Wanna know the present (future) of computer security?
I've been involved in computer security for many years, and have kept an ear open for the ways people get their computer compromised.
It has progressed from viruses being attached to programs that were distributed by floppies, to Word attachments & scripts via email, to peer-to-peer trojans masquerading as desired programs, to Instant Message trojans, to web-sites that distribute spyware.
The common problem that virus creators have is:
How do I distribute my virus/trojan to as many victims as possible?
Email virus is becoming more and more secured, as hyueristic algorithms are in place on most email accounts (even free ones), this lowers the impact of email distribution.
But a distribution channel that has continued to increase, is search engine poisoning : the hacker adds many blog entries and comments everywhere on the internet they can, which quickly gets the site they want showing up at or near the top of everyday searches. The user who trusts Google's, Yahoo's, or Microsoft's results, clicks on the site and may become infected with whatever they want installed on the PC. Voila! They now have another bot to add to their zombie army.
And this zombie army is no joke - lately the criminal computer organization RBN (Russian Business Network) has become more and more powerful in organized DDOS attacks that have been damaging companies they want to extort from, and more impressively - to use their zombie army to take out websites of any organization that posts something they don't like (and we're not talking small organizations - the Pentagon, Nasa, Estonia, Veritas, and other security sites and professionals have been targeted). They even took out 8 or 9 of the 13 DNS Root Servers recently!
Basically, there is a criminal shadow organization that possesses the computing power to shut down anyone they want, extort $$$, and even rent their services to anyone that pays them.
The current picture is coming into focus - society, and government, is not remotely in control of the internet and even the largest agencies are unable to stop a coordinated criminal effort. There are roving gangs that really have the power on the internet, as long as they stay unknown and anonymous. And the RBN recently went underground, moving from Russia to China.
Maybe this is excessive attention to a known over-achieving hacker groups - but they have created a blueprint of how to make real money from their actions, and their zombie-bot army isn't going away. And anyone that can take out not one, not two or 3, but 8 or 9 of the DND Root Servers, is showing the world that the balance of power between the internet institutions, and rogue criminal gangs, has radically shifted.
It has progressed from viruses being attached to programs that were distributed by floppies, to Word attachments & scripts via email, to peer-to-peer trojans masquerading as desired programs, to Instant Message trojans, to web-sites that distribute spyware.
The common problem that virus creators have is:
How do I distribute my virus/trojan to as many victims as possible?
Email virus is becoming more and more secured, as hyueristic algorithms are in place on most email accounts (even free ones), this lowers the impact of email distribution.
But a distribution channel that has continued to increase, is search engine poisoning : the hacker adds many blog entries and comments everywhere on the internet they can, which quickly gets the site they want showing up at or near the top of everyday searches. The user who trusts Google's, Yahoo's, or Microsoft's results, clicks on the site and may become infected with whatever they want installed on the PC. Voila! They now have another bot to add to their zombie army.
And this zombie army is no joke - lately the criminal computer organization RBN (Russian Business Network) has become more and more powerful in organized DDOS attacks that have been damaging companies they want to extort from, and more impressively - to use their zombie army to take out websites of any organization that posts something they don't like (and we're not talking small organizations - the Pentagon, Nasa, Estonia, Veritas, and other security sites and professionals have been targeted). They even took out 8 or 9 of the 13 DNS Root Servers recently!
Basically, there is a criminal shadow organization that possesses the computing power to shut down anyone they want, extort $$$, and even rent their services to anyone that pays them.
The current picture is coming into focus - society, and government, is not remotely in control of the internet and even the largest agencies are unable to stop a coordinated criminal effort. There are roving gangs that really have the power on the internet, as long as they stay unknown and anonymous. And the RBN recently went underground, moving from Russia to China.
Maybe this is excessive attention to a known over-achieving hacker groups - but they have created a blueprint of how to make real money from their actions, and their zombie-bot army isn't going away. And anyone that can take out not one, not two or 3, but 8 or 9 of the DND Root Servers, is showing the world that the balance of power between the internet institutions, and rogue criminal gangs, has radically shifted.