Subscribe to the Free Print Edition!
Celebrating 25 Years

GCN Home > 02/04/08 issue

William Jackson | IT security isn't all work, no play

Cybereye—commentary: Principles of detection

By William Jackson

“THERE IS NO CRIME TODAY, Watson,” Sherlock Holmes used to complain when he was in one of his down moods; at least, no crime worthy of his superior intellect.

It seems coldhearted, but if it weren’t for the people who enjoy the challenge of pitting themselves against other intellects in the cat-and-mouse game of crime and detection, we would not be nearly as well-protected as we are. Fortunately, there are people in information technology security who enjoy the challenge of staying a step ahead of the hackers.

Take, for example, Uri Rivner, head of new technologies in the Consumer Solutions Group at RSA Security. An enthusiastic online gamer, he left the IT security business about six years ago to join a new gaming company. But he returned to IT security because he found matching wits with real hackers more interesting than engaging in fictional online games.

RSA recently released a report on online fraud showing that the number of phishing attacks has doubled in the past year and that they are becoming more sophisticated and dangerous. Hackers are getting better at hiding their tracks, and malware now sits quietly on many desktops. Instead of directing users to phony Web sites, spyware simply monitors a user’s activity at legitimate Web sites, occasionally injecting HTML code into the victim’s browser to solicit additional information.

“It’s becoming more affordable,” Rivner said.

“A Trojan a year ago cost $5,000. Today it’s $500, and in a year, it could be $100 or less. It’s becoming a product for the masses.”

Still, “the situation is not as bad as it looks when you only look at the threat side,” he said.

“Today, the industry is giving the fraudsters a good fight. I don’t think it will reach a point in the near future where they will give up.”

One of the reasons they keep at it — aside from the paycheck — is the excitement of the chase. Shutting down servers that host malicious code distributed to botnets is becoming more difficult. Fast-flux techniques shift quickly among hundreds or thousands of IP addresses that act as proxies for the host.

“We have had some luck with forensics work,” Rivner said. “You have to get your hands on someone who is willing to cooperate with you.

With privacy laws, that’s very hard to do.” But RSA researchers recently tracked down an infected Israeli computer they could get access to. “It was actually an irrigation computer in a kibbutz,” but it was connected to the Internet and provided a copy of some redirect code that helped lead them to a malicious host.

The Rock Phish organization, a group that provides services to other hackers, was once located in Russia, where it was believed to be untouchable by authorities, but has recently relocated to the Philippines.

Why did they move? “I do know why, but I’m not at liberty to say,” Rivner said. “I can say their supply chain was disrupted.”

As long as there is a Prof. Moriarty to challenge them, we will have bright minds working just as hard for us on the other side of the hacking world.

The game’s afoot!

More news on related topics: Communications / Networks, IT Security, Web Strategies



GCN Popup