The factual narrative is enlivened by focusing on the story of two individuals who have battled against the rise in cybercrime. Barret Lyon, a computer whizz who unwittingly became embroiled in protecting legitimate and illegitimate businesses against attacks. Andrew Crocker is a British detective, who in working for the National Hi-Tech Crime Unit in the UK, went to Russia to track down and prosecute hackers and to find out who they ultimately worked for. 

The books offers great insights into how cybercrime works, who is involved and why it is being used. It is truly shocking and thought-provoking, in equal measure.

This news, I am sure, helped provoke a severe case of ‘I told you so’ from the cloud ‘nay-sayers’. However, whether the server site was in the cloud, or on plain boring terra firma, the cause of the hack, was not something new or revelatory. It was in all probability, something more prosaic. A hole in a particular application may have opened the door, or other instances of Zeus could have captured log-in credentials, which were then used to access the necessary services hosted on EC2.

It requires site owners to ensure that they lock-down access to the server and that they update and patch the software used to mitigate any vulnerabilities. The rush to cloud based services and infrastructure is gathering pace. What this incident should remind us is that the same rules, controls and requirements need to be applied to sites hosted in the cloud, as anywhere else.

The current generation of spy-phone software has one major drawback and that is that you need to have access to the phone you want to tap to load the software onto it. That being said the Newsweek article goes onto outline that a new generation of mobile spyware that is being developed for law enforcement agencies will accompany a text message and automatically itself on the targets phone when the message is opened. The supposition being that the same technology could also make its way into the hands of criminals.

The article finishes off claiming that AV and security programs developed for computers require too much processing power, even for smartphones.  At the end of the day, the spy-phone software is just software, just as is the security software that can detect it and mitigate the risk. So I do not sign up for their presumption that smartphones are exposed. We are seeing the evolution and deployment of security software for smartphones.  There is a saying in our industry – ‘security through obscurity’. By and large, it can be seen to be a truism. At the moment, with smartphones this can also be seen. Given the number of mobile operating systems that are being used e.g. iPhone OS, Palm Web OS, Android, Windows Mobile, Symbian etc, it neatly segments the addressable market into smaller chunks that may diminish the attractiveness of any segment to the malware author. It may simply be a moment in time, but no doubt many would like it to hold for as long as possible. Thankfully, in term of actual numbers, the volume of malware for smartphones and applications such as spy-phone software is dwarfed by that created for the PC.  However, it is one area that needs to be taken seriously and a careful eye kept on it.

The following article caught my attention as it draws attention to the increasing focus that the cyber-criminals are putting into ‘optimising’ key words that, when put into a search engine, would lead someone to a site that they have setup and control. Once, you are on the site, they can then start to try and attack your PC directly, or by getting you to download a file that would contain malware. This whole approach is premised on them inserting themselves into legitimate terms, from there they work to optimise their sites so they appear further up the rankings, hence increasing the likelihood that someone would click through to their site.  The term that is being used to describe this attack approach is ‘search engine poisoning’. We have created a Podcast that details the motives behind search engine poisoning and provides information on how you can protect yourself.

The sceptics out there will say – ‘heard it all before’.  However, I do think we are getting to a point of lift-off. The technology and devices could make this happen are starting to make real in-roads. The attention that the Amazon Kindle has gained in the past year is testament to it. In the US, the ‘Hulu’ on-demand access to TV shows and movies has proven itself very popular. Here in the UK, the BBC with the iPlayer has pushed the concept of ‘streaming’ and any-time access into the consciousness of the masses.

In prospect, what all of this means is the opening up of a potential new security considerations. At the end of the day, ‘content’ is digital and it is software, therefore it can be exploited as malware.  Time and attention is going to have to be given to the security issues attendant with this brave new world. Nobody is going to be happy if they download and pay for books, only for them to be scrubbed by a virus, or held to be subjected to ransom-ware.  I am sure this is a subject area and topic that we will all come back to (repeatedly) in the fullness of time.

The UK is somewhat characterised as one of the countries wherein, its citizens are extensively monitored. It is a sobriquet derived from the early and extensive adoption of CCTV. The UK Government had been set to try to implement a database that would have recorded all internet activity for the use of the security services. This has now been scrapped, according to the BBC.

The Home Office will instead ask communications companies – from internet service providers to mobile phone networks – to extend the range of information they currently hold on their subscribers and organise it so that it can be better used by the police, MI5 and other public bodies investigating crime and terrorism.

There is an interesting analogy that could be used here and it is with respect to the modern day telephone. We are all aware and have become accustomed to seeing our telephone activity being logged. Every month, we receive our statements and we can see that someone has been logging all the call we made, to what number, at what time and for how long. By implication we acknowledge that this is happening and we are comfortable with it, as it does not go to the next step of reporting the content of the call. Furthermore, we are all aware that law enforcement can now routinely uses telephone records to help with criminal investigations.

So, there is practical and legal precedent. It will be interesting to see if this can and will be extended to the internet. The Government is now engaged in another round of consultation. It will be interesting how this round of discussion and debate pans out.

