The online world faces ever more audacious and intrusive assaults

By Mark Twomey

Saturday, December 31, 2011

Cyber attacks will hit more critical infrastructure and even result in loss of life in 2012, an expert warns Mark Twomey

CRYSTAL-ball gazing for 2012 has highlighted incredible technology sector predictions.

Chief among them is targeted cyber attacks involving critical infrastructure, resulting in the loss of human life, and Microsoft updates becoming more frequent.
Dermot Williams, managing director of IT security specialists Threatscape also says Twitter will be bought by Google.

First and foremost, according to Mr Williams, is that hacking will result in a loss of life. He says over the last 12 months there has been an increase in targeted cyber attacks, and a number of high-profile incidents involving critical infrastructure — many of which were suspected to be state-sponsored. "In 2012, I expect this type of attack will not only continue, but given the type of systems being targeted, we will see at least one incident where direct loss of human life results," he says.

His second prediction is that export controls will be introduced for "lawful intercept" hacking tools.

"Want to export a nuclear missile to a "rogue state" such as Iran or North Korea? No, of course you can’t. Ditto for a long list of munitions, stun guns, ‘dual use’ materials and much more. Various computer security products — especially those containing strong encryption — are likewise prohibited from sale to those who the US and its allies consider a threat to world peace," he adds.

"But bizarrely, the sale of computer technology designed to defeat computer security is not controlled in this way. So, while it is illegal to sell software to those fighting for democracy in various states, supplying their governments with technology that allows their secret police to spy on private citizens is perfectly legal. Hopefully 2012 will see export controls updated to remedy this bizarre double standard."

Thirdly, Mr Williams says ever more sophisticated mobile threats will emerge as smart phones dominate the market.

"Imagine if you could track the movements of an individual of interest to you anywhere they went. Or read their email messages, spy on their SMS messages, maybe even remotely eavesdrop on their conversations or take a few undetected photos or video clips from far away.

"We’ve already seen a banking trojan which can infect both your PC and your mobile, in order to capture your online banking credentials and any one-time PIN being sent to you by SMS. This is just the tip of the iceberg and, for 2012, I predict that some of the most audacious and intrusive of all cyber attacks will be those targeting mobile devices."

Mr Williams’ fourth prediction is that consumers’ trust in digital certificates will be undermined.

"The most that a typical user may be aware of is that the ‘padlock’ symbol in their browser indicates their communication is with a confirmed entity and is secure as it traverses the Internet. But is it?

"This year saw multiple instances where compromises of certificate authorities allowed attackers to issue fraudulent certificates (Comodo and DigiNotar, for instance). I fear that the certificate authorities business will suffer an increasing number of cyber attacks — something it is vulnerable to because of its highly fragmented and widely distributed nature."

Mr Williams’s final prediction outlines the speed at which hackers attack security vulnerabilities in Microsoft’s operating system and, as a result, software patches will become more frequent.

"Patch Tuesday is the monthly event — normally the second Tuesday of the month — which sees Microsoft release security updates to remedy the most recently discovered security vulnerabilities in their products. The intention is to fix flaws before attackers have time to actively exploit them," he says.

"But, with an increasing number of flaws being discovered, and a greater scramble by hackers to exploit them before patches are released and widely deployed, I think 2012 may see Microsoft bow to the inevitable and start to release their patches with greater frequency, perhaps weekly."

One of Mr Williams’ bigger predictions is non-security-related — Google will buy Twitter.

Mr Williams says that the time has arrived for Google to take a bolder step if they are to gain any traction in social networking.

"My prediction? They swallow their pride, get out the cheque book and buy Twitter. Then they can start to slowly and subtly leverage the phenomenon that is Twitter to drive more of the overall online social networking experience towards Google."

This appeared in the printed version of the Irish Examiner Saturday, December 31, 2011