Monday, January 5, 2009

State of IT Security - 2009 Prediction

If you're looking for a list of the top x things that someone is predicting will happen in IT Security, this is the wrong post for you.

From what I've read, there is a lot of predicting going on regarding the "complete disruption" of the Internet infrastructure given the vast numbers of low-level attacks and vulnerabilities that have been discovered. One article even predicted an "eBomb" as quoted below:

David Maynor, CTO with Errata Security, says '09 could be the year when the first large-scale and widespread attack occurs on the Internet's infrastructure. "I think with the [hacking] work being done on Cisco and routing gear in general we'll see the first wide-scale 'e-bomb' that will break peering between ISPs and make large portions of the Internet unreachable," Maynor says.

Most likely it will be a denial-of-service attack, he says, that will "break" sections of the Net.

There is a reason this is unlikely in the general Internet at large. An attack against the Internet infrastructure that "brings down the Internet" simply doesn't make anyone any money, in any practical way. While it may be beneficial to DDoS a competitor or wreak this type of havok for other reasons, they all eventually break down to finance. Someone, somewhere, made money on that attack. Denial of Services (DDoS) on a large scale simply isn't fruitful.

If the chronology of attacks over the past year, or further, should teach us anything it's that everything is based on someone making money in the end. Money drives hacking as much as it drives prostitution, illegal gambling, or other illegal activities so while it's natural to think that the culmination of vulnerabilities will eventually lead to an attack that will completely shut down all Internet communication and disrupt service for days or weeks... that's just not likely.

That sort of attack may be be possible, but in a slightly different form. A disruptive attack may very well be coming against things like governments or internal critical infrastructures (such as SCADA systems?) This was already demonstrated once in a 2007 attack against Estonia. I can only speculate what kinds of attacks may be cooking in the dark corners of the minds of malicious individuals which could potentially disrupt governments, critical infrastructures, or other systems to cause chaos - but chaos even has a goal.

While the disruptive attack may very well be on the horizon for some portion of the Internet infrastructure... I personally feel it's very unlikely it'll be against the whole of the Internet ... without targeting some entity in particular... and I'm willing to bet that the end-game will involve making money somehow.

1 comment:

Gunter Ollmann said...

I'm 90% in agreement with you there Rafal. As far as the cybercrime element is concerned, it doesn't make any financial sense to cause the Internet to flatline. Sure, some could argue about extortion attempts - but that's a bit like a Bond super-villain seeking "one billion dollars!"

Parts of the Internet could probably be closed down by attacks in 2009 (for a short time) - but it would be a much more localized problem - not global.

The "Internet" has grown organically (with all the faults that entails), but like any organic beast it become rather resilient to adversity - intentional or not. For example, even when 3 of the 4 critical communication cables between South East Asia, the Middle East, and the "rest of the Internet" were physically broken in two, the data highway kept on ticking. Granted that may have been at a slower pace than before in some of the affected regions - but, from a local perspective, local resource access was just as fast as before.

Fanciful predictions make the news and become best sellers. It appears that too many want to become the next Nostradamus of woe and worry.