Platt Perspective on Business and Technology

Information systems security and the ongoing consequences of always being reactive – 8: moving towards proactive controls 6

Posted in business and convergent technologies, social networking and business by Timothy Platt on March 21, 2013

This is my eighth installment to a series on the state of information systems security going into the second decade of the 21st century, and on challenges that will have to be addressed in moving forward from where we are now (see Ubiquitous Computing and Communications – everywhere all the time, postings 185-188 for Parts 1-4 and its continuation page, postings 189 and following for Parts 5-7.)

I primarily focused in the first six installments to this series on computers and networked computer systems that have to be protected from outside intrusion. I then turned in Part 7 towards the people who produce and distribute malware, pursue behavioral engineering attacks and behave as black hat hackers, arguing a case that any proactive information and cyber-security system has to go to the source of the problem as well as addressing its more symptomatic side and the specific security exploits launched. And at the end of Part 7 I added that I will look into that from the perspective of a social networking taxonomy and in terms of social networking connection patterns and strategies. I am going to do that as the primary topic area for this posting, but before I do so I would set the stage for it by putting a social networking approach to information security into perspective.

• Modern black hat hacking and malware production, distribution and use are all driven very strongly by a profit motive,
• And are organized around marketplaces in which personal information useful for identity theft, access to botnet resources and a wide range of other products and services are bought and sold.
• These marketplaces are essentially all run online, and both as a route to global connectivity, and as a means of firewalling participants from direct contact with other participants for their individual and collective protection.
• Many if not most of these participants would be expected to connect into these online markets through anonymizer servers and other surreptitious routes to hide their true identities and locations. But ultimately, every participant in these systems does have to connect in and they have to do so at some point from their own computers and through standard network connections.

And this is where these details become really interesting from a security perspective.

• In order for the web sites, social networks and other online venues involved in this industry to work, people who would do business in it have to find them. If the dynamics of this trade were to change in ways that meant that online connectivity and business transaction resources, could only very transiently be up before being switched or compromised, traffic flow into them and business conducted through them would become a lot more limited and the overall scale of the cyber-crime problem would be reduced. Then even more strictly reactive security systems would do better – this would positively impact on cyber-security at all levels.
• One route to achieving that would be for white hat hackers and information and cyber-security professionals to more effectively tap into the social networks in place, where information on how and where to connect into these business sites is shared.
• This would help both for identifying where black hat products and services are being bought and sold, and in what volumes, and precisely what is being offered on the market. And this would also open up new avenues for identifying who is involved in this trade and in what ways.

And this is where an understanding of the structure and dynamics of social networks per se offers real and valuable insight into the cyber-security problem. And with that I turn to one of my more fundamental postings in this blog, relevant to social networking and business: Social Network Taxonomy and Social Networking Strategy.

• Some of the most important participants in the social networking and business oriented connecting in this industry all but certainly, individually and personally maintain a very low profile, and only connect very selectively and with a few individuals.
• But the bulk of the work of organizing and managing these web sites and other venues involved in this, and getting word out to prospective customers and business partners as to industry activity, would be carried out by highly connected individuals.
• Spotting those individuals and identifying their online footprints and activity, is key to bringing a proactive approach to cyber-security to the black hat hacker community itself, that comprises this industry.

I write in my social networking taxonomy paper of:

Hub networkers – people who are well known and connected at the hub of a specific community with its demographics and its ongoing voice and activities.
Boundary networkers or demographic connectors – people who may or may not be hub networkers but who are actively involved in two or more distinct communities and who can help people connect across the boundaries to join new communities.
Boundaryless networkers (sometimes called promiscuous networkers) – people who network far and wide, and without regard to community boundaries. These are the people who can seemingly always help you find and connect with someone who has unusual or unique skills, knowledge, experience or perspective and even on the most obscure issues and in the most arcane areas.

Think of the cyber-crime industry as being divided into specialty communities that work together as what amounts to a small business ecosystem, with community groups that produce and test out, and sell computer viruses, or worms or rootkits, groups that specialize in designing and carrying out phishing and spear phishing attacks, botnet herders and others who function in that arena and more – and with overlap and interaction where for example one person or group might produce the software that would allow a botnet specialist to capture control of personal computers, and another might buy that and use it to actually assemble and manage botnets. And one group might develop and own a centrally controllable botnet or suite of them and rent out or sell access to these resources to customers much as businesses rent cars or hotel rooms. Or one individual or group might run a phishing campaign to capture personally identifiable information from computer users, and then sell this information as bundled packages at so much per identity on what amounts to an open market.

The goal of identifying and tracking, and mapping out the social networks that organize and enable this industry can best be reached by identifying and tracking that small percentage of its overall socially networked community that in effect drive the network and hold it together as its hub, boundary and boundaryless networkers. And I add that any less connected but still central figures in this social network are in most cases going to be connected actively to just a few individuals – but virtually all of them will be high-value connectors.

I am going to step back in my next series installment to look at cyber-security from a broader perspective, and as a multilayered approach, in which all of the elements and systems discussed so far would play active roles. Meanwhile, you can find this and related postings at Ubiquitous Computing and Communications – everywhere all the time and its continuation page, and at Social Networking and Business.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: