VeriFone Secure Retail Payments

News

Click here to access the main News page and view a listing of all available articles.

Defending Against The Modern Cyber Criminal
www.NCCMembership.co.uk - 06/05/08

When you look at the evolution of cyber crime, it is clear that day-by-day, businesses and consumers are facing even more serious threats to their security. Phreaking, hacking, viruses, worms and identity theft. What's next asks Jim Doherty.

Before looking at what's next, we must take a look at what's now. One of the more troubling aspects of network security is that threats change well ahead of IT's ability, or sometimes willingness, to adopt new measures. First a threat emerges and then the IT community responds. By then, the bad guys are already looking for a new weakness to exploit. There may actually be hundreds or even thousands of hackers looking for new ways to penetrate perimeter defences or operating system loopholes. Once an exploitable weakness is found, the methods to take advantage of it are distributed and the race is on for IT to plug the hole.

Previously, the back and forth battle between hackers and IT departments was led by a group of disconnected loners on the hacker side of the fence. Typically under resourced and by their very nature secretive, these hackers went after whatever targets of opportunity they could find. Tips, tricks and best practices were shared, but hacking was more of a social function than a directed attempt to accomplish a mission objective.

Unfortunately there is a very troubling trend emerging in cyber crime; a trend that may actually tip the scales in favour of the hackers. The hackers are uniting and forming organised groups. These groups are well funded and are staffed with large teams who may have higher skill sets than your IT department. They are likely to go after a specific target and have a project plan with a goal and milestones along the way.

So who are these criminals?

It is important to understand who these criminals are and, more importantly, what do they want and what can you do to stop them?

Organised crime

Forget about Tony Soprano and his stranglehold on the Sanitation Workers' Union. The gangster you need to be worried about is Sergi Ivanov and his band of Romanian hackers. Over the past few years, Eastern Europe has emerged as the epicentre for identity theft. Through spear phishing, database cracking and a variety of other methods, these groups are stealing your customers' credit card numbers, social security numbers and mother's maiden names. Stolen in bulk or one at a time, this information is sold on the black market for a high profit. There is even an eBay of sorts for stolen credit card numbers.

Outsourced IT chop shops

Remember those hackers we used to be worried about? A lot of them were teenagers operating out their parents' houses. Well they grew up. Some of them never got the hang of the nine-to-five job, but they have bills to pay now. Why not just use the skills they've acquired and get paid for doing what they love to do: hacking. In fact, there's a booming economy out there for 'hackers for hire'. These groups have their own conventions and job boards just like legitimate IT contractors. So unlike before when these hackers would look for just any old system to hack into, now they have a specific target to hit and are being paid good money to hit that target. Worse is that they are working in teams; some may even have performance incentives built into their job contracts.

Foreign governments

As if the idea of organised groups of hackers wasn't scary enough, there is now growing proof that some governments are in on it too. Even with all the hackers out there, some people feel safe because there are so many targets available, allowing you to 'hide in the crowd'. What happens, though, when a government with seemingly infinite resources at their disposal starts to monitor all the data moving across their networks? Hiding in a crowd no longer works because every last bit and byte moving across a WAN can be sniffed and stored. Pattern recognition programs can be used to weed out the data that may be valuable to someone, whether it's financial data, intellectual property or strategic plans. If Chinese hackers (assumed to be backed by the government) are able to breach the Pentagon's network, it's a good bet that they are sniffing packets on China's telecom networks too.

Now for the really bad news

The really bad news in all of this is that most companies still don't get what these hacker groups are after - and because of this, they make it easy for the hackers to retrieve the sensitive data. Companies are just about handing over the data on a silver platter.

The hackers don't care about taking down your network or disrupting your e-commerce solutions. In fact, they want your network to be up and running because when it is, you are moving data around on it, lots and lots of data, which is exactly what they are after. Your data is worth money. Your data is what they want.

'But I have data protection solutions installed,' you say. 'I have IDS and firewalls,' you shout. And the hackers smile because they won't bother breaching your network (unless you leave the door wide open). No, instead they will monitor the WANs and wait patiently for you to send the data beyond the firewall and other perimeter-based defences; over the service provider network you think is secure; and then maybe even over the Telecom system where the hackers have an inside guy or even completely own outright. Ultimately, the data arrives at the destination and gets safely brought behind another set of perimeter defences. The data is all there on the receiving end so nobody has stolen it, right? Wrong. As soon as the data leaves your perimeter, criminals can siphon it right out of your hands. If you are not protecting your data 'between the rings,' that is, as it moves between the various perimeter defences you have set up on all your LANs, then you might as well just send the criminals a disk with the data on it. It would save them a step, which they would surely appreciate.

So what can you do about it?

The first thing that any IT group can and should do is to recognise that these criminal groups are after data, not the network. Therefore, any and every security strategy should have data protection as its primary purpose. Firewalls only keep people off your LAN and for the most part can easily be breached. IDS systems do not protect your data; they just let you know when the rest of your security solutions have failed.

IT groups can get ahead of the game and break the cat-and-mouse cycle by adopting proactive security measures. If your security solutions are set up to alert you in the event of a breach, it's already too late. Organisations should deploy solutions that keep the bad guys from getting your data in the first place. Encryption is especially effective here because even when hackers get access to the data stream (and you never really know when they do, especially 'between the rings'), the data is useless and worth nothing. The best protection you can ever have from data thieves is to have nothing they can profit from. You have two choices: stop moving data around or encrypt it.

The author

Jim Doherty is the chief marketing officer of CipherOptics, a Raleigh, US-based encryption solutions provider.

Click here to access the main News page and view a listing of all available articles.