One of the goals of the national broadband network (NBN) is to deliver a ubiquitous high-speed network to the country. If that does eventuate, QinetiQ North America's Eric Olson, of the company's Cyveillance unit contends there will be some increased security risks.
Speaking ahead of the CeBIT conference next week, Olson said he agrees with the economic and social benefits high-speed broadband can provide but also outlined five possible security scenarios on the NBN to raise awareness:
- “The first is what I colloquially call ‘hot to bot’. What I mean by that is botting or installation of remote control software onto home or office PCs to turn it into a bot,” Olson said. “Botted machines on slow connections, if you look at the three to six most common things with botted machines - that includes spamming, hosting of child pornography or other types of illicit or illegal content used to blackmail online businesses like casinos – [being slow] is a peculiar sort of defence. If you are on a slow connection you are no use to a bot herder.”
So in other words, if you are on a fast connection and a potentially a faster device to play with, you are likely to be used or targeted by botnet creators.
- “When most people look at broadband they say, ‘hey, great, fast download speeds’. What most lay users at home think less about is upload speeds. However, upload speeds mean that whether it is loss of information, for example, over peer-to-peer equipped home computer or data extraction from a corporate or government agency type of environment. In the old days if you were on a slow connection and were trying to extract data by sneaking it out by a tunnel at one little bit at a time, getting the 6GB of database or credentials or competitive industrial espionage stuff out the pipe would have been a slow process. When I am on a fibre, stealing a 6GB database doesn’t take very long. It can be done while someone is getting a cup of coffee.”
- “Despite all the vaguely plausible arguments to the contrary, the overwhelming use of peer-to-peer is to exchange copyrighted music and movies. It is in fact a crime and the laws are very clear on that. But you will get a lot more of that.”
- “Another part of peer-to-peer that I care about is one of those porno videos you downloaded – which is what a lot of people use P2P for – has a malicious bit of code in it that changes the folder that is shared. Sometimes from ‘my shared music’ to ‘everything on my computer’. So P2P use grows and it is full of malware. Now you have more infected machines - see earlier discussion of botted machines.”
- “As IPv6 rolls out there will be all these new devices that talk to each other. So you will be increasing dependencies in both high-level private sector or commercial market systems and government systems to the availability and trustworthiness of the Internet. There will be other things that depend on the Internet that didn’t before. There are a number of people talking about how wonderful smart grids will be when your coffee pot and refrigerator can talk to each other and you can control them remotely from your iPhone.”
Again, Olson pointed the fact that as these devices are now connected to the Internet they may become targets for botnets.
Olson will be talking at next week’s CeBIT conference in Sydney. Computerworld Australia will be bringing you all the news direct from the event so stay tuned.