Why we are ‘in the dark’ as RSA 2014 gets under way

sh_social media425pxBy Byron V. Acohido

SAN FRANCISCO — Complexity.

That’s the  theme saturating the keynote speeches, workshops, panel discussions and product exhibits at the gaint RSA cybersecurity conference unfolding all week here at the Moscone Convention Center.

Tech security vendors flock to this massive conference to drive home why enterprises and SMBs were wise to spend north of $64 billion on cyber security protections in 2013, a spend rate expected to rise 8.7% annually through 2017. That estimate comes from Gartner analyst Lawrence Pingree.

The IT buyers come to Moscone Center prepared to swim through an ocean of tech jargon and marketing hype. They must assess risk, triangulate exposure and —  crucially — decide how much to invest in cutting-edge cybersecurity technolgies that can detect and repel intruders.

As a backdrop, hacking for criminal profit, nation-state spying and the making of ideological points, aka hacktivism, continues to steadily escalate. By one estimate, cyber crime is a $500 billion global industry.

Meanwhile, the tech and financial services industries — joined by venture capitalists backing all those clever new consumer and business apps — continue to expand our reliance on the Internet cloud and mobile devices.

Complexity, for the good guys, translates into convenience, which helps sell new services.

Complexity, for the bad guys, spells ever-expanding criminal opportunities.

Both are generating billions in profit.

John Stewart, chief security officer at Cisco, says cyber scammers, spies and hacktivists collectively are causing a profound “economic drag” on national and global commerce, killing jobs, stifling innovation and generally mucking up consumer, corporate and public sector use of digital services.

“This is 100% an economic problem,” says Stewart. “We’ve got to start thinking it through in that context.”

Meanwhile, security sleuths on the leading edge have begun documenting the early forms of  probing and infection- spreading directed at the so-called “Internet of Things.”

Last week security start-up Norse and think tank The SANS Institute released study results showing how some 375 U.S. healthcare organizations were actively compromised in a period from September 2012 to October 2013.

The attackers infiltrated internet-connected radiology imaging software, conferencing systems, printers, firewalls, Web cameras and mail servers to access patient files and other information.

Norse founder Tommy Stiansen has developed an amazing global network of honeypots emulating all sorts of common workplace and home appliances connected to the Internet, with embedded operating systems rife with vulnerabilities. Cybercriminals  are using automated programs to scan ranges of IP addresses for signs of vulnerable appliances. It’s often a simple matter to take control by installing a few lines of malicious coding.

Norse has devised innovative technology for monitoring such cyberattacks in real time. A tiny sampling of its data, extracted exclusively for Last Watchdog, revealed 724 infected appliances actively carrying out fraudulent tasks.

The corrupted appliances included firewalls, routers, modems, printers, DVRs, surveillance cams, web cams, IP cameras, VPN appliances, VOIP phone systems, FM radio transmitters, storage drives, video conferencing systems and climate-control modules. One of the big things these corrupted devices are being used for: payment card fraud.

“We are seeing credit card transactions from baby monitors, DVRs, TVs, printers, medical devices, you name it,”  Stiansen told Last Watchdog. “It’s coming from all types of industries and from homes.”

In a stunning demonstration, Stiansen clicked to the IP address for an activated ABS MegaCam, widely sold as a $220 baby monitor. The device was activated on the Internet by a resident of Glendale, Calif., who uses Charter Communications as an ISP.

Malicious software embedded on the web cam’s Linux operating system causes a live cam view of the homeowner’s living room to appear in the browser of anyone who clicks to the web cam’s IP address. During Stiansen’s demo, a woman and then a man enter the room and sit on a couch.

The bad guy who embedded the malware on the baby monitor probably doesn’t care much about snooping; the web cam’s computing power, instead, is being used to locate similar devices and help the attacker to control as many as 2,000 ABS MegaCams.

“This is happening at a large scale, and it’s growing hugely every day,” Stiansen says, “This is very powerful stuff, and the scariest part is this is only the tip of the iceberg.”

There’s clear logic behind methodically assembling digital appliances into niche networks, called botnets, under the control of a single operator.

Botnets have been the foundation of the cyber underground for more than a decade. Traditionally comprising infected personal and server computers, botnets are the engine that drives multibillion-dollar markets for spam, phishing, account hijacking, identity theft and denial-of-service attacks.

Norse’s findings show how the advance guard of cybercriminals has begun pulling digital appliances into botnet service because, at the moment, it’s easy to do so.

Healthcare organizations represent fat, juicy targets, says Tom Kellermann, managing director for cyber protection at consultancy Alvarez & Marsal.

“The industry’s efforts to protect patient data  relies far too heavily on encryption and thus overlooks the need for defense in depth,” Kellermann says. “The cyber security strategies of this industry must incorporate an inward focus to eliminate these digital insiders.”

Geoff Webb, senior director of solutions strategy, NetIQ, opines that there’s a lot more low-hanging fruit for bad guys to target.

“The Internet of Things is already surrounding us with devices that exhibit unique behaviors and capabilities and a growing number of complex interactions,” Webb says. “The worrying aspect of this is that because of inability to truly monitor the activity of these smart devices, we have literally have no idea the extent to which the bad guys are already embedded in the devices around us. “

Webb contends that we’ve begun to use Internet- connected machinery as trusted surrogates. If we were smart, we’d assign these devices attributes as part of an identity that defines who they are, what their behavior is and how they ought to be ow they should be interacting with other devices internally and externally.

Until that happens, Webb argues, we’ll be in the dark, unable to identify when an Internet-enabled appliance is being used maliciously.

Currently, he says, “We are in the dark.”



Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone