It's a truism that sites get hacked every, and some may even deserve it. But we're no longer talking about individual hacks by disgruntled geeks. We're looking at massive, well-organized plans to take over vast portions of the Net. Case in point: The SQL Injection exploit that infected more 70,000 sites -- including some parts of CA's site -- according to researchers at Grisoft.
It gets worse. In a presentation to the security wonks at a SANS conference, CIA analyst Tom Donahue revealed that hackers accessed the power grid in several foreign nations via the Net and tried to extort money from the local governments in return for not turning off the lights. Think about that the next time you experience a rolling blackout.
But the real elephant in the server closet is the Storm worm, which celebrated its first birthday last week and continues to spread across the Net via holiday-themed e-mails. According to Sophos, poison pen Valentines e-mail accounted for 8 percent of all e-mail traffic last week.
We know that millions of machines have been infected with the Storm bot, and every so often they receive instructions, but mostly they've been strangely quiet.
A security wonk of my acquaintance (who asked to remain anonymous) has an interesting theory on what these millions of zombie machines might be used for: the evil equivalent to SETI. But instead of parsing interstellar radio signals for signs of intelligent life, these millions of zombies could be put to other distributed computing tasks, like cracking complex passwords. Heck, the bad guys could merely rent their grid out to anyone with a Dr. Evil-ish scheme for world domination. Call it Storm Cloud Computing.
Of course, there's not just one Storm network. There may be dozens. One was recently employed in phishing attacks on Barclay's and Halifax banks, another used to spew out pump-and-dump spam last year.
My anonymous security wonk also tells me that most of the malware action has moved from Russia to China -- or at least, Chinese subnets. Apparently Russian locals have started to crack down, so the bad guys jumped borders to friendlier environs. It seems World War III may be fought online. Strap on your virtual kevlar, because it's about to get ugly.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Everything you need to know about email and web security (but were afraid to ask)
Best Practice in Building an Integrated Information Management Strategy
Mimosa™ NearPoint™ for Microsoft® Exchange Server: Email Archiving 101
Enterprise Wireless WLAN Security
Cutting printer costs
Business Intelligence and Enterprise Performance Management: Trends for Emerging Businesses
Delivering the Power of Choice with Microsoft Dynamics CRM
CRM your salespeople will love
Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Mitel Launches Simpler Unified Communications 2008-11-19 17:40:00+11
Symantec Security Products Shine in In-Depth Protection Reviews 2008-11-19 13:01:00+11
Digital Sense opens first stage of the world’s largest data centre complex in Brisbane 2008-11-19 13:00:00+11
RightNow Technologies Delivers RightNow November ’08 Plus New On Demand Enterprise Contact Centre Package 2008-11-19 12:00:00+11
Valorem uniquely deploys RSA SecurID for remote workforce management 2008-11-19 10:16:00+11
Everything you need to know about email and web security (but were afraid to ask)
What you don’t know can destroy your business. It’s hard to imagine modern business without the internet but in the last few years it has become fraught with danger. Read on to discover how internet security can give your business a competitive advantage.
Buying Guides
Buying Guides
