In recent years cyberspace has played an increasingly important role in governments, companies, families and in all our lives. Little by little it has opened up its own path, offering a host of possibilities that can be tapped into from practically anywhere in the world.
We are also thrilled and delighted to see how it lowers costs, facilitates the sharing of information, opens our business’s doors to the whole world, favours automation and remote surveillance of systems and sites, etc. This is all to the good. Being able to manage security and open dams from hundreds or thousands of miles away is in principle a good thing. If it also cuts out the need for a 24 x 7 watchman and allows the first level of monitoring to be carried out from remote locations at a price of about €10 an hour, well wonderful.
In fact it is the driving force behind an increasing number of economic transactions and enables us to make administrative arrangements without leaving the house or even while sitting on the bus. It establishes new communication methods and speeds up the circulation of information by means of tree structures or even whole woods of them.
All these advantages, of course, are not confined to people of good will. When combined with complacency about security, unawareness, globalization, patchy legislation and the ease of anonymity cyberspace represents a veritable hotbed for national or industrial cyber spying, for organized crime, swindlers and unscrupulous dealers.
In fact, over the last few months several security incidents have made a big splash in the press, straying beyond the domain of security professionals and grabbing the attention of the public at large.
Some of these incidents are:
- The headline-grabbing wikileaks
- The cyber attack on the European parliament (http://www.theregister.co.uk/2011/03/31/eu_parliament_hack/)
- Recognition by the US government of having come under attack from Chinese cyber spying: (http://blog.segu-info.com.ar/2010/08/eeuu-advierte-ataque-cibernetico-chino.html)
- Suspicions that the Israeli government is behind the genesis and distribution of the first computer worm to target SCADA systems
- The recent exploitation of SQL injection vulnerabilities in MySQL pages to extract database information such as user data and executive passwords
- Unauthorised access to internal equipment of the French Ministry of Finance
- The publication of a NASA report recognising the existence of vulnerabilities in servers controlling certain space missions: (http://oig.nasa.gov/audits/reports/FY11/IG-11-017.pdf ) (http://blog.segu-info.com.ar/2011/03/una-red-critica-de-la-nasa-abierta.html)
- Theft of compromising photos and information from handhelds of famous people: (http://www.cbsnews.com/8301-504083_162-20044232-504083.html)
- Theft of information in Cloud Computing: PHPFOG
These juicy news snippets are only the tip of the iceberg. It seems that only notorious and unquashable cases slip out, while vested interests make sure that many other incidents never see the light of day. Curiously enough, this news breaks out in powerful and advanced spheres of technology and security.
The abovementioned incidents affected US and European organizations and involved nations like Israel, China and this great unknown that is courteously called the “community”.
It would seem logical to assume that in the theoretically less advanced countries most of these incidents go unreported and unnoticed, and this suits organized cyber crime fine. In other cases an incident might be hushed up for fear of the business repercussions or from shame, and this is an attitude that swindlers eagerly feed off.
Which major organization would be likely to acknowledge of its own accord that its systems have been hacked or are still being hacked without the problem yet being solved?
Author: Javier Osuna
Head of Security & Processes Consulting Division of GMV
Las opiniones vertidas por el autor son enteramente suyas y no siempre representan la opinión de GMV
The author’s views are entirely his own and may not reflect the views of GMV