Friday, October 22, 2004


Beschissene Sicherheit

Blogspot mustn't be feeling well today, as this is the third time this crummy editing control has gone south on me (I know, edit off-line, but my thought processes sometimes work better this way).

Courtesy of Eric Olsen and mi2g, here's a charming observation about the leisure time activities of certain activists and militants (to use the terms so beloved of the weasel press):

Islamic hacking groups and criminal syndicates have caused more damage to global computer systems in the third quarter of 2004 than in any preceding quarter according to the latest study published by the mi2g Intelligence Unit, the world leader in digital risk.

The phenomenon of Islamic hacking for political purposes did not exist in any significant measure prior to the 9/11 events in 2001, save India-Pakistan and Israel-Palestine localised cyber skirmishes. International Islamic hacking accelerated throughout 2002 as did global criminal syndicate activity on the internet to reach a new crescendo immediately after the start of war with Iraq in March 2003. The last one year has seen further increases. The targets have included assets belonging to the US, UK, Australia and other coalition partners on the one hand and within the domestic environments of Russia, Turkey, Indonesia, Pakistan, Saudi Arabia, Morocco, Malaysia and Kuwait on the other.

There is mounting evidence that politically motivated hackers from amongst Islamic countries are collaborating with each other and with criminal syndicates from Russia, Latin America and China. They are devising and implementing new strategies for carrying out simultaneous attacks; subtle reconnaissance and surveillance missions including identity theft; organised crime activities to raise funds through phishing scams, spam and malware proliferation; as well as mount globally noticeable yet untraceable distributed denial of service (DDoS) business interruptions against publicly quoted household name corporations within the financial services, information technology and consumer goods sectors.

Pass me an Ativan.
5. The economic damage from all forms of digital risk manifestation - covert attacks, spam, phishing scams, DDoS, major malware, overt attacks - in 2004 has crossed $411 billion worldwide. The comparable figure for 2003 was $215 billion.

An unsurprising trend. Since I didn't read the full report (Respected Employer's Kenntnisleitungpolizei doles out access to external research very parsimoniously) I won't comment on the methodology or the numbers other than to say that on the surface they sound plausible.

Needless to say, the left and the UN would immediately blame this on the fact that Checkpoint is an Israeli company, and if the Israelis would only... (cue the bashing sophistry so prevalent amongst them). And of course if the UN decided to address the problem, it would issue several strongly-worded condemnations. Don't get me started on this one.

Reminds me of an interesting incident last year. I was doing a gig for a Major Banking Empire, and the CIO of their Capital Markets business unit, as well as the head trader asked me about the feasibility of implementing a "panic button" to isolate Capital Markets from the rest of the bank. They were much more concerned about worms than anything much else at that given moment, but the thinking was rather prescient in light of this report. Do you suppose that backbone and transit providers have panic buttons for cutting off (whether it's by filter or plain blackholing) areas such as the Middle East, South Asia, South America and Russia in the event of a major cyber offensive?

Which of course brings up another interesting scenario, the one which Tom Clancy used in "Debt of Honor", where the NYSE was crippled thanks to some backdoor code. One would think that SuperDOT is thoroughly desk checked, as well as things like CTS/CQS and OPRA on the SIAC side of things, but are they implementing security through obscurity or is it really well protected against bad code, or bad inputs for that matter. While Clancy's nightmare scenario is a bit different than the way things actually are out there (there are other venues for executing trades than routing directly to the floor after all), it's something that should be high on the agenda of things to check out.

Slightly related, here's an article from Front Page magazine on how US-based hosting providers will sell to all comers. Feh.


<< Home

This page is powered by Blogger. Isn't yours?

Technorati search