Hackers Are Getting Older and Smarter
A recent article by Kevin Poulsen on Wired.com made a sobering observation: software hackers are becoming as sophisticated in their programming as the software they’re trying to attack. Where hacking used to be something of a harmless, if annoying prank by bright, restless kids before they went off and got regular jobs, hackers are increasingly well-funded and making use of state-of-the art technology to design the trojans, viruses and spyware that attempt to get into your computer.
Today, the best hackers have the skill and discipline of the best legitimate programmers and security gurus. They’re using mind-bending obfuscation techniques to deliver malicious code from hacked websites undetected. They’re writing malware for mobile phones and PDAs.
The Case of the Clever Conficker
Poulsen cited the the worst case of computer infection in recent years, the Downadup worm , also known as the Conficker worm (see “Latest Worm Infect 9 Million PCs”). One reason the Conficker worm spread so quickly was that it was the first widely-released program—good or bad—to incorporate M6, a state-of-the-art cryptographic algorithm developed at MIT. When crypto expert Phillip Porras first dug into Conficker’s code, M6 was available only from the websites of MIT and the U.S. National Institute of Standards and Technologies—and no one even recognized M6 at first. When it came to implementing M6 the bad guys had beat the good guys to the punch!
Other portions of Conficker were equally impressive: the way it doggedly hunts for anti-virus software on a victim’s machine, and disables it; or the peer-to-peer mechanism. “There were points where it was pretty clear that certain major threads inside Conficker C seemed to be written by different people,” Porras says. “It left us feeling that we had a more organized team that brought different skills to bear…. They aren’t people who have day jobs.
Another reason the Conficker worm wriggled its way into so many computers was the flexibility and responsiveness of its software engineers. Just like legitimate software engineering teams, when the authors of Conficker discovered a security hole in the first release of their program they stayed up nights and patched their code within just a few weeks. Experts are observing new malware coming out as quickly as a couple of days after a new vulnerability is announced.
What You Can Do?
- Be proactive. Now. Believe that you’re computers connected to the Internet are at risk and it’s up to you to fortify them.
- If your anti-malware software doesn’t run automatically get in the habit of running it daily. If you haven’t updated your anti-malware software lately, do it today.
- Make sure your operating software is updated regularly. The best method is to let it download and update automatically. Software vendors will update their software as quickly as possible after a serious weakness is discovered.
Read the article – Future of Cyber Security: Hackers Have Grown Up.