How do you defend against an enemy of unseen size and composition? Every day security software and security professionals are asked to do just that. None of us really know who we are dealing with in this new age of financially motivated cyber crime.
In the latest episode of the Network Security Podcast (number 151) Martin and Rich discuss the fact that conferences like BlackHat are full of security professionals and ethical hackers. Today's true cyber criminals, if present at the conferences, lay low for good reason. This wasn't always the case. Hackers seeking notoriety in the past were happy to share their skills. The current fraudsters are in it only for the money not the fame, so we are left to learn from researchers and audit logs from known breaches ('known' being the painfully operative word). You can take hacking courses, but how close do these parallel the real skills and techniques of highly funded, organized criminals?
Compare this to the ethical side of security where there is a wealth of books, classes, certifications, magazines, blogs, podcasts and so on. If the organized cyber criminals are openly collaborating, there is little evidence. Most of the so-called 'underground' hacking sites are filled only with script kiddies like Mikey.
In the research I have seen, we have at best a rough idea of how attacks are staged and coordinated. I want to know who we are dealing with. How are they organized? How do they recruit? How are they paid? How do they pick their victims? How do they cover their tracks? What tools do they use and what do they build? We have only a partial picture in all of these areas. How do I defend my keep if I don't know the size of the opposing force and the weapons they wield?
There is an old adage in security that says "We have to protect everything where the bad guy only has to find one weakness". That is an annoyingly true axiom, made all the worse by the fact that we are being constantly stabbed in the back by unseen assailants.
I badly want to see someone infiltrate the groups behind the headline attacks and write a meaty expose. Law enforcement or the intelligence community won't cut it since they wouldn't be able to reveal the results. What we need are REAL investigative journalists who happen to be a top notch hackers and doesn't mind some jail time (or worse) if they get caught. Any takers?
This topic is something that has been playing in the back of my head for a while. From traditional warefare perspective it seems to be analogous to holding a stationary target or location against a highly mobile force, such as defense against a guerilla army. I've wondered if there are any traditional warefare tactics besides fortification that can be used.
Posted by: Bryan Tice | May 21, 2009 at 10:44 AM