The Bad Guys, where are they and what are they doing ?
We are nice. We mix with other nice people. We are too nice.
We need to spend more time thinking about what we would do if we were really really bad. I hasten to add that this in not my idle thoughts on an alternate career (honest!), merely that if we are to thwart the bad guy we must do some alternate thinking.
I have had three particularly worrying, but interesting discussions in the last couple of weeks. No names and all that, but here they are.
1) A potential customer for netReplay employs a few thousand staff and currently has one (quickly former) member of staff in prison awaiting trial on terrorism charges. He (allegedly) was running a web site that was raising funds for a terrorist organisation. Now I wonder how much time he spent using his employers systems, networks, storage, bandwidth plotting to destroy his neighbor's families. The bad guy was in the next cubicle. Scary in the extreme.
2) A partner of Chronicle's has a customer whose internet traffic network they monitor. The customer is a metropolitan city council. The strange thing is that messages are regularly and systematically going to IP addresses in Eastern Europe. There is no legitimate reason why this should happen. They plan to use netReplay to log and replay the traffic and find out at least what's inside the messages. So think bad thoughts. Details of home owners and their taxation could be useful. Councils collect tax, and also give it back. Maybe there are a pile of false addresses claiming rebates. We shall see, once we have netReplay installed. The bad guy is miles away and he or she is stealing your taxes or getting information about you to steal from you. Hopefully we can help capture the forensic data to pin them down.
3) They are out to get you; yes you (singular). Some of my friends who deal with the more shady security services have told me of a new trend. We tend to think of internet crime as rather blind; a blanket blast to find a weak spot, and so long as you are not too dumb and have the latest patches you are OK, right ? Wrong. The bad guys are targeting individuals. Who is the chief designer for that electronics company; could be good to get his data. Who is dealing with the big M&A deals in an investment bank ? Early knowledge of a bid could is very very valuable. Who is on the bid team for the xyz deal ? If you are the competitor and have few scruples then well worth targeting the key individual. This has been reasonably well publicised, its even in wikipedia; check out Titan Rain ; talking to those affected the personalised nature of the attacks is really alarming.
So if you are bad, how do you find those key individuals ? Go through their trash ? No, dummy, use search engines, blogs and social networking sites. Much easier, and don’t get last nights dinner on your hands, and if you are smart (which they are), you can write software to do it for you.
The really scary thing here is that they will be absolutely determined to make sure you don't even know its happened. You won't even know the bad guy exists, let along where he is or what he is doing.
Hey, just then my laptop seemed rather too busy doing something in the background. I wonder….