Four Threats For '09 You Haven't Heard of

ancientribe writes "Security experts are cautiously on the lookout for some lesser-known but potentially lethal threats that could be more difficult to prepare for and defend against in 2009. These aren't your typical enterprise hack attacks. They're mainly large-scale Internet threats — attacks that knock out sections of the Internet infrastructure, radical extremist hackers, Web attacks that adversely affect online ad revenue, and even the unthinkable: human casualties as a result of a cyberattack." Also known as the new group of things the fear mongers will use to make you do their bidding.

Re:"The Unthinkable"

[betterunixthanunix]

People often forget that many real world, physical system have internet connections, and therefore many people cannot even fathom the idea of a cyberattack resulting in human death. I read about a hack a few years ago that nearly resulting in a man being shot and killed by a SWAT team: somebody had spoofed the phone system and issued a call to 911 indicating that he was holding a family hostage, and the SWAT team arrived and very nearly shot the father in that house. The kid who executed the hack never even considered the possibility that a SWAT team with automatic weapons might actually fire their guns during the confusion (or so he said when he was arrested by the FBI). TFA indicates that a malware attack hit a UK hospital and shut down the computer systems, forcing doctors and nurses to search for paper records.

Re:"The Unthinkable"

[Myrddin Wyllt]

It's unthinkable the way physically bombing a hospital is unthinkable. It doesn't mean somebody might not think to do it, just that you have to question the perpetrator's humanity if they were to actually go through with it.

How right you are. [guardian.co.uk]

Re:human casualties as a result of a cyberattack .

[Gordo_1]

It's not that simple. You forgot about embedded systems. For example, a few years ago as an employee of a security software company, I had a conversation with the head of IT at one of the largest healthcare providers in the U.S. The conversation went something like this (I'm paraphrasing):

Him: We have a had a heck of a time dealing with systems ping-ponging the Blaster worm at each other. Rebooting them fixes the problem temporarily, but eventually they just get reinfected.

Me: Sounds pretty straight forward, we can help you remove malware from infected systems.

Him: Well, a lot of our "Windows systems" are actually portable medical devices like kidney dialysis, heart monitors and life support machines running embedded Windows NT. They are built by the manufacturer with a particular software load and certified by the Department of Health. I can't change so much as a registry key on them or they will no longer be certified for use in a hospital.

Me: So let me get this straight, you're saying that you have life support systems that are infected with worms and you can't disinfect them because the procedure would make the life support system less safe than it is with active malware on it?

Him: Beyond rebooting and using external firewalls to block worm packets, my hands are tied so long as the system continues to perform its primary function.

Me: Have you considered just disconnecting them from the network?

Him: No can do. We need to monitor status and administer remotely.

Now, I'm not saying that this situation is still true today or even that it was representative of the state of the healthcare industry at the time, but I find it highly believable that a virus/malware/worm outbreak somewhere *has* had an impact on someone's life.

Re:Sounds like a sales job to me.

[plover]

Actually, it probably wasn't as expensive as you might think. Hang Wi-Fi access points around the place and let those get to the "untrustworthy" network. Use the physical Ethernet jacks installed 10 years ago to access the critical network. Pile the rules into the routers to permit only the business ports to and from the business machines. And set IDS systems to keep watch for suspicious traffic there, too.

If data transfer to and from the critical network is a requirement, such as exchanging X-rays with a partner clinic or whatever, a bastion host would be the only way to pass data between them.

Then you can go after the desktops with physical access to the critical network, and make sure they're running an absolutely stripped down installation -- no USB ports, no autorun, no unneeded services, one-minute timeouts on screen saver activation, etc. If I were configuring them, I'd even remove Explorer as the shell, and restrict them to a custom menu of blessed applications.

It really just takes time, money, and planning, but it's doable. And it's something they can't afford to get wrong.

Re:I just had to point out a couple things, sorry

[mlwmohawk]

Ever heard of Karl Popper? I didn't think so.

It is usually a mistake to assume something about a person whom you've never met.

In short, you CANNOT "prove" a scientific theory. There is a fundamental logical problem with the very idea: We make predictions, and sometimes the predictions come true.......snip

You are confused about what Popper's theory really was. He acknowledged that in small well bounded cases that prediction was possible, but in larger unbounded problems, it was probably impossible due to all the random and unpredictable elements inherent in the universe. Not that things could not be predicted in general, but that even the best predictions only had a probability of happening.

In the case of evolution, the "process of evolution" has been proved beyond any reasonable debate. The research and case study is undeniable.