Our world is filled with gadgets and technology that we now take for granted but which only a few years ago would have seemed unbelievable and absurd. The Internet itself is an example - the extent to which it has permeated nearly every aspect of our lives is nothing short of astounding. Yet very few people predicted this.
It is with this sense of humility about the amazing history of technology that we should ponder the future of information security. The security industry is full of people in strategic positions with their blinders on - they only see today's problems. "Encrypting our TCP/IP traffic, a pervasive public-key infrastructure, biometrics - these will ensure a more secure future," they might say.
But with new technology breakthroughs, along with inventive new applications of very old technology, the hacker's toolbox of the future will probably look fairly exotic compared to how we imagine it today. What do I mean?
Advertisement: |
TEMPEST. The National Security Agency has long researched the electromagnetic emissions coming from computers and methods for interpreting these signals. Crypto activist John Young has been busily attempting to get this research into the public domain via the Freedom of Information Act by posting it on his site, Cryptome.
The data interceptions that are possible from this type of research cover a broad spectrum. Monitoring emissions often does not require physical access to private facilities - private data can be read from a public location.
HERF Guns. High Energy Radio Frequencies have been known to wreak havoc with today's sensitive electronic equipment. Building a gun that blasts a pulse of radio static and crashes nearby computers can be a simple way to create a denial of service condition on a computer without knowing the intricacies of TCP/IP stack programming. A former Navy engineer demonstrated just such a device, reportedly built at home for $500, at this year's InfoWarCon. Of course, that is just a warm up to the Electromagnetic Bomb.
The Electromagnetic Bomb. In the next decade you can expect much speculation, threats and research into an "electronics killer" bomb, based on low-yield nuclear weapons or non-nuclear options. The idea is that a large electromagnetic pulse from a nuclear explosion in the upper atmosphere could destroy electronic devices in a large geographic area. If it were possible, this type of cyberwarfare would be devastating.
HAARP. The Pentagon's High frequency Active Auroral Research Program has gained some notoriety for its study of the ionosphere, an upper region of the atmosphere capable of reflecting radio signals, allowing them to travel much farther than line of site. The ionosphere makes much of our long-distance communications possible. Unfortunately, the ionosphere is not a perfect medium, and is susceptible to solar flares, which can interrupt transmissions.
While HAARP seeks to understand how to minimize problems with the ionosphere, the research actually includes ways to perform controlled modifications of the ionosphere with high-powered radio frequency beams. Transmitters have already been built that are capable of this. The theories floating around are that a system could disrupt radio traffic, possibly improve reception, or create a secure channel while disrupting everyone else's transmissions.
Hacking smart cards. Recent research has shown that encryption programs might possibly be cracked on smart cards. The programs wouldn't be cracked through a traditional mathematical attack upon the algorithm, but by measuring the power consumption of the card.
Steganography. This is the technique of hiding data within graphics files, such as the common gifs and JPEGs on nearly every Web page. You can expect steganography to become a preferred method for smuggling data in and out of enterprises, as security systems often ignore these "harmless" files.
A government contractor at this spring's Security Research Alliance conference spoke of a device his tiger team once built to grab passwords. Rather than trying to sniff the wire, where the password packet may be encrypted, they grabbed the password as it was being entered. Sure, you are thinking, they captured it with a Trojan Horse program. Actually, they modified the keyboard with parts from a garage door opener and tracked the keystrokes with a small receiver across the street. It cost $10.
There are certainly many other ideas being dreamed of - these are just a few. Many of the exotics mentioned here are based on well-known scientific principles related to differing types of wireless technologies. Literally everything radiates something; we may just not know how to listen - yet.
Is there a message in my futuristic ramblings? While some exotic hacker weapons will surely be flights of fancy, some others will certainly come to fruition. The best way to future-proof your information system from security threats is to go back to the basics. Start with a foundation of security - good policies, strong risk management, sound audits and world class processes. Using strong technology to secure and protect poorly conceived security standards is a disaster waiting to happen.
OK, I am finished - beam me up.
RELATED LINKS
Archive of Network World on Security newsletters
Network World Security Alert will keep you up to date on the latest security holes and patches, with daily updates from key vendors, security organizations and Network World reporters. See the latest dispatches from the security here.
