June 16, 2014

Serious Cyber Security

Filed under: Main — admin @ 12:01 am

Recently, I went to a fairly sizable dot-com operation to lend my talents. You’ll read more about my adventures in the future. For now, I’d like to discuss something fascinating that happened during lunch one day.

I met a fellow named Mark. As I usually do, I asked what he did for the company. His answer? “Security.”

Mark’s job was to keep his organization safe from the Bad Guys — not robbers or burglars, but the online type of Bad Guy.

His is a serious position, especially for an organization that makes all its income in cyberspace. If the outfit is offline or hacked, then they instantly stop making money.

Of course, Mark actually has a very unusual role: If he does his job well, then no one notices. He seemed to be okay with that, understanding how vital it is to protect the organization from what’s apparently a constant onslaught of attack.

Hearing him tell the tales was scary. Even though Wambooli is a teeny web site, and not my sole source of income, I’m sure all the things that Mark described are actively happening right now to this very website.

Mark related three levels of attack against which he defends the organization.

First are the bots. These are routine attacks, also known as Denial of Service (DOS) attacks or simply probes. These happen constantly, perpetrated mostly by computers infected with malware.

These attacks basically test the first-line defenses. For example, they look for an open Port 80, which is the HTTP port, used by web pages. They recognize basic server configurations and sniff out common exploits. These are the security flaws that exist on every un-patched or un-updated computer.

One easily-exploited weakness is WordPress, the software that runs the Wamblog. This is one reason I no longer allow registration: The exploits are too well-known. Bad Guys are constantly attacking. But by turning off registration (and comments) you increase security.

Second are the more sophisticated attacks, which could originate in Russia or China. These attacks generally look for websites that accept credit cards. Mules, who are real people trained to breach security although they’re not hackers, will attempt to use stolen credit cards to confirm whether or not the numbers are valid. Apparently the black market value of a stolen, confirmed credit card number is double that of an unconfirmed number. So the mules test the numbers and then their bosses re-sell the cards.

Finally, Mark defends the dot-com against specific attacks. These are deliberate, targeted directly toward the organization. They could be from competitors or corporate espionage, looking to steal software and resources. Those are the ones that would hurt the most if the Bad Guys got through.

I have no idea how Mark or someone like him would do his job. I assume he’s good at it because he’s still employed and the dot-com is safe. Yet I can’t imagine the horrific job he has or the motivation behind why people try to do evil in the first place.

2 Comments

  1. Does WordPress take any responsibility in protecting the people who have blogs and the people who read them on their site?

    Comment by The Gnome Whisperer — June 17, 2014 @ 3:41 am

  2. Not really.

    I met with them once at a trade show. Now I’m assuming that the people manning the WordPress booth were real employees or devotees or something and not just temps. I asked specifically about the robot registration problem all my blogs have. Their “solution” was for me to buy add-on user management software, which actually doesn’t even address the problem!

    Now they do send out upgrades and patch exploits. The software is freeware and the code is open, which means that Bad Guys don’t have to work hard to find those exploits. But if you want more security, you have to devise your own solutions or pay for add-ons that boost security. As far as “responsibility,” it’s really up to the operator, which is probably the biggest problem.

    Comment by admin — June 17, 2014 @ 7:22 am

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.


Powered by WordPress