Know your enemy
There is a battle for control of the Internet, with politics and cyber security the main players, says security expert.
The Web has created a new and baffling environment: the demand for security versus the desire for freedom.
These were the words of author and investigative journalist Misha Glenny, speaking at the 8th annual ITWeb Security Summit, which kicked off in Sandton this morning.
Politics and cyber security are inextricably linked and there is undoubtedly a battle for control of the Internet, as the risks facing organisations are worse than ever before. He said it is vital that the world develops mechanisms to secure the Web.
The Internet itself is morally neutral. Its strength is its interconnectedness, and it is up to people whether it is used for good or evil ends, he added.
According to Glenny, there are three types of cyber malfeasance - cyber crime, cyber espionage and cyber warfare - and almost all of these are perpetuated through social engineering, malware coding or a combination of the two. "The only real change we've seen is the sophistication of attacks and the proliferation of targets and vulnerabilities."
He also outlined two secondary issues. The first being the triangle of citizens, states and corporations, and what can and can't be done to protect personal data. The second is the competition between nation states.
In fact, he said it was revealed that Stuxnet, which set Iranian nuclear efforts back several years, was a result of US-Israel collaboration. "This shows that states are willing and able to deploy malware should it be in their best interests to do so."
Iran has already said it intends to take itself offline, and develop an intranet that will be shut off to the outside world.
Looking at other perpetrators of attacks, Glenny cited Carderplanet, and a release he uncovered following the organisation's one and only carders convention. Carderplanet is a forum that shares stolen credit card details, and also acts as a conduit between buyer and seller. The release stated that users were strictly forbidden to steal any card information from Belarus, Ukraine or Russia. Any other country was fair game.
Glenny said Carderplanet had made an agreement with the KGB that these regions would be left alone. In addition, Carderplanet committed to lending its skills to the KGB when called upon to do so.
Another hacker, Red Brigades from New York, said it has digital and human intelligence capacity. "The FBI and SOCA may be watching us, but we are watching them in return. We anticipate and analyse all their serious moves."
He says, following the major recession in 2008, there was an enormous upswing in cyber crime. "During a recession, organised crime moves away from the traditional human trafficking and suchlike, due to a dip in demand, and moves towards financial fraud."
In conclusion, Glenny said, to help prevent cyber crime, bear in mind the immortal words of Sun Tzu - know your enemy and learn from him.