Network Security Innovation Platform

It looks like hackers have started to use social networking tools to keep in contact. share information and organise themselves. A new social networking site, house of hackers, has been formed and already has over 900 members (8th may 2008). Formed by the ethical hacker think tank GNU citizen, who’s recent published works include zero day exploits for quicktime on MS Vista, SNMP scans of the Internet and how to crack the BT home hub product. This does suggest, as we have known, both black and white hackers are becoming more organised, but is this a new phenomenon?

The tradition of organised groups within the hacking community goes back to when the word hacker was synonymous with exploring and creating new ways of doing things. The one of the first recorded groups was known as the 414’s which used technology computer equipment to ‘break’ into systems ranging from US research laboratories to hospitals. The ethical debate around the terms black, grey and white hackers is one which has been raging both internally within the community and externally for some years now. I will leave that for another day!

This new development using social networking technology and web 2.0 technology moves, quite conspicuously, the hacker community into a new era. Groups that normally would be siloed and quite insular now have the opportunity to share information and co-ordinate for both good and bad purposes, how this will evolve we will see over time.

This all may seem quite disconcerting but some of the most innovative people have been born out of the hacker community, in the more traditional sense of the word. Steve Jobs, co-founder of Apple, Bill Gates, founder of Microsoft and more recently Larry Page, founder of Google have all made a immense impact the commercial world and have transformed society over a relatively short time period.

The challenge for the innovation platform is how do we harness the power of these communities to deliver innovative research which will benefit the UK and change maybe change the world in the same way that Gate and Jobs have?

Paul

On May 1st Nigel Jones, Director or the Cyber Security Knowledge Transfer Network, was featured in the daily telegraph

As some of you will know the EPAC call sandpit attendees went on a tour around Terminal 5 at Heathrow airport last Nov, it was impressive. Most of you will also know that things didn’t go according to plan in the opening week. Thousands of bags have been lost or delayed en-route, hundreds or canceled flights and lots of irate passengers.

But what happened?

Well reports have been range from lack of training, internal staff communications, lift failures, system logins not working and car-park spaces not being available. The question is how much of this could have been prevented and foreseen and how much could not. There is a theory within critical information infrastructure analysis which speaks of major failures starting with a small insignificant event which on its own would not even be noticed. This then snowballs into a bigger event and so on until a major problem develops and a major event occurs.

This is known in scientific terms as a cascade effect or failure.

But was this what happened at T5? Well we know that extensive testing/modelling/dry runs were performed in the months prior to go live, but were assumptions made like baggage handlers being in place on time? All the logins working and users signed in? There we enough car parking spaces!?

In this complex and interdependent world, a small disruption to the supply chain have dramatic ramifications if left uncontrolled and unchecked. Just-in-time services work well and deliver huge efficiency savings but they are much less resilient than traditional systems.

T5 may well be one of these occasions.

Paul

The Technology Strategy Board has a new website - check it out here

It seems that the actions of hackers have caused users of a website to have epileptic fits. PR stunt or reality? Have a look here

We have all heard of the problems in Tibet over the past few week, well it looks as if, and I say if, the Chinese government have started a cyber campaign against free tibet pressure groups. F-secure’s blogs have reported that these groups have started receiving targeted Trojans which are specifically for the people inside these groups. (these kind of attacks are known as spear phishing).

Paul

After a long hard few months we are finally at the end of the EPAC selections, the consortia panel session was yesterday and all presentation went very well. A Decision has been made around which ideas will go forwards and receive funding for the next few years. The funding meeting is tomorrow and once the ratio fundings have been decided then consortia will know early next week.

I would just like to say a big thank you to all whom have been involved over the past months and watch this space for updates and announcement about our new competitions and activities in the coming months!

Google is in the news this week with it’s soon to be released ‘health platform’. This is essentially a database of all your personal details that can be used to help diagnose possible illnesses. It can organise your medical records and suggest possible side effects to treatments. I hope the security is up-to-scratch. How difficult is it to remove your data from facebook? I wonder how difficult it would be to remove your health records from google?

Pakistan recently has removed itself from the Internet

The Pakistani government recently ordered the censorship of blasphemous material on youtube. The way which the main ISP within Pakistan decided to do this was by re-routing traffic from youtube to essentially anywhere. The first thing which happened was that youtube disappeared of the Internet for a few hours, and the second was that Pakistan caused an denial of service attack against itself.

Paul

It looks like the house of lords is to debate again the report it submitted to the government last summer. This is in the shadow of these news articles which shows that the on-line environment seems to becoming a more organised and sinister place. We have heard about the shift from the hobbyist hacker to the organised criminals well it looks as the professionalisation of this move has shifted up a gear. Websites and adverts are now starting to appear advertising (quite blatantly) for people with language skills to help target phishing emails and make them more believable. The three languages are Russian, Mandarin and Portuguese.

Finally ISP’s have been asked by the Dept of Culture Media and Sport to tackle the problems around the illegal downloading of copyrighted material. I wonder how this is possible to do, IDS, deep packet inspection or just a random sampling. It is very easy to obfuscate traffic especially further up the Internet hierarchy you go.

Thanks

Paul