In an effort to boost it’s defenses, South Korea has enlisted 120 of it’s most talented programmers, offering full scholarships for 7 years of military service. Korea University’s national cyber-defense department will produce it’s first batch of graduates next year.
This program is just a part of a broader build-up though. South Korea is increasing the size of it’s cyber command to 1,000 people and increased information security spending by almost %50 between 2009 and 2015.
Unfortunately though, the South is racing to catch up. North Korea started training it’s hackers in the early 90’s and, according to the chief of S.K.’s defense security command, has 1,700 highly skilled and specialized hackers. He also called North Korea a ‘global cyber power.’
The South has been playing catch up for awhile actually, it wasn’t until a ‘suspected’ North Korean attack in 2009, that paralyzed a large number of government websites, that the South set up a cyber-defense command. In 2013 North Korean hackers attacked South broadcasters and banks. An estimated 32,000 computer servers were paralyzed, and the country lost an estimated 750 million dollars in economic damage.
Luckily South Korea seems to be training some excellent talent in their national cyber-defense department. This is shown by their students winning the ‘Hackers World Cup’ this year in August at Defcon in Las Vegas.
Recent attacks on Target, Home Depot, and Sony have brought up the need for precaution for attacks through technology. It first started with Target, stealing millions of credit card numbers through a malware program that was uploaded to the security system in Target. Then the same thing was done with Home Depot. Then cyber-terrorism as people call it, went to the next level with Sony. North Korea attempted to destroy the computer network, it wasn’t just to steal information. These are not the only instances in which hackers have tried to infiltrate U.S computer systems. By the likes of Russia, China, North Korea and Iran have tried to hack into U.S companies for espionage purposes or financial gain. As of right now there is no effective strategy to counter these infiltrations.
There are legislation’s taking place to address the threat that is currently endangering our country. As of right now, there is a federal civilian interface at the department of homeland security. They cover 16 different sectors and a private sector. However, this isn’t nearly enough, as the assistant director from the FBI cyber security division Joseph Demarest, told Congress “the sophisticated malware used in the Sony hack “would have slipped and gotten past 90 percent of the net defenses that are out there today in private industry and been a challenge to state governments.” Which means that our standing in Cyber security is very weak, and we are very vulnerable to cyber-terrorism.
There is now a way from people to steal your ATM PIN code. All it takes is a add on to your phone. What this add on does is that it makes your camera on your phone inferred. This means that you can now see the heat signature’s of things through your camera. How this is a problem is that after someone types their PIN in a ATM if you walk up and take a picture of the keypad with this inferred camera you can see what keys they pressed before they left. You can also tell for the most part in what order the keys where pressed by how bright the color that is left. There is only 2 ways that you can protect yourself from this. One thing that would make this difficult would be if the PIN had the same number in it 2 or more times. The other would be rub you hand on the keypad after you are done putting in you PIN so that the heat of your hand would get on all of the keys making it impossible to know which ones you really used. There is a 80% accuracy if the image was taken right after the PIN was typed in. After 1 minute there is about a 50% of getting the PIN right. The case that has the infrared camera on it is only about 200$ and you can get it at any Apple store. Also this does not work on metal keypads because it reflects and dissipates the heat to fast. Rubber and plastic keypads work the best for retaining the heat signature.
In a follow up to my post about ethical hackers, I found an article about a Cyber Challenge which was looking into getting teenagers and young adults, who have are partial to hacking, interested in cybersecurity jobs. “In the eyes of the organizers of the Maryland Cyber Challenge and Conference, today’s hacker could be tomorrow’s cybersecurity hero.” Realizing that there is a shortage of security professionals in the work force, those who ran the whole conference, intended to help those who attended see the great aspects of cybersecurity. The challenge itself was:
an all-day brain tester for eight high school and eight college teams. The college students had to hack into a computer, gain control, and rummage through files for valuable information. Meanwhile the high-schoolers were required to defend six computer servers against attacks by cunning computer professionals seated across the room.
It would seem that the “Ethical Hacker” is a much needed resource in this day and age.
The introduction to the Bruce Schneier’s book Secrets & Lies alluded to an industry that will be booming in the upcoming years, insurance company-driven Cyber Security Providers.
Mr. Schneier pointed out that many companies and organizations don’t invest enough money and effort into protecting their digital data. Making sure that data is safe from potential attack or theft is a new concept to non-tech savvy business leaders, and one that isn’t at the top of many company’s priority list. Unfortunately attacks are becoming more widespread and more complex, so the likelihood that a business will be attacked increases daily. To off-set the threat and the possible losses incurred from an attack, some business owners are turning to insurance policies.
Mr. Schneier feels that as more business owners turn to cyber insurance policies, the insurance industry will push for cyber security providers to supply better services (to better protect business owners). The demand for services will increase, and so will the need for some sort of industry standards for cyber security providers. Looking forward from Mr. Schneier’s viewpoints, one can see a new service industry spring up to meet the needs of standardized and strong cyber security services to meet insurance company requirements.
A similar “cottage-industry” boom occurred in the late 1990s as companies rushed to prepare their computer systems for Y2K, but that was a temporary surge in demand. Conversely, cyber crime and attacks will only increase as global economies suffer and people become more desperate to find alternative sources of income. To see how important it is, just look at the Information, Security and Forensics program that is growing in popularity here at RIT. The emergence of the Cyber Insurance industry will increase the need for more highly trained professional, and should lead to plenty of long-term employment opportunities for people with the right skill set.