We all see the stories, the headlines. And they grab our attention. This story is THE VERY BIGGEST THING THAT HAS EVER HAPPENED!!! But will it happen to you? Not bloody likely. Very few of us have ever personally faced a gunman, or a terrorist threat. However the things that really threaten us. (Emphysema, Heart Disease, Divorce, Depression, Pneumonia, Diabetes, Loss of a Loved One, Bankruptcy, Loss of Employment) these things are not BREAKING NEWS.
As it is with the news, so it is with computer security. You all know about the big newsworthy viruses. The Melissa, the STUXNET, the BRAIN and so on. These things were big, they were splashy, they were BREAKING NEWS.
Mea Culpa. (oh yes I am!) It has been my job to get the media to pay more attention to cyber security of all sorts, and that is easiest to do with a BREAKING NEWS kind of story. My best coverage was when a certain news station was shut down by a virus. I got on camera with a famous newscaster. It didn’t matter that this wasn’t a threat to most people. What mattered was that myself and my company were admitted experts in this field of study. (don’t worry–I qualify on every possible measure and so does my existing company, F-secure)
But here is the real truth. These days, we don’t see many blockbuster viruses. In fact, we don’t see many viruses at all. (for reference: a virus is self replicating malware. If you are infected with a virus, you are a possible source to infect others with the same virus) because today’s malware isn’t written for bragging rights (not like in the great age of viruses) today’s malware not only infects directly each machine infected. (by a variety of methods) but it scrambles the code on almost every infection. This means that we actually don’t know exactly which piece of code infects which machine and for what purpose.
This is great for the criminals, nation states, hactivists and others producing this malcode. It is bad for BREAKING NEWS. You see, without the big numbers (one million generally gets media attention) you don’t get BREAKING NEWS. Our reportage is all about what’s big. Now we face an entirely new level of threat, this time to our privacy. It happens for a number of reasons and there are a number of bad guys. This is also the only real current threat to your mobile device. Here is the chart about privacy threats:
|BAD GUY||Where you get tapped||What is it used for?||How to protect?|
|YOU (for oversharing)||Social Media||Advertising and BEYOND||Be more careful!|
|Skeezy character||Public WIFI (evil twin, sniffing, etc)||Theft of credentials, eavesdropping, blackmail||
|Hacker (infecting WIFI)||Insecure connection (man in the middle)||Everything (from general to specific)||
|Advertising Company (of questionable moral tenor)||BHO’s, Spyware, browsing, social media||Reselling personal data about you (to anyone at all)||
So you see, this is not about BREAKING NEWS. It’s about everyday occurrences. Just like the news, you are more likely to be affected by a small scale attack than a large scale attack. The large scale attacks are much larger, but there are many many more small scale attacks. How many more? As many as one million each day. Hacking is becoming a common pastime for even the most small time of criminals. It is even considered a rite of passage for smart kids with a streak of rebellion. (as we all know, those are the very best kind) It’s not going to get any better any time soon. Give FREEDOME a try. Why is FREEDOME such a good solution? That is a subject for another day.
David Perry — Threat Strategist — F-secure
Huntington Beach, California — November 9th, 2014