Security Blog

Your source for information security news and views.

The Other WMD

Posted by: Kyle Deming

Tagged in: viruses

The possibility, even when remote, that a small band of fanatical terrorists could gain possession of the materials necessary to assemble and detonate a nuclear bomb in the United States is one of the most horrifying dimensions of risk in the 21st century. It serves to define asymmetric warfare. A war where an extremely small number of committed individuals are able to harness unbelievable power in their attacks on the most developed and prosperous nation in the world.

A related aspect of asymmetric warfare is the inability to identify and target the assailants through classical means.

A closely related concept of weapons of mass destruction (WMDs) are the tools of mass disruption. The use of such tools are often referred to as cyber warfare, and their threats have many parallels to our concerns over traditional weapons of mass destruction.

  1. Weapons of mass disruption can be harnessed by an extremely small group of committed individuals.
  2. Their potential for collateral damage is significant.
  3. Like a nuclear blast, their destruction is indiscriminate.
  4. Properly identifying the source and counter-attacking with traditional conventional programs may be impossible.

Over the last year, we have seen numerous events that clearly raise the probability of a loss to weapons of mass disruption (WMDr). There's good reason for us to raise our concerns over an expected loss to WMDr.

In Estonia and this year in Georgia, we have witnessed expanded use of disruptive attacks. DDos attacks on critical infrastructure are quite potent. We have seen successful attacks on the Commerce Department's office responsible for tracking and protecting our intellectual property globally. Targeted attacks on Spam House, DNS servers and commercial sites all add to our heightened threat level for WMDr.

Given the knowledge that the probability of an incident is increasing, we should also note that there is growing evidence that the potential impact of such attacks is also expanding. Two areas of particular concern are VoIP phone systems and our DNS directories suggest that far more vital infrastructure can be easily knocked out. A parallel concern to the potential damage that can be wreaked is based on the growing capacity of botnets. When over a million nodes can be leveraged as attack vehicles, the potential impact becomes chilling.

If we take to heart the vast array of vulnerabilities we are patching on a daily basis, it's clear that virtually all devices we are connecting to the internet can potentially be compromised and harnessed as attack nodes. This would include gaming or video recording devices built on Linux kernels. If the kernel has known exposures, and it's possible to touch these devices through the net, couldn't they be compromised? What happens when a million video recorders turn on us?

The first step in any appropriate strategy to defend against WMDr is to increase our awareness, and include this threat in our risk analysis. This would include paying as much attention to WMDr as we do to WMDs. Literature on risk analysis demonstrates clearly that high impact but low probability events are often very difficult to measure as compared to real relative events with high probability but much lower impact. WMDr are far more likely to impact most enterprises, but the perceived impact is very limited. We may need to pay special attention to adequate defenses to make sure that this is the case.

More to follow . . . .