Computerworld - Recent security incidents at my company have gotten me thinking about the state of information warfare. Electronic break-ins are progressing in a direction that makes me fear that the nature of the threats is changing.
Only a couple of years ago, incidents were largely virus- and worm-related. Although an outbreak of network-borne malware could bring a company's IT infrastructure to its knees, sometimes for days, those were never targeted attacks.
Most were simply the random exploitation of flaws in popular operating systems, browsers or software, perpetrated by what we imagined were (and what usually turned out to be) bored teenagers with too much time on their hands and access to rootkits, exploit code and virus-creation tool kits. Random malware just floated on the electronic breeze, sort of like -- well, like a virus.
At issue: The threat landscape is constantly changing.
Action plan: There's no way to know what will be thrown at you; just be prepared for anything.
Then, the landscape changed. I started seeing manually executed attacks. At first, they were either practical jokes perpetrated by someone who knew the victim, or random poking around by somebody in proximity to the target. That was the first major change in the attacker-target relationship -- the attacker had some connection to or familiarity with the target. The motivation was the pride to be gained by proving one's skills.
In one investigation, I determined that the target -- whose workstation had suddenly started giving him a message that he was "0wned" -- was the victim of an intradepartmental contest of pride between two systems administrators. Sadly, this now seems harmless.
I first ran up against an international attack three years ago. Some of our company's laptops were storing large data files that upon investigation turned out to be DVD copies of movies that were still in the theaters. We eventually discovered how this had happened. On those laptops, our IT department had rolled out a sales force automation package that relied on database software whose administrative password was left blank and whose administrative command set allowed full access to the laptop.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
