home Cyber Cyber Security Computer immunity failure

Computer immunity failure

Jul 24, 2013

This post is also available in: עברית (Hebrew)

As discussed in a previous article, the mechanisms available to hackers allow them to create a phased plan to take over computer systems, particularly those of the novice endpoint user. The problem of the core weakness of computing systems is what makes them vulnerable and penetrable by hackers.

The core weakness of the legacy networked computer system is a result of the interaction of two components, which even a perfect implemented legacy system can’t defend – that of the human interacting with a complex system.

i-HLS Israel Homeland Security

Some key features of the legacy computing system are that it is a very complex combination of hardware and software, connected to a multitude of peripherals and running concurrently varying programs, some of which are very sophisticated and communicating over the network (WWW). Upgrades and repairs are made frequently with or without user consent. The system programs are initiated by the user or by other programs and much interaction between programs is takes place.

Some attributes of the endpoint user: In most cases the user has very limited knowledge of the complex system he is using. He is careless in using the Internet and makes many errors. This carelessness and error prone behavior leads to exposure and makes the hackers’ job easy. Hackers don’t need a 100% success rate nor 90% success rate in order to be satisfied. Out of a billion users of computing systems, PCs, notebooks, netbooks, pads, smartphones…just 1% represents over 10,000,000 users.

Utilizing sophisticated tools available on the WWW free or for fee, hackers are able to rapidly detect and penetrate computers. The process in most cases is automated and uses disguised sites and what looks like trusted users. The sophistication of attacks is designed to match the targets for penetration. Persistence of hackers allows them to coincide their action with a faulty user action.

Insiders present yet another challenge. They can get access to computers and use various means that allow them to take control of easy to access computing systems on the network. The systems that are taken allow them to then penetrate the real targets of a corporation and use them to get access to proprietary and confidential information. They could also install software that lays dormant, to be activated at the right time as defined by the creator of the software.

The fact is that it’s not really known how many computing systems are infected at any given time. It is estimated that only a fraction of the really sophisticated infection cases are detected. It is well known that in many cases malware is activated to fulfill a certain task, usually when its detected it’s too late to avoid damage and the only action that is taken is an upgrade of defenses to protect against the specific attack. The trouble with this approach is that these days, hackers create almost customized versions of their malware for different computers and in this way avoid the case that detection of one infection will lead to the detection of others.

IT administrators managing corporate networked computing systems are the weakest link for corporate protection. If their station is infected, the corporate system gets exposed and the corporate assets risk losses or damage. The attack in such cases is not directly on the administrator. A novice user on the corporate network is infected first, his computer becomes slave to a hacker (or insider) who then uses it as a “trusted” source, masquerading as a legitimate user and infecting the administrator system.

Similarly, infrastructure networks (smart grid, water treatment facilities, transportation, etc.) are infected and pose a major challenge to governments. Legacy computing systems are defenseless against hackers’ attacks, and we need to act under this assumption.

By: Moti Barkan, ImageZone Inc.