October 31, 2014
TK Keanini, writing on the October 30, 2014 website, DarkReading.com, appropriately on the eve of Halloween, describes three scary, but realistic cyber threat scenarios that he says, “will keep even the most hardened InfoSec warrior up at night.” Since Halloween is almost here,” Mr. Keanini writes, “I decided to share some [cyber] scenarios that keep me up at night.”
Legion Of Citizen Botnet Armies
“Most of the resources cyber criminals use to carry out their objectives are acquired through some method that results in compromised computers on the Internet. The resources remain available until the user, or organization detects and remediates the incident. But what if the user participated willingly?” Mr. Keanini asks. Instead of bad guys having to compromise hosts, what if they instead cut other people cut corporate insiders in on the profits? Given crypto currency, [Bitcoin for example] the TOR Network, and a few other factors, this could be a nightmare scenario, as we are not ready for this type of [cyber] surge in distributed networks.”
“The recruitment for this could be something like the “work from home” signs you see around your town. The work could be as easy as downloading and installing a package and could earn the host user as much as $10.00 a day. That’s $300 a month for simply someone to simply leave his computer running and connected. The average citizen is not likely to know what type of activity his computer is involved in on a daily basis.” Charles Finch, writing in the October 24, 2014 edition of
“The end result,” Mr. Keanini writes, “would be a massive number of networked computers available for distributed, denial-of-service, cryptographic brute forcing, or remote network sniffing. With the cooperation of the host, the capability list is endless, and because he’s making money, the host will be motivated to help the cyber criminals persist. Service providers and law enforcement are not ready for this type of attack. This could lead to botnet armies with the size and capabilities we have never seen before,” Mr. Keanini warns.
Crime And The Sharing Economy
“Another horror story,” Mr. Keanini warns, “if cyber criminals expand their marketplace networks..to include citizen partners. Consider coordination networks like Uber, Instacart, Care.com, etc. These services are facilitators connecting a consumer who wants something delivered within a network of people who can deliver it.”
“Now think of applying this pattern to cyber crime,” Mr. Keanini says. “On one end, there is a criminal who would like the logon credentials of a Global 2000 executive. Via TOR networking, he can go to a site where he can replace his request, submit his crypto currency, and a skilled global workforce accepts this objective and delivers it — within the terms of the agreement. This lowers the coordination cost for cyber crime to near zero and connects the demand with the supply in ways that [we] have never seen to date. Worse, because so many people are motivated by money, a service like this could turn citizens into cyber criminals — if they believe they cannot get caught; and, that they can easily make a few bucks on the side.”
“The last thing I will say about this type of participation and marketplace,” Mr. Keanini writes, “is that it would fragment security events into small, seemingly disconnected pieces…where one event might not look harmful. But, when seen and evaluated as a whole, their impact would be significant.”
Cyber -Crime-As-A-Service
“Consider a SaaS service that helped people compute their cyber crimes,” Mr. Keanini asserts. “The power of big data analytics and machine learning can compute amazing insight for businesses — and, it can do the same for criminals. Criminals could log onto a website, declare their objective, and the service would compute several alternative attack plans. This would work in the same way that travelers use GPS to reach a destination when getting directions online.”
“Cyber-crime-as-a-service, would have social networks mapped, personal information on each individual, language analysis that yields a level of trust among individuals, mapping to various accounts (some of which may have been compromised), etc. All of this would be creating a corpus of data that can lead a criminal through a directed graph leading to the objective — exfiltration of a file, ransomware, etc.”
“At the end of the day (Halloween or other),” Mr. Keanini writes, “cyber crime is a business, and profitable businesses only get smarter and more effective. It’s frightening to imagine how easily criminals could execute these types of attacks and turn my worst nightmare into an even scarier reality.”
What Other Futurists See Down The Road In The Cyber Domain; A Digital Wilderness Of Mirrors
According to The World Future Society, the “cloud” will become more intelligence — not just a place to store data. Cloud intelligence,” they predict , “will evolve into becoming an active resource in our daily lives, — providing advice and contextual analysis,” — and, perhaps the same to the darker angles of our nature. What about armored clouds, stealth and fake clouds, espionage clouds, suicide clouds, terminal clouds, malicious clouds, and so on.
Popular Mechanics predicts that “digital ants,” will protect the U.S. power grid from attacks. Programmed to wander networks in search of threats, the high-tech sleuths in this software leave behind a digital trail modeled after the scent streams of their real-life cousins When a digital ant designed to perform a task spots a problem, others rush to the location to do their analysis. If operator’s see a swarm, they know there’s trouble.” Other forecasts from Popular Mechanics, “data will be measured in zettabytes What does a zettabyte look like? If each zetabyte was a grain of sand, the sum total would allow you to build 400 Hoover Dams.”
I have other fears. The Internet will become much more balkanized,, with no-go zones, ungoverned digital space, the dark web, and a cyber militia resistance movement that threatens anything and anyone digital A ‘Dr. No’ in cyber space as well as the world’s first digital serial killer will emerge in the next decade to decade-plus. Denial and deception will flood the avatar world and the digital wilderness of mirrors could lead to fatal consequences for the digital traveler. Boo. Happy Halloween!
No comments:
Post a Comment