The specificity and type of information willingly made available to the public by an enterprise on its Web page also may pose significant risk in terms of operational security. In January 2002, the National Infrastructure Protection Center released an advisory entitled Internet Content Advisory: Considering the Unintended Audience. The advisory provided a seven-question evaluation aimed at assisting an enterprise in examining the potential risk posed by the content it publicly displays on the Internet.
The tools available to the enemy as weapons in the battle have become more potent, more readily available, and easier to use. Whereas hacking was once considered an activity limited to those with more advanced computer skills, the tools with which to engage in hacking are easily acquired and shared on the Internet, and now require much less skill to put into play. The attacks are at the same time becoming more widespread, more damaging, increasingly more complex, and more difficult to detect. The stealth and e-mail disguise capability of the MyDoom virus was a key reason behind its rapid dispersal.
Often the discussion of the weapons available against us in the war focuses on the deployment of the latest version of a known virus or worm, or the exploitation of a zero day vulnerability. Equally important to consider are the threats posed by the exploitation and malicious deployment of new types of technical devices. The widespread exploitation of devices such as key loggers and skimmers has lead directly to the increase of cyber-based credit card fraud and identity theft, while the techniques employed in war driving present a persistent threat in the wireless community. Not too long after the initial exploitation of key loggers was discovered, use of wireless versions began to be deployed in the commission of some cyber based crimes.
Staying Current on the Threat
The complexion of the battleground is continually changing and the nature of the threat constantly evolving. The challenge from the security perspective is to stay abreast of new and emerging technology and the ingenious ways in which it can be exploited by the potential cyber terrorist.
Thomas Bello is a senior security consultant with Sako & Associates Inc. Located in Houston, TX, Mr. Bello has experience cyber security and electronic crimes through his service with the United States Secret Service, where worked on the HITEC Electronic Crimes Task Force. To learn more about Sako, visit its Web site at www.sakosecurity.com.