Tag Archives: cyber warfare

Worse than Cheese: Scary Scenarios Causing Nightmares Now – the Five Main Issues of IT Security.

I recently found myself wondering how many interviews with the press I do every month. Of course the totals fairly helter skelter between months, but in the busier periods the number can get anywhere up to 70! And that’s only spoken interviews, i.e., those done in person or over the phone. If I were to also include e-mail interviews – the number would be just silly.

But I don’t complain. In fact just the opposite – I love interviews! Which reminds me of Richard Branson and his simple rule about interviews: “If CNN rings me up and wants to do an interview with me, I’ll drop everything to do it.” I also follow this rule – to the letter – and not without good reason.

Most interviews are what you’d expect. I get asked lots of questions, I answer them as best I can, and that’s about it.

But in a very few rare instances I get interviewed by a really well read-up journalist, meticulous to the point of hair-splitting, who not only knows all about me and KL and what we do, but also all about the particular narrow topic the interview’s about. By the end of the allotted hour I’m exhausted, the mind’s pretty much frazzled, and I feel like my very soul’s been extracted together with my long-winded answers to the sophisticated questions.

These are the trickiest and most trying kinds of interviews, but also the most useful. Why? Because during such intense sessions the gray matter inside the skull shifts up a gear or three and really gets to work, thinking in new ways and approaching familiar topics from fresh standpoints – to such an extent that after the end of the interview the momentum keeps the ideas coming, leading to all sorts of new insights. All really quite fascinating how creative cognition comes about. And all kicked-off by super-sharp reporters doing their job masterfully. Respect due. And a thank you!

Curiously, what unites such “special” interviews with regular ones is an inevitable question about the most pressing IT Security issues today – something like: “What keeps you up at night (in terms of IT Security hazards)?”! And I don’t get asked this all the time just by journalists in interviews. The question pops up at practically every IT conference I speak at.

And so: as promised earlier, here I’m presenting my List of the Five Main Issues Facing IT Security, in the broad sense of the term.

I should say straight away that I don’t have prescriptions for solving all five issues. The aim of this post is more to identify the problems, let you start to muse on them, and hopefully draw you into the fold of their ongoing discussion by raising your interest, empathy and/or sympathy!

Right, here’s my list:

  1. Privacy
  2. Internet Passports
  3. Social Networks
  4. Cybercrime
  5. Cyberwarfare

More: getting into details …

The Flame That Changed the World.

I’ll never forget Oktoberfest 2010 for as long as I live. Yes, I like beer, especially the German stuff, and especially at Oktoberfest. But I don’t even remember the beer, and that’s not because I had too much of it :) It was at that time we received the first news of a very unpleasant trend, which I had feared for a number of years. That’s right, it was the first time Stuxnet reared its ugly head – the first malware created with state backing and designed to fulfill a specific military mission. This is exactly what we had talked about at our Oktoberfest press conference: “Welcome to the age of cyber warfare!” It was already obvious then that Stuxnet was just the beginning.

Cyber Warfare

Indeed, little has changed since that September right up to the present day. Everybody had a pretty good idea where Stuxnet came from and who was behind it, although not a single state took responsibility; in fact, they distanced themselves from authorship as much as possible. The “breakthrough” came at the end of May when we discovered new malware which also left little doubt as to its military origins and aims.

Yes, I’m talking about Flame.

More: How can malware stop me from eating a fresh croissant in the morning? …

Flickr photostream

Instagram photostream

Cassandra Complex… Not for Much Longer.

Top o’ the day to ye!

It’s fair to say I’m a bit of an IT-paranoiac, and most of you will know by now I’m not one to hold my tongue about my fears of possible future Internet catastrophes, or the greed and degeneracy of cyber-wretches – plus the massive size of the threat they represent – and so on.

Because of this tendency for speaking openly and plainly I constantly get accused of purposefully frightening everyone (and in my own self-interest). But I don’t mind, even though it’s nonsense. So I’ll keep on calling a spade a spade – telling people what I think is right – regardless!

