Microsoft had a post yesterday that attracted a lot of press coverage. It concerns an attempt by Russians to take over domains and draw people to them. Microsoft says this time it is the Russians and they are after Congress and Conservative groups. The Chinese have been doing this for years and nobody raised a fuss, including Microsoft, which had bogus domains operated by China. It was Google who took on China on this one by not accepting certificates issued by China's NIC. Microsoft had the same problems with bogus certs and chose to put them on the certificate revocation list. That does nothing.
In any area of computer security, we tend to focus on things that are "hot" at the time. The past couple of years it has been the Russians. Before that, it was the Chinese. I remember the Eastern European gangs being hot at one time. Does anyone remember all the fake accounts on AOL? Does anyone remember AOL?
I used to be critical of security functions when the focus on things that are the hot item of the day. They are using IPs, tools and techniques to focus on certain areas that have been discovered by other security groups who publish reports. They are surprised to find the same folks in their systems, using those same IPs and techniques. They get some satisfaction from finding these people when they shouldn't.
The real trick in security is to find the new tools, the different IPs and technique, and stay ahead of the game. Even that is not what should be done, but it is all that a normal security office can do. We know who the groups are that are doing these kinds of things. They change their tools and upgrade their techniques as fast as we can discover them. They are as good at their jobs as we are at ours. Does anyone want to change this game, or just let it go on as it is?
This is behind the debates going on in this new Administration. We can change the rules of the game but we better be really good when we do. It is going to elevate the arms race for better security and better attack scenarios when the intelligence services of the world are fine with the status quo. They are going to have to work a lot harder.
No comments:
Post a Comment