Search This Blog

Tuesday 6 October 2009

Phishermen's Blues...



Most people will remember the news that came out this week about how a fake Microsoft Hotmail page was replicated and 10,000 email passwords were stolen in some kind of elaborate phishing scam and 10,000 email passwords from other web email provider's customers were also affected e.g. Gmail and Yahoo. Apparently up to 21 million email users could be affected by this.

I saw this article in The Bangkok Post today. It says that the next global war (and this time I don't mean the "global war on terror" so happily espoused by George Bush and his cronies!) will not be fought on a battlefield but in cyberspace! Wahoo!

According to the article, at the ITU's Telecom World 2009 fair in Geneva people are queuing up to cast all kinds of negative predictions about what will happen with cyber attacks in the not too distant future. According to Hamadoun Toure, the secretary-general of the International Telecommunications Union, "Loss of vital networks would quickly cripple any nation, and none is immune to cyber attack."

This seems a little dramatic to put it on a par with world wars and give us a Doomsday scenario e.g. call it the next WW3? However they do at least provide some evidence for their assertions. For a start, they highlight the absolute dependence on technology for all developed as well as developing countries to the point were any disruption of business and services is vital and will result in calamities not to mention huge loss in revenues.

According to Hamadoun Toure, many countries have become "critically dependent" on technology for commerce, finance, health care, emergency services and food distribution, so any disruption will affect some or all of these and in major ways. Because of these reports, many countries are hiring additional experts in this field of cyber attacks. IN the USA, they are hiring 1,000 extra security experts. US Secretary for Homeland Security Janet Napolitano said Thursday that she has been given the go ahead to hire up to 1,000 cybersecurity experts to improve the United States' defenses against cyber threats. In S. Korea they have gone a lot further and are hiring 3,000 such experts what they are calling "cyber sheriffs". Why? "to protect businesses after a spate of attacks on state and private websites."



Many people believe that the main reason for the ease with which cyber atttacks can be launched is because of software protocols that have changed little since the 1980s when a lot of software rules were established.

"Experts say that a major problem is that the current software and web infrastructure has the same weaknesses as those produced two decades ago."

According to Cristine Hoepers, general manager at Brazilian National Computer Emergency Response Team,"The real problem is that we're putting on the market software that is as vulnerable as it was 20 years ago."

She suggest that if we want to seriously tackle the problem we need to educate ICT students at university level to be aware of these limitations on current software and help them design new ways that will help protect the security of future software based systems.

Somehow, I think this seems all a little bit too easy to eradicate such a global problem. In the same way that criminals have always been one step behind new security measure for forging banknotes, or laundering money, or breaking security codes using technology to get password, so the new crop of cyber attackers will be just one step behind and when as in the case of Microsoft above, they take their eye off the ball for a brief period, the cyber attackers will strike.

Do you feel any safer with your online bank account now after reading this? I certainly don't!