Saturday, April 4, 2015

The world of security anomalies

I continue to see the confirmation of my long held assertion in this blog that the ‘bad guys just keep winning’. Why? The simple example I continue to see is a growing number of infections of Cryptolocker. If you haven’t read my previous rant on this then take a look at:

http://blog.ciaops.com/2013/10/bad-guys-just-keep-winning.html

Now that post was 18 months ago and I still witness many of my peers battling to contain catastrophic outbreaks. How can that be? In all cases there was virus and malware protection already in place, yet the infection was still able to get through all of these, have a human being being duped into activating it and then causing major calamity in the business. Such calamity usually required a full restore of the system to eliminate the problems with all the loss of productivity that entails.

Tell me, why, oh why is this still possible 18 months or more since Cryptolocker first raised its ugly head? It is because the security software, that so many put their blind faith in, is totally and utterly useless in my opinion. It is reactive technology, based on what is already known. We now live in an exponential universe and the bad guys are taking advantage of that while security software tends to live in the old linear world and now being left far behind.

While our desktops are the current target, what happens when the bad guys shift their focus more to our mobile device? Imagine Cryptolocker on your phone. It is only a matter of time until it gets there and what protection do you have on your phone? The most security I have seen people enable on their phone is a pin code that is ‘0000’. That is, they don’t have any security. Think of all your contacts, phone calls, SMS’s, banking details, app purchases and so on begin taken over by hackers? Sadly, it is only a matter of time until we see the likes of Cryptolocker reek the kind of havoc it does on desktops on our mobile devices and sadly the majority of people are totally unprepared for that.

The biggest worry by far is the dawning of the age of the Internet of Things (IoT). This is world where everything from your toothbrush, to your car, your refrigerator to every item in your home and at work is all connected to the Internet. With technologies like IPv6 this is fast becoming a reality but so too is the ability for all of these to be hacked and turned against you. If you want to appreciate this scary future that is fast approaching have a look at my previous post:

http://blog.ciaops.com/2014/12/security-before-convenience-or-else.html

and read Marc Goodman’s book

Future Crimes

and you’ll get an idea of how crime is utilising technology to rule the world.

Another of a great concerns when it comes to technology is the lengths that governments are implementing to track citizens in the guise of ‘protecting us’. There has been plenty written about this subject so I won’t go into it here but I’d like to point out an interesting anomaly here.

Recently in my neck the wood there was a state election. Fair and equal democratic elections are the cornerstone of our western society. Many have the mistaken belief that their integrity is above question but I beg to differ. Here’s why.

When I attended my local polling location I am asked for my name and address. I am however NEVER at any stage asked to PROVE who I am with some form of approved identification. The official merely takes my word that I am who I say I am. Clearly, most people are honest BUT ANYONE would walk into all polling station and simply state a name in that electorate and be given voting papers.

My attendance at the polling location if recorded in a paper roll. This roll is NOT shared with other officials in the same polling location let alone other polling location is the electorate. They are only compared after the close of voting. So, what is to stop me voting in one polling location, the travelling to next and voting again, then repeating that processes throughout the electorate? Shouldn’t there a centralised location to record this so all officials can immediately see those that have voted ANYWHERE?

So, I can continue to vote as myself at as many polling stations as I can physically travel to in one day. I can also vote as anyone else at any polling station throughout the day. May seem like a lot of work for a single individual and probably would not have an impact on the outcome right? Maybe, but what if I could get 100, 1,000, 10,000, 100,000, etc, people to do the same thing all for the same political end? Now, how do you feel about the integrity of our democratic elections?

Technology is a great enabler for society but it also enables bad guys as well and honestly we are creating a world so full of insecurities that it makes it easy for them to rob us blind. Even if you are not a victim that affects us all in the hip pocket. The problem is not the technology, it is the human being. We need to teach everyone, especially kids, the importance of security and privacy. We need to demand products be made secure by default (we have the technology already). We need to stop putting convenience ahead of security or else.

Alas, as I continue to lament here, it is pipe dream I’m afraid and I’m sure in another 18 months time the likes of Cryptolocker will continue to roam free on the Internet destroying lives at will. Sigh.