When it comes to the future of hacking the expression, “You ain’t seen nothing yet!,” (to quote the Bachman Turner Overdrive song) is very appropriate. Despite all your security measures, from your extra firewalls, double and triple authentications al la RSA, anti-virus programs, and paper shredders to your SecureID keyfobs and cards, hackers are prevailing.
Is it the fault of security companies you ask? No, it isn’t. They’ve locked all the doors and windows and posted guards in the yard 24/7. It’s just that no one expected the bastards to tunnel in under the floor or to hack through your own DNA.
The future of hacking, like the future of technology, is always squirming and breeding and morphing just beyond the normal person’s line of sight. Thus, we don’t generally see a new threat rising until the fully-grown beast charges.
Take, for example, biohacking. Bill Gates recently told Wired magazinethat if he were a teenager today, he would be hacking biology. Hacking the software of life (DNA) is a prime example of why hacking endures even while computer code has become mere child’s play, he said. The challenge of hacking, controlling and ultimately mastering opportunities once thought beyond the purview of man will always lay beckoning.
Say bio … what?
Biohacking. At the moment, it’s mostly taking place in garages and at kitchen sinks. Although the Holy Grail is to create life (of the unnatural variety) from scratch, these synthetic biologists are really attempting to mimic DNA code in other types of engineering including mechanical, electrical, chemical and software.
Their goals range from enslaving micro-organisms to constructing genetic machines. No doubt some of this activity will be beneficial to mankind as it emerges much like the PC revolution arose from garages. But equally without doubt, much of the fruit of these labors will be the poison used to hack and attack corporations, governments and individuals. There will also be an increase in bioterrorism and genetic malware of both the physical and virtual varieties.
“Newer biometric authentication systems will replace passwords, quite possibly with a mix of ocular and filial credentials,” said Kurt Baumgartner, senior security researcher at Kaspersky Lab. “Whatever the credential replacement is, we will see cyber criminals respond with devices that parallel ATM skimmers of today. Iris skimmers and spyware that steals identification information provided by [a person’s] eyes will be implemented and distributed.”
And here many of us were thinking that President Obama’s call for increased innovation in America meant building a better iPad or finding yet another way to charge customers for self-service! No, those were the old ways of the old days in the land of innovation. What lies ahead is infinitely more challenging in terms of execution, security and governance.
In BIOPUNK: DIY Scientists Hack the Software of Life author Marcus Wohlsen chronicles the growing community of amateur scientists including:
* A duo that started a cancer drug company in their kitchen; * A team who built an open-source DNA copy machine; * A mother who developed a genetic test for a deadly disease that had stricken her family; and * A woman who uses spliced jellyfish genes to detect contaminated milk.
While news and books on this shadowy movement of home-scientists are just beginning to appear, the work itself has been underway for some time. For the vast majority of people it will feellike genetic miracles, machines and monsters appeared out of nowhere and the future hit us full in the face with absolutely no warning.
Is it any wonder then that our security measures will fall short?
“The adoption cycle of new technology is staggering and the primary threat is not the evolution of the traditional threat, but new forms of abuse,” said James Lyne, senior technologist at Sophos. “The challenge is that we’ve seen a significant reduction in adoption times for new technologies and it’s become increasingly difficult to identify issues before they appear.”
Back to the present
Beyond the benefits and scares we will soon receive from people in kitchens and garages that we don’t even yet know exist, there are the less adventuresome, but equally troublesome and far more common, hackers to guard against.
Here is a partial list of the dangers they are cooking up:
Malware targeting virtual machines– “Many breeds of malware today can detect if they are running within virtual machines and make adjustments or shut down altogether in order to evade detection, but only a few proof of concept viruses have actually attempted to break free into the host machine,” explained Fred Touchette, senior security analyst at AppRiver. “We expect to see more of these in the near future.”
RFID bandits – Radio frequency identification (RFID) provides many opportunities for potential exploitation. Typically, these exploits will be aimed at the various uses of RFID in supply chain, retail transactions, counterfeiting/cloning, and the ability to defraud physical access such as public transportation.
After all, RFID is just another medium in the electromagnetic spectrum that stores, accesses and enables the use of data. Today, data and the use of data are more valuable than money to any hacker.
“Consequently, RFID adoption creates a new ability to carry out the current and future goal of any criminal or nation state which is using collection, dissemination and use of data to achieve their goals,” said Rich Baich, principal in the Security and Privacy practice of Deloitte & Touche. “These goals will be geared toward economical gain, political influence and projection of power.”
Logic exploits– Logic vulnerabilities are high on the emerging hit list. “Identification of defects in business logic is the next frontier for application, software security,” said Raf Los, Web Application Security evangelist, HP Software. “As organizations understand how to secure their code against programmatic errors, including SQL injection and cross-site scripting (CSS), attackers will inevitably move on to attacking application logic.”
ATM-like hardware hacks– “We’ve seen criminals physically walk in to stores and replace credit card terminals with working replacements that had been modified to contain a 3G modem, which transmitted payment details directly back to them,” said Lyne. “This high scale, intelligent hardware hacking demonstrates that the threat is not just impacting the conventional PC.”
RAM scraping– “For years everyone has been locking down databases since they are the source of information, but now hackers that can breach a server can get an application less than 1MB in size on the server and capture all the data as it is written to RAM before it goes to a database,” said Chris Drake, CEO of FireHost. “An application like this can also capture data (such as credit card numbers) that don’t even go into a database, but that are processed by a third party provider. RAM scraping will be a huge concern as it gains more popularity among the hacker crowd.”
Dark knight attacks– From Microsoft Kinect to smart phones, everything is connected to the Internet and comes equipped with microphones, video cameras, gyroscopic feedback, and GPS. “In the movie The Dark Knight, they hacked into every cell phone to build a live three dimensional image of everything happening within Gotham City,” explained Harry Sverdlove, CTO of Bit9. “The technology to do this is within reach today. Through facial recognition, speech pattern identification, and geo-location feedback, future hackers could raise ‘targeted attacks’ to a new level.”
While there is no need to obsess about these or any other emerging threats, it is important to understand that hackers evolve faster than technology needed to stop them. Indeed, they are the catalyst for the next wave of security technology. We will conquer and be conquered by the next generation of geniuses, both good and bad, exactly as has happened before.
A prolific and versatile writer, Pam Baker’s published credits include numerous articles in leading publications including, but not limited to: Institutional Investor magazine, CIO.com, NetworkWorld, ComputerWorld, IT World, Linux World, Internet News, E-Commerce Times, LinuxInsider, CIO Today Magazine, NPTech News (nonprofits), MedTech Journal, I Six Sigma magazine, Computer Sweden, NY Times, and Knight-Ridder/McClatchy newspapers. She has also authored several analytical studies on technology and eight books. Baker also wrote and produced an award-winning documentary on paper-making. She is a member of the National Press Club (NPC), Society of Professional Journalists (SPJ), and the Internet Press Guild (IPG).