Inside the mind of an attacker
This morning, I woke up, walked downstairs, and performed my morning rituals, including a review of OmniFocus on my iPad to see what was on tap for today. I looked at my list of projects, my next actions, and those items that are due in the next few days. Then, I went to work.
In many homes across the world, days began in similar fashion. Some of those reviewing their projects, however, had a decidedly different thematic thread: their projects have the goals of breaking into the networks and servers of key government and industry organizations for purposes of espionage, theft, or disruption. And they get paid to do it.
Some of us remember the earliest days of the Internet when servers were open to all. In fact, anyone could log onto the root account at Richard Stallman’s server and create their own personal account. My, how far we’ve come when breaking into networks and systems is a career path!
In the early days of people breaking into systems and networks, most actors were solo and focused on showing their own skills while demonstrating the weakness of those they attacked. Early viruses and worms (like the Morris Worm) were often the result of bugs in the target systems and mistakes in the attacking code.
Today, governments across the world are applying their resources investing in full-time staff to break into systems and networks in other parts of the world. From the Syrian Electronic Army to the People’s Army, the US Government, and organized crime, attacks come from many different sources looking for a variety of results. This means the mentality is professional, organized, and coordinated, and the attackers are motivated by a variety of results, from financial to patriotic.the early days of people breaking into systems and networks, most actors were solo and focused on showing their own skills while demonstrating the weakness of those they attacked. Early viruses and worms (like the Morris Worm) were often the result of bugs in the target systems and mistakes in the attacking code.
Knowing this, it’s essential that you determine the best way for you to defend against these attackers. They aren’t going to give up, so you need to be diligent and focused on your defenses. And we’ll talk more about that next time.