Security

Virtual hacks: How the dark side is morphing

In terrorism, a false threat is often far more disruptive than the real thing. Now we are seeing that same tactic in the virtual world.

We'll probably have to spend more on the virtual hacking threat than we ever have on the real one. Photo: Shutterstock

Written at London's Gatwick airport and dispatched to TechRepublic a week later from my favourite coffee shop via a wi-fi link at 22Mbps.

I can't remember a time when terrorism hasn't been a big problem somewhere on the planet. Over the years, people have perpetrated apparently random attacks and bombings with and without warning in support of their various causes.

The impact of the attacks has often been magnified by false threats and multiple bombings timed to trap people as they flee or tend the wounded. None of these tactics developed by accident.

As I stand in the security line at airports I often ask myself: who won after 9/11? The cost of dealing with the continued threat of further incidents has been enormous and continuously disruptive. But what else can we do?

Develop better security technologies seems to be the only answer, but I fear we will never return to the pre-9/11 modes of travel. So, in that sense the dark side won that battle.

A decade on and we are now seeing a build-up of similar activities in the virtual domain. Threatened attacks are now a reality. The hoaxers, disgruntled employees, digital criminals and terrorists have discovered a new tool and developed new tactics of disruption.

For the moment they seem content to attack governments, companies, and big sites, but their techniques are bound to migrate down to smaller targets including companies and individuals.

Looking to the future it seems likely that this process is going to become increasingly automated and could become a far bigger disrupter than real attacks.

We all receive those phishing attacks and blatant requests for us to confirm our banking information. All of them depend on a volume of hits to find the careless, unguarded or unknowing.

So, what can we do? Obviously we have to get ahead of the game and develop suitable strategies and defences that involve far more than firewalls and virus protection.

Continuous and automatic monitoring

We are talking continuous and automatic monitoring of network traffic for billions of fixed and mobile terminals worldwide. Creating this security will be no mean undertaking and, logically, far more sophisticated scenarios will have to be developed if and when the disruption escalates.

Personally, I prefer the ghost scenario - running real and ghost targets side by side, with seamless switchovers when an attacker strikes or a threat is posed. It just appeals to my sense of irony.

Visible targets can come and go, get damaged, only to be repaired and replaced at speed, while honeypot targets take a growing percentage of the flak.

What's certain is that a strategy of ignoring all these problems and hoping they go away is untenable. We will probably have to spend more on this virtual threat than we ever have on the real one.

So, as I stand in that security line at the airport once more, I remind myself that there are far more good neurons on the planet than bad, and at all costs we must never let the dark side win.

About

Peter Cochrane is an engineer, scientist, entrepreneur, futurist and consultant. He is the former CTO and head of research at BT, with a career in telecoms and IT spanning more than 40 years.

4 comments
dblethen
dblethen

I feel that I am well versed in Phishing - those masquarading as the IRS, every bank that I know or have never heard of, the USPS, the UPS, the "European lottery" (do you realize how many times I have "won" a million Euros?), the cable company, the phone company, ... I have, however, gotten a few e-mails lately when I asked myself - am I deleting a legitimate business e-mail simply because it "might be" phishing? And those charity callers all get the same response from me - "I'm sorry, I no longer give money over the phone to any organization". Even some USPS mail becomes suspect ("Your car warranty is about to expire!"). I think that this goes hand in hand with your theme.

peter
peter

There is no such thing as genuine, honest anything... And democratic control is an oxymoron! Guidelines are only guidelines - they are not perfect or fool proof - and life is not formulaic! Security will never be complete .....we just have to d our best!

jkameleon
jkameleon

There is no such thing as genuine, honest terrorism. > But what else can we do? There is a proven and effective way of eliminating the terrorist threat: Get the intelligence agencies back under democratic control. All we have to do is to follow the guidelines set by the European Parliament Resolution on Gladio from 1990. http://en.wikisource.org/wiki/European_Parliament_resolution_on_Gladio

peter
peter

dblethen@... = People talk about Phishing as if it were something new - truth is that it has always been with us. And I think I line up with you apart from giving to charity on line which I do a lot, especially in response to individuals I know who do something special after losing a son, daughter wife or husband. How come? Been there, done that, and making a contribution in the name of someone you lost has a certain 'goodness factor' and it is a really nice way of saying thank you in every dimension of the expression. As for the bad people - I just try (like you) to confound them! Thanks for the input.

Editor's Picks