"Spy vs. spy" is mad magazine's classic cartoon that pits two virtually identical characters against each other in an espionage and dirty-tricks contest that never ends. Great news: Hacking is heading straight into "Spy vs. Spy" territory as it moves into its next phase, the for-profit era.It is a natural and predictable progression. You'll have to admit, the exploits of hackers who merely spread viruses and took down servers was getting stale. Vandalism is a low form of antisocial behavior. Eavesdropping and theft of secrets are of a higher order. That's about the most positive spin that can be put on this development.
Several recent news items show that the new era is fast upon us; for example, the hostage-taking of some 55,000 credit card numbers at Creditcard.com. Not long before, a cracker was discovered to have been siphoning money into his bank account from the gas pumps of a local service station. There are other crimes waiting to be perpetrated, if they haven't been already, including the electronic laundering of illicit money through offshore bank accounts and holding confidential medical information hostage, to name a couple. And the growing use of less-secure wireless networks—not to mention the physical theft of laptops—will create even more seams of vulnerability.
How bad is it?
"It's really easy to crack systems these days," said Don Reifer, president and CEO of Reifer Consultants, of Torrance, Calif. Reifer has abandoned home banking and given up DSL in favor of a 56K-bps modem because of security fears.
Still, IT managers must find a way to deal. For example, if a cracker obtains access to your corporate system, you may want to use "honey pot" data to fool the intruder into thinking that he or she has discovered valuable data. All the while, you'll be tracking his or her actions in an effort to gather evidence.
Here at eWeek, we'll do our best to bring you news of the latest security breaches and how to deal with them, but in general, news will not be easy to come by. Why? The same reason the CIA's PR department is probably the smallest bureau in all of government.
Reifer estimates that we hear about no more than 20 percent of all security breaches. The grim truth is that, as I write this, the most outrageous and damaging breaches probably haven't even been reported.