In travelling around and meeting with the Press, invariably the conversation gets round to a discussion about ‘what will be the threats in the future’? Now, predicting the future is a notorious game. However, I have long held the view that we are seeing the future being played out today. Our world is all about the internet and that is what will be attacked and wherein where the threats will come.  What is important, is having access to the ‘net at all times and in a flexible and adaptable way. Increasingly, we see the ‘net and our daily lives through a ‘browser’. We are seeing the browser being attacked and exploited. Whilst, at the same time, the browsers are becoming increasingly platform or OS, agnostic. You just expect your favourite browser experience to be available to you, never mind what device you are using, or where you are. Now, we are not quite there yet, but the direction is set. Which, gets me back to that advert for the new smartphone.

I really need to listen to myself a little more. The ‘OS’ really need not matter to me – I need to conquer that particular addiction. I need only concern myself with whether I can connect to the ‘net, surf and email, listen to music, use the GPS and watch movies. Importantly, that it should be safe at all times and in all situations.

Within the article, there was an example given of how counterfeit routers were sold to the US Marine Corp and Air Force. The US based distributors of the counterfeit routers have subsequently been indicted.  Following on from this, the FBI provided a  briefing in which they outlined how counterfeit routers ‘could’ allow foreign agents to disrupt secure networks and ‘weaken cryptographic systems’.  Now, from what I could discern, there was no proof that these routers had been used to compromise any networks: but the point is made and understood.

For the moment, in the world of malware, Trojans are proving to be a popular and effective delivery method for the bad guys.  It is interesting to see, in this example,  the possibility for hardware to be used as the receptacle for the delivery of an exploit or attack. The hardware is the ‘Trojan’ and the threat lurks within. Given the fact, that increasingly, all manner of electronic devices now have some form of storage, processing power and the ability to ‘network’ themselves, then at a conceptual level, we can see the potential security issues.  Now, actual examples of real-life exploits are few and far between, to my knowledge. That being said, the Businessweek article moves the story on one more notch.

Once again, what it does show, is that the search to get branded goods at ‘bargain’ prices does come at some cost.  Notably, security.  As with everything, the lesson has to be: check into the provenance of what you are buying.

There was a side of me that was pleased that the readers felt comfortable and able to discern the elements of a modern day security product. Well, we have been talking about ‘strength-in-depth’ for a long time now and people would seem to recognise and understand this. But then again, one could generalise that the readers of PC Advisor are the more technically engaged and interested. Hence, they could determine the different aspect of a security product’s arsenal.  The reality is that probably, most people would not know the respective merits of one element of a security product from another. Nor should they I suppose, they expect us security companies to take care of all this stuff for them.

In that regard security software has gone the way of the automotive industry. Gone are the days when  you could lift the ‘bonnet’ of a car and marvel at the site of the carburettor, the overhead gasket and the timing belt. Back then, we were encouraged to take an interest, it was a talking point in drive-ways across the land as men-folk (trying not to be sexist here), would congregate to view and discuss the relative merits of one car engine versus the other. Have we fallen out of love with the car? No, we have simply moved on.

Now, with security software, times are moving on and fast. Many of the more obvious elements of the software are being supplanted and changed. We are trying to keep security software ‘out of the faces of users’, as much as we can. We are trying to do much of the job in the background and away from the user. It will be interesting to see, what aspects, of a security product PC Advisor readers will rate in two to three years time.

I have been in IT for nearly 20 years now, and throughout that time I have had the opportunity to help and participate in the launch of the many new products. Invariably, this involved the ‘live’ demo of the product. As soon, as the mention of this comes up from the marketing folk, you see the product people, starting to wince and recoil. Excuses are proffered, as to why this might not be necessary (read for that advisable).  The IT press have had the pleasure of experiencing, a veritable treasure trove of failed ‘live demos’. It is the stuff of legend in our industry.

We are making some very big claims with Norton 2009. We have a game changing product and it challenges many of the preconceptions and realities about security software.  So, I decided to proactively tell the PR and marketing folk that we needed to ‘walk the talk’. It was game-on for  the full live demo in front of some one hundred IT journalist from across Europe.

So, I did a full live demo of an install of the product in one minute. Norton Pulse updates streamed onto the machine every few minutes. The Press saw Norton Insight, our new real-time Whitelisting technology, determine that it need only scan 7% of the files running on the system.  They were able to see for themselves, the minimal impact that NIS 2009 was having on CPU cycles and memory and our new idle time scheduler purring away in the background.

So, I left the stage with a spring in my step. NIS 2009 had simply done what it was built to do and that which we are telling people it will do. But in doing so, it made a positive impact on those in the room.  I left the stage, safe in the knowledge, that Norton 2009, would not be joining the ‘hall of shame’ of live demos.

NAV and NIS 2009 are superb products. Many people have come up to me in the past days, to tell me how impressed they are. I stand there and take the plaudits. But my thanks and admiration are for the team, who worked long and hard, with passion, innovation and tenacity to bring to market NAV and NIS 2009. Give yourself a treat, go and download a trial of them.