- Opponents restate security, scope concerns as metadata retention becomes Australian law
- The week in security: Now law in Australia, data retention challenged overseas
- GitHub recovering from massive DDoS attacks
- Eyes on China as massive DDoS on GitHub heads into day three
- 'Largest DDoS attack' in GitHub's history targets anticensorship projects
No one is safe in cyber land, says Kaspersky
As a first timer to the AusCERT conference on the Gold Coast, I was impressed by the open discussion taking place on subjects ranging from identity theft by comedian Bennett Arron to the possibility from Byres Security consultant Eric Byres of a “Son of Stuxnet”.
It was also fascinating to see the light and dark sides of security together in the same room. The dress style was usually key to discovering which was which – while vendors favoured the business polo shirts and suits, black t-shirts and The Matrix-inspired leather coats seemed to be the fashion `de riguer’ of hackers, ethical or otherwise, in attendance at the Gold Coast. There were no Sith Lord shirts so perhaps the force is not strong for hackers.
However, I digress, because as the conference winds down, and the aftermath of judicial controversy joins the AusCERT mishaps hall of fame, it seems a perfect time to unleash some more thoughts from the self-confessed `optimistic paranoid’, Kaspersky Labs founder, Eugene Kaspersky.
The outspoken Russian is becoming something of a regular at the security conference, having attended last year. In an in-depth one on one with myself, Kaspersky ran a gauntlet of security subjects, revealing his deep concerns about the security landscape.
In all, his message is clear: No one is safe.
Take the Sony Playstation Network, a service attracting 77 million users that has been attacked four times alone since April. Only this week the entertainment giant was forced to take part of its Online Entertainment and Qriocity network offline briefly as it fixed a Web glitch that gave hackers a way to take over users' accounts.
To lock down network security, Sony has been asking users to reset their passwords, but now a Web programming error has made the process here too a dangerous one.
“I think that similar incidents happen with companies all the time but with Sony Playstation it is the most important incident because there are a huge number of people who are victims of that attack,” Kaspersky said. “That’s a very big number so these attacks are serious for the company’s business and reputation. I am afraid that it will happen to other companies that provide similar services.”
Or there’s the subject of the Android operating system. Kaspersky pointed to the operating system’s well-known flexibility and adaptability as a double-edged sword – though a saving grace for software developers unwilling to play in Apple’s walled garden, it has become equally simple for cyber criminals to infiltrate Google’s unpatrolled ecosystem.
But consumers and companies aren’t alone in their vulnerabilities to the “bad guys”; countries are increasingly at risk as well. According to Kaspersky, the emergence of worms such as Stuxnet could ultimately ignite a cyber war with rival governments in facing off against one another in moves to protect their own critical systems. It could also damage any hope for the creation of an internet Interpol to police cyber crime activities, something Kaspersky argued strongly for in his AusCERT speech.
“Do you think North America will allow law enforcement authorities in China, Russia or the Middle East to access its network? Of course not.”
Look out for the full interview with Eugene Kaspersky in the August/September edition of Computerworld Australia
Hamish Barwick travelled to AusCERT 2011 as a guest of AusCERT
Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU