Contact Center Solutions Featured Article

Malware on the Internet has since early 2007 been growing at a nearly exponential rate. For example, Panda Security reports that it receives 3,000+ unique samples of malware every day. Panda offers Malware Radar, an automated malware audit service that detects threats that manage to slip by conventional security solutions. Indeed, Panda discovered that 76 percent of the companies audited during the Malware Radar test phase were infected by malware, even though they had dutifully installed and updated security solutions.

 

Then there are the findings of F-Secure Corporation, a company that protects consumers and businesses against computer viruses and other threats from the Internet and mobile networks. Their solutions are available in two forms: first, as a service subscription through more than 150 Internet service providers and mobile operator partners around the world, and second, as licensed products through thousands of resellers globally.

 

F-Secure’s recent “Data Security Wrap-up” report correctly predicted that they would tabulate 500,000 malware detections by the end of 2007 — they hit that mark during the final week of December 2007. What’s so amazing about this, says F-Secure, is that, “What previously took twenty years to accumulate — was now accumulated in just one year… Malware authors are producing variants in bulk. Genuine innovation appears to be on the decline and is currently being replaced with volume and mass-produced kit malware. But while new techniques weren’t developed — the existing techniques were refined and adapted for much greater effectiveness. There are some very dangerous faces in the big crowd…”

 

As of February 12th, 2008 F-Secure already had 560,000 total detections, which is an additional 59,000 detections added in 43 days at an average of about 1,372 per day. As one blog poster named Sean noted, “Maintaining that pace (no guarantee that it won’t further increase) there will be at least another 500 thousand detections this year for a grand total of one million or more by the end of 2008.”

 

That’s scary, and it’s in accord with the latest findings by AV-Test in Germany, which is one of the world’s greatest research facilities for testing anti-malware software and their methodologies. AV-Test collects samples of malware to test security programs. They analyze malicious programs and produce a specific digital fingerprint to identify each unique sample. AV-Test reports that it detected 5.49 million unique samples of malicious software in 2007, as opposed to the 972,606 it counted in 2006.

 

Hackers and hacking are so synonymous with criminal activities these days that we forget what hackers were originally like and how the increasing mass exposure to technology via the PC has caused an accelerating devolution in the technological ethos of Mankind.

 

Once upon a time, decades ago, before even the rise of the PC, hackers were a peaceful group of elite, youthful geniuses. For the most part they inhabited academia — many were students and professors at MIT, with the MIT Tech Model Railroad Club and MIT Artificial Intelligence Lab figuring into this considerably. The hacker ethic and values are thus derived in a way from the scientific community at large. In any case, early hackers were imbued with a spirit of playful ingenuity and a love of programming.

 

Their interactions among themselves and others were codified under the term “hacker ethic”, coined by journalist Steven Levy and used for the first time in his 1984 account, “Hackers: Heroes of the Computer Revolution”. Levy’s distillation and codification of the hacker ethic came down to these points (the following are excerpted from Wikipedia):

 

 

Doesn’t sound so bad, eh? The ideas and ethics Levy set into stone were mostly those of the MIT AI Lab hackers of the time, such as Richard M. Stallman, whom Levy referred to as “the last true hacker”. Stallman, as we shall see, became the chief pioneer of the free software movement, and in September 1983 he launched the GNU Project to create a free Unix-like operating system (which led to such things as GNU Linux). Stallman founded the Free Software Foundation in October 1985. He also pioneered the “copyleft” concept and is the main author of the GNU General Public License, the world’s most widely-used free software license. Needless to say, he is not fond of the idea of software patents and extensions to copyright laws. Stallman and his cohorts heavily influenced the contemporary “open source movement” — which Stallman would say is an incorrect concept, thus bringing him into conflict with such open source movement proponents and spokespeople as Eric S. Raymond.

 

Corporations out to turn a profit, however, were not as benevolent as hackers, and sought to oppose them. One of my earliest recollections of Bill Gates is of him calling all hackers “a bunch of thieves”. Hackers, believing that all software should be free, responded by figuring out ways of continuing to do what they were doing, even if it involved defeating copy protection and breaking passwords and or encryptions. For example, when MIT’s Laboratory for Computer Science (LCS) installed a password control system in 1977, Stallman figured out how to decrypt the passwords and sent users messages containing their decoded password to demonstrate that LCS was not increasing security, but merely hindering free access to each other’s software and discouraging the sharing of it.

 

Thus, the peaceful, “white hat” hacker was prodded with restrictions until a “fork” appeared in hackerdom and the increasingly unethical or “black hat” hacker emerged. (In addition, a “gray hat” hacker is someone who generally doesn’t hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their activities.)

 

The security-violating type of computer hackers began to merge with an existing group of “phone phreaks” who had developed “blue boxes” to gain free access to the public phone system. A whole computer and network security-oriented hacker subculture developed, often termed “network hacker subculture”, “hacker scene” or “computer underground”. This includes both white hat and black hat hackers, but the mass media and popular culture used it as a pejorative, particularly after the release of the 1983 film, WarGames, where hackers were elevated in the public’s eye as nothing less than a threat to world stability.

 

So, the “white hat” hackers went on to found the free and open source movements, while the “black hats” began to do such things as violate software copy protection mechanisms and deal in pirated software. As the 21st century began to pick up steam, the evil hackers or “crackers” went on to devise sophisticated means of breaking into computer systems, developing in the process the kind of present-day malware that can seize control of computers and extract banking and credit card information, or else they can just use the PC for spamming purposes. Evil hackers have even distributed programming kits and scripts so that the most inexperienced, malicious, would-be black hat hacker can impress his friends by attacking some of the more vulnerable computer systems, and deface accessible Web sites.

 

In the darkest areas of hackerdom, mischievous teenagers writing simple computer viruses have been replaced with teams of professional criminals who collect and trade in vast lists of valuable personal and other information. There are even techno-terrorists out there trying (sometimes successfully) to shut down power grids and cause mayhem, and the line between these and the more financially-oriented criminal hackers is starting to blur a bit.

 

For example, while at the Davos Summit, Ashok Vemuri, Senior Vice President and Head of the Banking and Capital Markets Business, Infosys Technologies, posted this on the World Economic Forum blog: “I had several fascinating statistics thrown at me in conversation. Whilst three years ago 90 percent of hacker attacks were benign with little dollar impact, 90 percent of hacking nowadays is malicious designed to disrupt data or steal information. One of the newest concepts I heard about earlier was ‘data-kidnapping’ — where hackers break into business systems and block a company from using its data, effectively holding them to ransom.”

 

Thanks to such phenomena as Moore’s Law, larger segments of the population are able to afford less and less expensive PCs. This results in interpersonal relations on the Internet tending to mirror the moral fabric of the general public, which in many cases can mean that a user suddenly finds oneself having descended to an odorous region of cyberspace where a “lowest common denominator” mentality reigns unrestrained.

 

“Community”, “networking” and “social utility” environments such as chat rooms, LinkedIn and Facebook are in fact potentially dangerous. February 12, 2008 was “Safer Internet Day”, touted in 50 countries around the world with events in schools and other organizations to educate children and parents about Internet dangers. Even adults tend to share too much personal data on the Web, and too many of children’s online “friends” are the proverbial wolf in sheep’s clothing.

 

Clearly, the criminal mentality (or just common venality) of certain segments of the public must be dealt with as effectively in cyberspace as it is in the real world, for we are all starting to spend as much time online as offline.

 

-----