It appears inevitable that the exploitation of the internet for criminal gain and ‘cyber’ terrorism will continue to be a threat into the foreseeable future.
Almost every home and business with internet access has become increasingly dependant upon maintaining this access 24/7 for transactions ranging from browsing for research purposes through to email and eCommerce. Interruptions to these systems are able to cripple business and result in significant loss of revenue.
Future proofing the reliability and security of the internet could mean tighter control on our access to it. Anonymity will become a thing of the past. Over the past 12 months many PC’s worldwide have been equipped with a new security chip called the Trusted Platform Module. In the majority of cases the chip is currently de-activated but can be enabled by software.
Microsoft’s new desktop operating system Windows Vista will use this technology as part of the feature “BitLocker Drive Encryption”. BitLocker will encrypt the entire computer’s volume for security. The chip is one initiative developed and supported by the Trusted Computing Group (TCG.) In this organization, only a few companies, called “promoters,” have the right to make decisions; currently, the promoters are AMD, Hewlett-Packard, IBM, Intel, Microsoft, Seagate, Sony, Sun and Verisign.
Once merchants and other online services begin to use it, the TPM will allow for virtually fool-proof verification over the internet that your computer (and therefore you) - are who you say you are.
Some of the benefits include:
Currently we are seeing an evolution in Malware. Gone are the annoyingly gifted virus writers who sent viruses out to prove they could exploit security holes in commercial software. They caused some downtime and user frustration but were not criminal in intent, more driven by a need to prove what they could do rather than what they could gain from their work.
Today however we face an increasingly criminal form of virus or Trojan which is designed to be delivered secretly. Unlike the previous generation of malware these exploits do not disable a PC or even let on that they are active. They operate silently in the background and are designed to remain invisible to the PC owner. Once installed they allow the PC to be used as a Spam relay or ‘bot’. A thousand ‘bots’ under the control of one hacker can then be sold on the black market for thousands of dollars. The purchaser who now controls the bots can then send millions of advertising emails (Spam) anonymously. It’s a big business.
Other current forms of malicious malware allow for Identity theft via passwords, credit cards, bank account details etc. to be retrieved and transmitted secretly to the sender of the virus.
New variations on extorting money from victims are arriving. The ‘Ransom’ virus is one example which disables the victim’s computer and demands transfer of a sum of money ranging from $50 for end users up to much more for businesses. The victim is directed to send the ransom money to an offshore payment company before an unlock code will be released to them.
The technological improvements in our mobile phones and PDA’s mean that we will soon be carrying around mini computers – many with some form of wireless internet access. These devices will need to be protected in the same way as our notebooks and desktop PC’s. The problem is that a PC user is generally well aware of the threat posed by exposing his computer to the internet or is protected behind a corporate security policy on a company network. Mobile phone users however are not sheltered behind company firewalls and many are not IT savvy. There are already a number of mobile phone viruses that copy themselves directly to any phone within range using Bluetooth wireless technology.
Kaspersky Lab www.kaspersky.com.au is one major security company who have recognized this as a looming crisis and have been focusing on a security solution “Kaspersky Anti-Virus Mobile” which is currently in pre-release Beta and expected to be commercially available by December 2006.
Meanwhile your best form of defence is to be aware that these threats already exist, switch off Bluetooth when not needed and exercise common sense by deleting unsolicited messages.
Mark Hay is Operations Manager for Microbe Pty Ltd.