in apt, attacks, commentary, security

Sony hack has literally flooded my news feed in recent weeks, everyone talking about how it was done, why, whom to blame, the trails which lead to North Korea and the politics around it. I’ve been following the story from the first report with an unexplained curiosity and was not sure why since I read about hacks all day long.
A word of explanation about my “weird” habit of following hacks continuously, being a CTO of the Ben-Gurion University Cyber Security Labs comes with responsibility and part of it is staying on top of things:)

6a010536b66d71970c01bb07cb8f25970d-120wi

Later on the reason for my curiosity became clear to me. As a background, to the ones which are deep in the security industry it is already well known although not necessarily spoken out loud that attackers are pretty far ahead of enterprises in terms of sophistication. The number of occurrences of reported cyber attacks in recent two years show a steep upward curve and if you add to that 3 times non-reported incidents than anyone can see it is exploding. And although many criticized Sony for their wrong security measures still I don’t think they are really the ones to blame. They were caught in a game beyond their league. Beyond any enterprise league.

The reasons attackers have become way more successful are:

  • They know how to better disguise their attacks, using form changing techniques (polymorphism) and others.
  • They know quite well the common weaknesses in enterprises IT. You can install almost any piece of software in your own lab and just look for weaknesses all day long.
  • They have more money to pour into learning the specifics of their targets and thanks to that they build elaborated and targeted attacks. In case of state sponsored attacks the funds are unlimited.
  • Defensive technologies within the enterprise are still dominated by tools invented 10 years ago , back then attacks were more naive if such can be said. Today we are in a big wave of new emerging security technologies which can be much more effective though enterprises enough time to get adopted.

So it is fair to say that enterprises are in a way sitting ducks for targeted attackers and I am really not exaggerating here.

And the Sony story was different than others for two main reasons:

  • The source of attack is allegedly originated and backed by a specific nation. And I am saying allegedly because unless you found the evidence in the computers of someone you can’t be sure and even then that person could have been entrapped by the real attackers. Professionals can quite easily cover up their traces and definitely the attackers here are professionals.
  • The results of the attack are devastating and their publicity turned them into a nightmare for any CEO on earth. Some kind of warning sign to the free world.

And Sony due to their bad luck got caught in the middle.

 

6a010536b66d71970c01bb07cb8c50970d-800wi
Image taken from http://www.politico.com/story/2014/12/no-rules-of-cyber-war-113785.html

 

The End of Superpowers

From a high level view it does not really matter whether it was North Korea or not . The fact that such an event happened where potentially a state attacked a private company and its consequences and lack of ramifications are quite clear then this opens the path in the future to happen again and again and that what’s makes it a game changer. Every nation in the world understood now they have got a free ticket to a new playground with different rules of engagement and more important different power balance.

In the physical world power has always been attributed to the amount of firepower you’ve got and naturally the amount of firepower has tight correlation with the economic strength of the nation. US is a superpower. Russia is a superpower. In the cyber world these rules do not necessarily apply where you can find a small group of very smart people and with very simple cheap tools they can wreak havoc on a target. It is not easy but possible. The attackers many times are only limited by their creativity and nothing else. In the cyber world size matters less.

Our lifestyle and lifeblood have become dependent on IT, our electricity, water, food, defense, entertainment, finance and almost everything else is working only if the underlying IT is functioning properly. Cyber warfare means attacking the physical world by digital means and the results can be no less devastating than any other type of attack. Actually they can be worse since IT also presents new single points of failure. So if cyber wars can cause harm as real wars and size matters less wouldn’t that mean the rules of game have changed forever?

 

Question of Responsibility

As soon as I heard that North Korea may be responsible for the attack I understood that Sony were caught into an unfair game and the big question is about the role of the government in defending the private sector, how and to what extent. Going back again to the physical world, in case of a missile that is launched from North Korea onto the headquarters of Sony then the story and reaction was very much different and predictable. This comparison is valid since the damage which can be caused by such missile to the company is probably lesser from the economic perspective, not taking into account of course human casualties. I am not saying cyber attacks can’t cause casualties, I am just saying that this one did not.

So why is there a difference in the stance of the US government? Why Sony did not ask for help and nation wide defense?

The era of cyber warfare removes the clear distinction between criminal acts vs. nation wise offensive acts and a new line of thought should emerge.

 

So what the future holds for us?

  • A big wave of cyber attacks coming from everywhere on the globe. The “good” results of this attack will surely provide a sign of hope for all the people in the world who felt inferior from a military perspective. The attackers always go to the weakest links so we will see more enterprises being attacked like Sony in a more severe way. A long, complicated, stealthy war.
  • A big wave of security technologies which aim to solve these problems, coming from the private and government sector. Security startups and established players in a way “enjoy” these developments where the need for new solutions is uprising steeply. I know personally some startups in Israel which can take the current advantage attackers enjoy, technologies such as polymorphic cyber defense. I will elaborate on that in a future post since it deserves one on its own.
  • A long debate about whom is responsible on what and what measures can be taken meanwhile – cutting down the internet across the globe won’t help anyone since there are today many ways to launch attacks from different geographic places so location doesn’t matter anymore. It won’t be easy to create a solution which will be effective on one hand and not limiting the freedom to communicate on the other hand.

 

Meanwhile, you can gaze a bit at the emerging battleground

6a010536b66d71970c01b7c7271f5c970b-800wi

Taken from a live attacks monitor on http://map.ipviking.com/

Share on Facebook0Tweet about this on TwitterShare on LinkedIn0Email this to someone