Powered By Xiaoshuoer!

Cyber security and the online arms race: the battle has just begun

Posted on 11/04/2019 | in 上海性息 | by

Published in collaboration with The Conversation, a website that features commentary, research and analysis from Australian universities and the CSIRO.

上海性息

Cyber security has been in the news a lot lately. Corporate giants have had their data stolen, intelligence agencies have had their websites taken down and hacker groups have become household names.

Closer to home, an Australian web hosting company distribute.IT confirmed yesterday that a June 11 hack of its servers had rendered the data of almost 5,000 clients “unrecoverable”.

The recent spike in online criminal activity has led some industry players to call for significant overhaul to Australia’s cyber security laws and, indeed, the Federal Government has taken steps down that path.

All of this raises a particularly pertinent question: is the threat of online attack inevitable, or is there a way to make the internet an inherently safer place to work, play and shop?

SECURITY GIANTS

A recent public lecture delivered by Eugene Kaspersky – CEO and co-founder of one of the world’s largest anti-virus companies, Kaspsersky Lab – shed some light on this very subject.

Kaspersky’s interest in anti-virus systems was triggered when his computer was infected by a virus way back in 1989.

This computer virus stimulated his curiosity, and he started to compile a database of each new computer virus he encountered. This database of virus “signatures” became the basis for his first anti-virus software tool.

In those early days of the internet, the author of the virus that infected Kaspersky’s computer was probably also motivated by curiosity – in this case, curiosity to see whether it was possible to write a program that could spread between computers, even without the owners of those computers knowing.

While curiosity was a major driving force behind both the unknown author of the virus and Eugene Kaspsersky’s response, it’s clear that cyber security is no longer the domain of curious amateurs.

SERIOUS BUSINESS

Cyber crime is now a thriving industry driven by those within more traditional criminal circles and, according to Kaspsersky, the second most lucrative criminal activity behind the illegal drug trade.

So just how do hackers make money?

Well, consider the case of “distributed denial-of-service” (DDoS) attacks. In an attack of this kind, an online business or service is disabled by a flood of malicious requests via the internet. DDoS attacks can be used to:

* Swamped an online betting agency with bogus transactions that overwhelm their servers, thus denying access to legitimate customers.

* Blackmail online businesses by threatening to close down the business unless protection money is paid.

* Disable online government services, as was the case in February of this year when Australian government websites were attacked.

For DDoS attacks to be effective, attackers need to generate a high volume of malicious requests which means having a large number of computers at their disposal.

Attackers can use computer viruses and other pieces of malicious software (or “malware”) to gain control of legitimate users’ computers.

TANGLED WEB

These infected computers (collectively known as a “botnet”) can then be used to launch large numbers of malicious requests in a DDoS attack at the attacker’s command. According to Kaspersky, recent botnet DDoS attacks have involved as many as ten million infected computers.

(By way of contrast, “only” a one-million-machine botnet was needed to take down most of Estonia’s online infrastructure in 2007.)

In response to these growing attacks, the network managers of online networks and services continually need to deploy higher-capacity servers and network links, together with filtering systems such as anti-virus software and network “firewalls”.

While this approach to defence aims to protect the target of an attack, it does little to stop the attack at its source, namely, the infected computers. Indeed, all that has emerged is an online arms race in which attackers and defenders are always trying to up the ante.

So, is there a silver bullet to network security that will defuse this arms race?

CATCHING CYBER-CRIMINALS

One possible approach suggested by Eugene Kaspersky (among others) is to trace where requests to access online services are coming from.

In practical terms this might mean the introduction of some form of online identification – an internet passport, if you like. If a user was found to be engaging in questionable online behaviour – such as requesting the same page from a web server repeatedly in a short period of time – the user would need to produce their online identification in order to proceed.

Such methods would make it easier to trace perpetrators of cyber crime and, ideally, discourage such behaviour in the first place.

While better verification of the identity and reliability of users on the internet could help in the ongoing fight against cyber crime, it’s certainly not a silver bullet. This type of verification can itself become the target of a DDoS attack.

Indeed, no single strategy has yet been proven effective in protecting the internet from the persistence of attackers, nor is a single solution likely to emerge.

While the problem of cyber crime may never be completely eradicated, we can only hope that our efforts will someday raise defences to the point where it is uneconomic for attackers to continue with these types of attacks.

Comments are closed.

Categories

TITLE

November 2019
M T W T F S S
« Oct    
 123
45678910
11121314151617
18192021222324
252627282930  

Recent Posts

Default utility Image World stocks retreat on Greek default fear

Stocks plunged and the euro fell on Monday as signs of German impatience with Greek...

Default utility Image Battles as Greece cuts deep

Lawmakers voted 155 to 138 for the hotly-disputed package to slash 28.

Default utility Image Bangladesh floods displace 120,000

Floods in southwest Bangladesh have inundated vast swathes of farmland, affecting nearly a million people,...

Default utility Image Greek ministers approve new austerity

The Greek Cabinet has approved a new round of painful austerity measures and a...

Default utility Image Q&A: The causes of the Somalia famine

While it is true that droughts are an act of nature, there is nothing ...

Recent Posts

Default utility Image Default utility Image Default utility Image Default utility Image Default utility Image

Recent Posts

Default utility Image World stocks retreat on Greek default fear

Stocks plunged and the euro fell on Monday as signs of German impatience with Greek...

Default utility Image Battles as Greece cuts deep

Lawmakers voted 155 to 138 for the hotly-disputed package to slash 28.

Default utility Image Bangladesh floods displace 120,000

Floods in southwest Bangladesh have inundated vast swathes of farmland, affecting nearly a million people,...

Default utility Image Greek ministers approve new austerity

The Greek Cabinet has approved a new round of painful austerity measures and a...

Default utility Image Q&A: The causes of the Somalia famine

While it is true that droughts are an act of nature, there is nothing ...

Tag Cloud