Remember meForgot password?
    Log in with Twitter
Blog Posted in avatar   James Duval's Blog

Virtual Reality: How Real World Resources Will Determine The Security War

By James Duval
Posted Dec 4, 2012 in Technology
Real world resources have been having an increasingly large effect on the underbelly of the virtual world for some time now. This is most apparent in the proliferation of bitcoins, which rely on the power of the user's computer (and thus their real world income) to generate virtual currency.
Recently, however, the proliferation of increasingly sophisticated malware attacks on individual user, government and company security networks alike have highlighted the weaknesses of traditional security software. This, in turn, has forced companies to rethink the way they approach security – and in some ways, the approach is reminiscent of cryptography such as Enigma from as far back as the 1930s and 1940s.
This is the origin of Juniper's Mykonos security software, which recently made the news for its 'soft' security tactics, protecting sites from malicious hackers by making them waste their time and resources with what Juniper refers to as 'tar traps'.
In broadly simplified lay terms, Mykonos creates decoys which hackers will, typically, target. These decoys mean that you don't generate false positives, as if you're exploring the sorts of areas that Mykonos covers; you are definitely looking for vulnerabilities.
This means that if you are a hacker targeting a website, your first move is vital. If you accidentally trigger one of these 'tar traps', any breakthrough you make elsewhere is pretty futile as you will have been logged and locked out by the Mykonos software.
More importantly, it's a fundamental change in how security software works. From being a primarily defensive area, with holes being filled in as needed, it becomes an aggressive area, where the hacker is the one who has to work and pay through the nose to figure out what 'weapons' the target has, rather than the defender trying to figure out what 'weapons' the hacker will have.
Bypassing the software seems to be less based on computing power than on human ingenuity and resources (staff size, insider knowledge of the specific software or specific hardware involved, free time). This makes it too expensive to attack a website, when you're considering the gains you might get from it.
The problem with a cost-benefit analysis is that sometimes the benefit outweighs the cost to such an extent that any amount of staff, purchase of trade secrets or number of man-hours is considered worth it.
For instance, if a superpower considered a country to be threatening nuclear war in the middle-distant future, it would probably be able to throw department upon department of staff at the task, rendering cost-benefit analysis moot.
The difference here is that any organisation with enough dedication and real-world resources to achieve something like this, is likely going to have access to even more sophisticated "physical hacking" techniques, and would probably have some way of influencing staff on the inside of your major company or organisation.
In the future, I suspect hacking will be a lot more resource-intensive, to the extent that all but the most trivial of operations will be out of reach of all but the best-funded organisations and collectives. I would guess that, due to changes in the way security software works, only the resource-rich will be able to attempt to hack at all, resulting in ever-more-predictable patterns of attack as organisations get larger, more bureaucratic, and more unwieldy.
In other words, I'd say that thanks to violations of security such as Stuxnet and Flame, the long-term view for the security world could be looking healthier than ever.

More about Hardware, Servers, Security
Latest News
Top News