Security industry falling behind the hackers

GTISC's report has warned that security systems have fallen behind in the war with hackers

The hacking community is outpacing the security industry, and different sectors of the IT community need to work together more closely to narrow the gap, warns a new report from the influential Georgia Tech Information Security Center (GTISC).

A GTISC panel comprising members of the government, IT specialists and academics warned in its 2008 Emerging Cyber Threats Report (PDF) that existing systems are falling behind hacking techniques, which are becoming more popular and effective.

"The rapid rate of application development for these mediums has outpaced information security technology so far," the report concludes.

"While the emphasis on functionality over security may not change in 2008, GTISC expects collaboration between the security industry, carriers, ISPs, application developers and internet users to begin closing the security gap."

The report highlights five key areas that need addressing: botnets, Web 2.0 attacks, targeted messaging, telecommunications and RFID hacking.

The panel estimates that about 10 per cent of the world's computers are currently part of a botnet, and that the rate of infection is increasing. Such networks are increasingly being used for fraud, and the panel suggests that carriers must do more to integrate firewalls within IP subsystems to check the spread.

The emergence of Web 2.0 poses new threats to internet users, the report finds. Web developers need to be more security aware, and security technology needs to make better use of heuristics to identify and curtail suspicious activity.

"As the natural evolution of the web progresses from 1.0 to 2.0 and beyond, more content and code from multiple and varied sources will be housed together on the client side, creating a highly complex environment for security governance and protection," said Gunter Ollmann, director of security strategy at IBM Internet Security Systems.

"In 2008, expect to see underground organisations shift tactics and focus more on Web 2.0, particularly mashup technologies, leading to more abuses at the user end wherever possible."

Improvements in anti-spam technology have caused hackers to move towards more targeted messaging to steal data, according to the panel. As phishing sites get shut down faster these targeted messages will attempt to install permanent malware on users' computers to steal information directly.

The increasing convergence of communications systems and computing into voice over IP (VoIP) systems also poses new dangers. In one scenario the panel explained how a mass VoIP infection could be used to overload the 911 emergency phone system in a denial-of-service attack.

Finally RFID hacking is expected to take off in 2008. The report referred to existing RFID security as "extremely limited" and warned that hacking will become a major issue in 2008.

"In the early stages only the hacking elite could exploit Wi-Fi devices, but as the technology gained popularity and became standardised, the first generation of automated Wi-Fi hacking tools and instructions became available," the report stated.

"In the near future, GTISC expects mainstream exploit tools to enable less technical hackers to attack RFID technologies."