Some thoughts outside of the political ...While at work on Friday, we had an interesting interaction with a fairly well known international hacker group. While the incident itself was normal - a little fun and frantic typing followed by lots of log reading and typing and calling soon to be very unhappy users. It was on the whole, excruciatingly uninteresting.
The one thing that was on our minds was "where is the real attack??" This group, at the height of it's power was quite good. They have broken into hundreds of computers, but are now using crappy old exploits in a place where there is no expectation of this stuff working. For whatever reason this has gotten me thinking about ruts, innovation and organized crime.
Seems like hacking groups in general follow many of the same trajectories that the old .com business followed. They start out all new and shiny - a business plan and a fridge full of free soda. A year later all the cool people have moved on to some better gig and the fridge only has the strange, off brand (clear, decaf, bubblegum flavored!!) sodas. It is a wonder that the predominant groups seem to suffer from the same issues that many of the defenders do - in this environment you must constantly evolve or you will be eaten.
No reason why this would not happen, but it does seem a little odd. To make it big you must typically either have a new tactic like automated account compromises in huge volume (think walmart), or have these boutique skillz which radically differentiate you from all the other cool kids. Time here seems to be the real killer. You have a trick that more or less works for most of the targets you encounter. Retooling is hard for everybody - attackers and defenders alike. In addition, as ones popularity increases the group tends to grow and what was once a small group of intensely talented people gets a little larger and less talented. The core group takes a rest and lets the kidz play with the tools. You get old and fat, like some IRC Jabba the Hut.
At this point the description could be for any reasonably popular small company. Or hacker group...
Into this ecosystem has stepped organized crime because Real Money can be made by those with discipline and some simple understanding of how things work. There is a palatable state of flux in the ebb and flow of computer security. What I mean by this is that the nature of the threat is changing from the ideal of the iconoclastic hacker more toward the sort of professionalism that comes with watching ROI. The individuals and small groups are still out there and doing well against some targets, but the Government is quickly learning how to hunt down and lock up these small fish.
Will the time come that I will wistfully look back on the halcyon days of rogue security threats? Probably not, as I have less and less spunk when the pager goes off at 3:00 AM. For whatever strange reason, I see little thrill in having these groups locked up. Unlike some of my fellow workers, I think that they help keep us honest and a little humble. There really needs to be consequences for their actions since system downtime directly effects the research community, but this whole approach seems fundamentally broken.
Regardless, I will quite blathering and get back to work.
No comments:
Post a Comment