Last word: Cracking the cyber crime code
Concerted cooperative effort by defenders should at least match that of attackers, suggests Daniel Shugrue
Daniel Shugrue last word
The past few years have seen a significant change in the landscape of cyber crime. It's in constant flux and evolution, but the volume, vector and variety of attacks are worse than ever, and often we have to conclude that the cavalry is not coming. Many of us are left wondering how, if we can't stop simple SQL injections, we can ever hope to stop 200 Gbps+ DDoS attacks..
Traditional warfare offers some interesting parallels and we can look back to help us look forward. While the weapons of war have evolved since Troy and will continue to do so beyond “Star Wars”, World War II represented one of history's fundamental shifts in the threat landscape.
War was truly global for the first time. Battlefronts shifted faster than ever before and far-flung soldiers at the front relied on wireless communications to receive orders from Central Command. Yet intercepting wireless communications was (and still is) easy. Germany relied on encryption to keep its plans secret. The Allies realised that they would have to figure out how to crack the German code and decode messages quickly, thereby increasing their chances of victory.
Churchill didn't know how to decrypt messages, but in order to stack the odds in his favour, he did two things: First, he established a secret location in Bletchley Park to which he invited a huge, cross-disciplinary team to live, work and collaborate together. The team included the best mathematicians from Poland, engineers from Britain, and linguists from the United States. Let's call this the “Socialisation” of the Allied effort.
Second, he gave the team at Bletchley Park a nearly unlimited budget.
The result of the Bletchley Park team effort was a device capable of decrypting intercepted German messages within minutes. Called Bombe, it revealed the locations of 58 German divisions and was instrumental in defeating the Axis powers.
Ironically, in 2014, it is the attacker community that seems to have best embraced the lessons of Bletchley Park. Consider:
Nationalisation – In recent years we've heard this term associated with alleged government support for hacking efforts coming from China and other nations.
Industrialisation – Today we see evidence of industrialisation in the rise of Metasploit and the availability of downloadable attack tools, such as Dirt Jumper, Havij and LOIC and HOIC.
Socialisation – We see evidence all the time of hacker socialisation via underground forums to recruit participants, develop new tools and discuss campaigns and targets.
For those of us in the security industry, the question is always: “What more do we need to do?” or “What more can we do?” We could argue we have the socialisation part down pat. After all, we socialise at events like Schmoo Con, Black Hat and RSA Conference, and dutifully read the press and blogs, but are we cooperating on the same level that the team at Bletchley Park cooperated?
On industrialisation, isn't there a thriving security market/ecosystem? Don't companies cooperate, share feeds, partner and help each other defend their customers? But are our tools as advanced as those used by the attackers?
And some could argue that the forces of nationalisation are finally working in our favour. But to that end, are we using the funds from governments with the same clarity of purpose that the teams at Bletchley Park used their resources?
We've come a long way, but by looking back to the examples set at Bletchley Park I believe we can move forward, faster.
Daniel Shugrue is security product marketing manager