CyberWars, Governments and Internet Security

There's an 800-lb Gorilla in Internet Security that nobody discusses or acknowledges:

If Governments decide to apply their Technical and Military Intelligence skills to the Internet, not only won't we know, we won't be able to do anything about it.

Talking to a friend recently, off the top of my head I outlined 4 levels of Internet attackers/exploits (highest level/most competent at the top):

• [4] National Military and Commercial Intelligence: surveillance, espionage, counter-espionage, targeted cyber-attack.
• [3] Commercial Espionage and "Exploit as a business": Exploits and SPAM as a Service, botnets, Credit Card and Identity trading.
• [2] small-scale, "hobbyist" and semi-professional technical creators. Some sales to level [3].
• [1] script-kiddies, Internet "graffiti"/vanity attackers, customers of level [3].

These levels may or may not be "official" and may not be complete. But they are roughly right.

Security threats "in the network": detection and countering

A new Internet Security report for July-Dec 2011 from M86 is out: "New M86 Security Labs Report Reveals Spread of Malware Growing via Social Media, Targeted Attacks and Exploit Kits" [PDF]

It triggered a thought that first occurred to me during the "No Internet Censorship" campaign:

The perfect place for those wanting to hide illegal activities is "within the network", to work as Admins for Internet Providers. They can monitor, avoid and intercept Law Enforcement etc. requests and respond in many subtle ways.

This thought arose after two rather disconcerting incidents for me:

• A TV documentary on Internet Porn mentioned the officers have to view these images and that it can lead to desensitisation over time, and
• an unprovoked personal attack within an Admin's forum by a "security professional" upon an individual. Sexually explicit language was used and that the language went unremarked by the entire forum was gob-smacking for me.

 We also have the phenomena of the group "Anonymous" acting as Internet Vigilantes. Again, an Admin (with unlimited access rights) within a major Internet Provider is the perfect place for such groups and their activities.

Microsoft Troubles: XV. My prediction not fulfilled

In 2006 I looked at the Microsoft Annual Report and thought "I've seen this before, their market is being taken by newer 'substitutes'. They'll hit a 'financial pothole' within 5 years, give or take."

Well, that hasn't happened, so my prediction was wrong.

Microsoft Troubles XIV: iPhone sales bigger than total MSFT Revenues

Another interesting piece from Business Insider: "Apple's iPhone Business Alone Is Now Bigger Than All Of Microsoft".

Steve Ballmer can't be a happy man... His competitor that almost died, but they helped save, looks like it's "done an end-run" around their business and is trouncing him convincingly.