The evolution of cyber-Armageddon is moving in the predicted trajectory (proof it’s not just a matter of my frightening folk just for the sake of it); this is the bad news. The good news is that the big-wigs have at last begun to understand – to the extent that often in discussions on this topic are heard my horror stories of old practically word-for-word. Looks like the Cassandra metaphor I’ve been battling for more than a decade is losing its mojo – people are listening to the warnings, not dismissing and/or disbelieving them.

More: Five main problems for IT security …

Enter your email address to subscribe to this blog

The Big Euro Freeze & The Munich Security Conference.

A big hello from Munich!

More news, and this time I’d call it ‘The big Euro freeze’.

Europe is slowly icing over as a result of Siberian freezing weather blasting across the continent. Eastern Europe (Romania and Bulgaria) has been buried under meters of snow, the cold in Germany is bitter; in France it’s biting; England has also had its fair share and has cancelled a number of flights. I can only guess what is happening in Scandinavia and Poland. In Munich today it’s -9C, and it’s supposed to get down to -19C tonight, but the Bavarians are undaunted!

The photos are not mine, seeing as how I was at the Munich Security Conference all day. I’m a newbie here – I’ve never been involved at this level before (well, if you discount the London Conference on Cyberspace and Davos), but everything seemed to go well! I was on the roundtable, a few meetings and interviews. Here is my observations of the proceedings.

Read more: Big geopolitical players talk cyber security

Cyber-Thriller, ver. 2011

Costin Raiu, one of our top generals in the war against malware, recently published an interesting post on the ten most significant events in the security field in 2011. I liked it; and the idea of a top-ten; so much so I decided to come up with my own. It mostly matches Costin’s report, but somehow this is a slightly different view. It’s not just regarding the past year – it’s a little broader: tendencies in the security market and about security in general. An “unofficial”, non-hoity-toity view of the important stuff – both that’s with us now, or that will be soon…

And so here’s my top-ten:

1. Hacktivism
2. Militarization of the Internet and Cyber Weapons
3. Social Networks and Politics
4. The Duqu Cyber-Bomb
5. Widely Publicized Hacks and Industrial Espionage
6. Certification Authorities: the Beginning of the End
7. Cybercrime: as Romantic as Sewage
8. Android Malware
9. Mac Malware
10. Intel Taking Over McAfee – Intel-ligent Move or Epic McFail?

Read More: And now in detail…

Call for Action: Internet Should Become a Military-Free Zone.

What is the difference between a nuclear missile and malware?

It’s not a trick question – malware can seize control of a missile, but a missile can’t be used to destroy malware. With the right tools a missile can be diverted by malware, but no amount of firepower can divert rogue software once it is active.

Unlike traditional weaponry, malware can replicate itself ad infinitum. And while a missile can often be controlled in some way, malware tends to attack indiscriminately: nobody knows who it will harm, which corners it will worm its way into. On the inscrutable trajectories of the web, as soon as some black hat launches a malicious program to make some quick cash anything can happen. It’s impossible to calculate what effect it will have, what might be affected by accident and how it could even boomerang back to harm its creators. People tend to make mistakes in everything they do – and writing code, malicious or otherwise, is no exception. There are numerous examples of this kind of “collateral damage” – read my previous post about the fortunes of the Internet .

At least we are now seeing some joint efforts to combat cybercriminals.

The security industry is tightening the screws on them, and the big boys like Microsoft are getting involved. Other different non-commercial and intergovernmental organizations are joining in as well. Governments are beginning to understand that the Internet can be a highway to hell, and are waking up to the need to do something about it. So we are seeing some progress.

However, I’m more concerned about another side of Internet security. The tricks of a cybercriminal will seem trifling compared to a large-scale cyberwar on the web. Yes, you read it correctly – a web cyberwar! This is where things start getting much more complicated and murky.

These are the facts.

More > The military is gradually turning the Internet into one big minefield