Chances are, if you read 10 articles or blog posts about the 2010 RSA conference, you will hear the term “cloud computing” ten times. The cloud was clearly the dominant theme of most of the presentations, product demonstrations, and discussions which took place at the Moscone Center in the first week of March 2010. However, another theme was nearly equally present in presentations and discussions: Cybercrime.
What was clear if you listened for cybercrime instead of being deafened by the cloud is that the problem is getting worse, not better. Cybercrime attacks are increasing in frequency, becoming more effective, and becoming more profitable all the time. Cybercrime is increasingly in the news thanks to Operation Aurora and Google’s public disclosure. The APT buzzword is flying around and driving some in the security industry a little batty (although I did get and wear a pretty cool shirt).
As I mentioned in earlier posts, a few of the RSA keynotes mentioned cybercrime. Most of these mentions were aimed at telling us that cybercrime is getting more profitable and is not going away. Cybercrime is definitely the elephant in the room these days at security events. The security industry itself largely knows how to protect itself from attacks (but isn’t immune by any stretch of the imagination) but has a hard time finding ways to educate others and provide them the necessary tools to make cybercrime less profitable for the criminals. And the current state of tools just isn’t sufficient:
Traditional security products are simply not much help against APT attacks, said Alex Stamos, a partner with Isec Partners, one of the companies investigating the APT attacks. “All of the victims we’ve worked with had perfectly installed antivirus,” he said. “They all had intrusion detection systems and several had web proxies scan content.”
At the RSA 2010 exposition, the Symantec booth had a section dedicated to cybercrime called the Black Market. Inside you could see a storefront where physical representations of online information were available to put in your shopping cart, with prices and descriptions abounding. Everything from credit cards (with guaranteed freshness and CVV2 codes) to full online dossiers (with photos, addresses, social security numbers, etc.) and of course customized malware. You step behind a hidden door and find the laboratory where the cybercriminals are at work – with their botnet controlling software, developing new malware, and printing new fraudulent credit cards. It was a powerful visual representation at the industry which has sprung up around the illicit trading of valued information.
I’ll be writing two more articles within the next week about the other education I received about cybercrime during RSA 2010 which I’ll link in the comments once they are complete. The first is about the briefing I attended by Mikko Hyppönen, Chief Research Officer of F-Secure about targeted malware attacks. The second is about a talk called “Your computer is worth 30¢” by Gunter Ollmann, VP of Research at Damballa which was presented at the Security BSides unconference.
Unfortunately, the discussions, presentations, and demonstrations around cybercrime were not as upbeat as the discussions about cloud security. While individuals and businesses see the move to the cloud as an opportunity to improve security, there are far fewer positives on the cybercrime front. The security industry seemingly has a worthy adversary in the cybercrime industry. Contrary to what Howard Schmidt says, we are at war.