March 20, 2011 |
In 1981, a young high school student name Rich Skrenta had the idea of creating what is generally recognized today as the first self-replicating computer virus. By 1982, he put the finishing touches on the Elk Cloner virus – it had for its time, the unique capability of spreading itself. It worked as a ‘boot virus’ on an Apple II computer. Each time a floppy drive was inserted into the Apple II, the virus, which was resident in memory, copied itself to the floppy disk. When that floppy disk was booted into a different Apple II, it too became a victim. Depending on the sources that you look at, it was either for the ‘Joy of the Hack’ or as a practical joke. In either event, it is clear, in looking at history that no harm was intended and that monetization was the farthest thing from this young computer programmer’s mind.
It wasn’t long before this software (known a virus which is any program that can copy itself) became just another member of a family of software known as malware. Unlike our example above, malware is all about the theft of private information and the subsequent monetization of that information. Some of the most widely known ‘new comers’ to this category were:
Worms – a worm is like a virus but instead of spreading physically like the “Elk Cloner” it uses a network to go from place to place
A Trojan (also referred to a Trojan Horse) – this is software that appears to be doing one thing but is actually doing something else (for example, you might be given (or offered) free software which will, based on what it displays, appears to be working just fine but is, in reality searching your PC for personal information or turning it into a SPAM engine.
Rootkit – these are not as widely known and are technically more challenging. They infect a machine at the ‘root’ level before the operating system is fully functional. They can be very hard to find (they can often mask themselves from the OS by looking normal) and usually cannot be removed without rebuilding.
With the advent of email, a new device came into being – the destructive email attachment. These ‘phishing’ attacks can be almost unlimited in terms of what they are seeking and are only limited by the imagination of their authors. As an example, open an un-trusted attachment and you could find yourself with a unknown guest on your computer logging your every keystroke. This can happen real-time or maybe they will transmit your data to a ‘command and control’ server where someone will log into your bank account and effect transactions on your behalf. They could ‘take over’ your existing account or use that information to open new credit card accounts that you only find out about way too late.
Now, we have something new to deal with. Advanced Persistent Threats (or APT’s). Unlike the broad based security attacks that we have seen in the past, APT’s are very targeted and are interested in specific pieces of information. They may be for political purposes (Ghostnet was launched to try and find out the Dali Lama’s schedule), to inflict damage (the Stuxnet APT created havoc in the Iranian Nuclear program) or for monetization purposes (Nimkey caused carbon trading credits to go the wrong party), or to steal Intellectual Property (Aurora was after Google’s source code).
These APT’s are designed to be stealth-like and lay in wait for their target to appear. They do not create a high profile in an attempt to avoid detection by traditional software means. Most importantly, they often will utilize inside information in an attempt to better target their prey. And finally, instead of launching a broad based phishing attack, they employ ‘spear phishing’ going after one or two individuals with enough information to get them to click on that email attachment that they really shouldn’t. They are not the work of an individual but a coordinated and devastating attack on an institution that may go unnoticed until long after it is over.
We have come a long way in the evolution of our susceptibility to attack. And yet, in spite of the most sophisticated efforts (technically) to combat them, the most sophisticated attacks today (the APT’s) start with the human element. Good security systems can keep us safe to a point but traditional security fails when it faces an attack that it just can’t recognize as such. Today’s security tools are more sophisticated than ever but they cannot protect us against human nature. Without good security awareness on the part of the individual, all the tools in the world can only keep us so safe.