OTTAWA — Security threats are getting harder to identify now that hackers are fleeing to the digital underground, presenters told the audience at Cyber-Sabotage 2002 conference Tuesday.
Kirby Kuehl, an information security architect with Cisco
Systems in San Francisco, says ‘script-kiddies,’ or teenage hackers who run automated programs to attack corporate sites, aren’t bragging as much as they used to about their exploits in IRC chat rooms. He cautions that elite hacking groups like the ADM CreW have clammed up about what they’re doing altogether, which obviously makes it harder for companies to predict how future network attacks are going to arrive.
“They (hackers) aren’t sharing their information anymore, so you have to have some method of collecting that information” without the culprits ever knowing,”” he said in an interview prior to his presentation.
Results from a Global Computer Security Survey from the Internet Security Alliance were tallied Monday and presented at the conference, which showed that some companies still don’t take security threats seriously.
Thirty per cent of the security specialists who responded said their companies still didn’t have adequate defense measures in place. One third of respondents also said security wasn’t a visible priority at the executive or board level, and 39 per cent said their plans weren’t communicated to or reviewed by their company’s top executives.
At the same time, 88 per cent of respondents said their firms view security as an important issue, up from 82 per cent this time last year.
“That means we’re not getting (the importance of security) through to the businesses we belong to because of that inability to get action” on security issues, said Rod Wallace, Nortel Networks’ network security director and the alliance member who presented the findings.
But the HoneyNet Project — a non-profit research organization Kuehl belongs to — seeks to help companies concerned about security. The group hopes to understand what hackers are up by deploying honeynets: network applications set up on ISPs around the world to attract probes and attacks.
Since honeynets constantly move around, they are almost impenetrable to detection. That allows the three-year-old project to monitor new tools and techniques hackers are using in their day-to-day mayhem.
The organization doesn’t try to prosecute hackers unless they catch a major crime in progress. Instead, they hope to stay invisible and share the forensic techniques they learn from hacks. Kuehl says they have already caught a remote-controlled backdoor denial-of-service attack in the wild and made its binary code available on its Web site.
Kuehl suggests that old problems like Code Red might begin to cause problems again if left unchecked — based on what the Honeynet Project is finding.
“There are old worms on the Internet that could continue to compromise (security) systems, … and those are very powerful in the hands of script-kiddies,” he says.
In fact, the threat of unsophisticated hackers running old automated attack programs was a major point of concern raised by Wallace. He says naïve hackers “can get their hands on stuff not knowing what they’re doing with it,” which could open up an entirely new can of worms for the industry.
Of course, one solution to problems like hacking is to give law enforcement more tools to go after blackhats — or malicious hackers.
Peter Csonka, deputy head of economic crime for the Council of Europe, spoke to the conference via Internet link-up from France about a new treaty that would give European countries greater legal powers to prosecute cyber-criminals.
The European Convention on Cybercrime was adopted in November 2001 and has been since signed by 33 countries, including Canada. Csonka says the federal government played a major role in shaping the treaty, even though Canada is not a member nation.
If the treaty is ratified by five states — including three Council of European states — it will go into force. If it does, police agencies will have greater authority to fight crimes involving child pornography, network security and copyright violations, so long as human rights, privacy and technology industry interests are respected.
Cyber-Sabotage 2002 continues in Ottawa tomorrow.
Comment: [email protected]