Funny post from George Ou about the undercover NBC dateline reporter that was “escorted” out of Defcon (here) after trying to get footage of actual hackers, hacking stuff, live and you know on video and doing bad stuff like having tattoos, piercings and looking all counter culture so that Middle America could be shocked by the Hacker underground. Middle America is pretty desensitized by the media so at this point I think the story would have been a yawner, but who knows middle America can get pretty worked up by silly BS. I’m sure that Falwell still thinks that the Children’s TV show “Teletubbies” with it’s apparently gay character Tinky Winky (it is a dude with a purse or so sayeth the Conservative Christian right) is Satan’s doing and will corrupt our youth and turn them into tattoo, pierced, counter culture hackers bent on world domination, the spread of communism, the rise of the beast who will steal music and annoy Christians with Nigerian spam and cheap Canadian prescription drugs.
George’s posting got me thinking…there were some interesting presentations, some not so much, and a bunch that quite honestly I struggled to understand – not because they were too technical but because the speakers didn’t speak English very well but as Bejtlich points out (here) existing defenses can’t defend against the threats, detecting attacks in real-time is pretty much impossible, and the average web-developer and security professionals will never be able to counter these attacks, as he stated “There is no way to get ahead of the threat here” that all sounds pretty bleak and as I wrote before it all spells the beginning of the end (here) or does it? Rational fear, significant threat, are we secure, will middle America be owned, is it the end?
Here is the thing the technical evolution has provided a means for digital pervasiveness. No need to phreak a PBX to make a long distance phone call you can use Skype. No need to hack into a University computer to learn Unix, it’s free off the net and can be downloaded, installed, and configured in no time. Technology is comparatively cheap compared to the Mainframe’s of the past and children are increasingly using computers and the net at younger and younger ages, but instead of an army of malicous hackers hell bent on terrorizing the grandparents of the world there are a lot of really smart people working on building more effective defenses. Sure new defenses trail introduction of new technologies and emerging threats and there are definitely smart people performing malicious acts, this probably won’t end soon but for the most part the evolution of technology has also revolutionized the security industry.
The researchers presenting at Black Hat and Defcon are for the most part responsible, although some are slightly unstable, members of society who work in corporations mostly dedicated to preventing the ultimate demise of cyberspace and hopefully making lots of money doing it. Although there are definitely sophisticated methods of attack it is not the end of the internet as we know it and honestly there is a fine line between informed awareness and irrational FUD. The reality is that the average organization will not encounter a security incident that results in their dissolution, some will though, just like it is unlikely that I will meet my maker after being struck by lighting, bitten by a poisonous snake, or attacked by a rabid squirrel, but I might. All of which are far more scary to me than anything I have ever, or probably will ever see at a security conference or the cyber world. Doesn’t stop me from watching the horizon light up in a desert storm, hike through the mountains or play in the park. Of course I take precautions like not carrying a large metal pole and standing under a tree during a lightning storm or walking barefoot off established trails with my feet wrapped in mouse moccasins. Organization need to take precautions when using digital technologies and that requires a security revolution, the new breed of security professional needs to adapt and become more agile than ever before. The internet will keep on trucking and life will go on even if Mozilla can’t keep their word (here)