There, a year after the same conference had its wireless Lan knocked out by just a few worms, the network guru was able to maintain a clean campus by watching for the characteristic packets which the worms send out.
As soon as one of the machines on the network started producing signature packets ð and they are instantly recognisable ð the machine involved was isolated.
According to Richard Buchanan at Wild Packets, this approach is definitely the way forward. He sells ordinary, humble network sniffers and he said this is what security consultants are now buying for protection.
As with the Microsoft network, they no longer rely on a search of the hard disk for known viruses, nor do they assume that if they block them with firewalls, they'll be safe. Instead, they watch the network for signs of bad behaviour.
The truth is that the image of a hacker as a spotty kid alienated from adult society is obsolete. Instead, it's a farm of programmers working for (mostly) the Russian Mafia. And instead of being merely mischievous, they are out to tax the computer world.
There are signs that the world's security forces have lost the battle. "They are six months ahead of us," said one white hat penetration tester.
"We can block them now, but we know that as soon as we're successful, they'll have something else for us. For example, we know of 10 successful tunnelling exploits which don't rely on viruses, worms or any other security breach that most of our protection systems understand. We've even seen a tunnelling exploit that uses the 'ping' channel, ICMP."
I've spoken to a couple of ex-CIA people in recent weeks about this. They never let anything slip unintentionally, so I have little doubt that I'm repeating what they want me to repeat when I say they seem certain that the CIA can, if it wants to, match the Mafia in this area.
They say that even the hardest encryption with the longest keys used by commercial and banking IT would be transparent to the Agency technology ð in a few seconds, not the months or years that are usually published.
Do we believe them? Frankly, your guess is as good as mine. There's bluff, double-bluff, counter-bluff. It's long been taken for granted that the giant intelligence agencies like to be able to read the secrets of diplomats attached to smaller embassies.
And to make this easier, they claim to be unable to crack crypto that in fact, they can read as fast as HTML. So why, then, would ex-Agency people claim to be able to crack stuff? Carelessness? Disloyalty?
I don't think so: I think a game is being played. But from our point of view, as PC users, what really matters is that there is a real threat to commerce and industry, and that it is posed by compromised PCs.
And in that battle, a firewall is necessary, but not sufficient. Programs on your hard disk can reach out to the internet. They can, and do, dial fake internet service providers in Bolivia over premium-rate phone numbers. They can, and do, attack specific web hosts in concert, closing down the sites.
The message is that screwing down the firewall tighter may not be the solution. A new generation of security devices may have to be born. But despair predicts that a new generation of compromising technology will leapfrog them. Can the PC survive? I wish I knew.
del.icio.us
Digg this
reddit!
