Monday, December 22, 2014

Clocks putting national security at risk

Egyptians measured time with hourglass, a device that controlled water flow to time actions. Even before human beings had used sundials or sand clocks. The first clocks of weights and wheels appeared at the time of the Byzantine Empire. They evolved in the Middle Ages until they got more sophisticated and reduced their size leading to the hand watch invention around the seventeenth century. Then they came the mechanical ones, later the analog and digital ones, and finally the atomic one.

All the technological network of our society is depends on tools for measuring time, ranging from the flow of actions itself to the connection and communication of data packets and the input and output of information displayed on a screen. To control all this, they were developed time management protocols such as the NTP one, used to synchronize the clocks of different connected systems preventing leaks and packet loss. But Neel Mehta and Stephen Roettger, from Google’s security team, have demonstrated that NTP is remotely vulnerable and allows to gain control of a system with user permissions. This vulnerability affects almost all systems, but it becomes critical regarding ICS and SCADA architectures, which are used for power stations, traffic lights or water purification systems.

All these are critical systems operating under computer network being vulnerable to external attacks. As a matter of fact, a nuclear station in South Korea discovered some compromised terminals this weekend, although they assure that the risk of catastrophe is dismissed.

As more you dependent on computer systems, as more important it is to fortify your defenses. Antivirus software and firewalls are not the only protection measures you should use. Analysis tools and persistent attacks prevention software, employees’ security awareness, encryption by default and contingency plans in case of both information theft or denial of service attack, stand as the most appropiate strategies to face computer threats. Above them all, risk management, which is a essential paradigm for business in 2015.

Information is valuable enough for both governments and crime industry that makes them move to such interesting territories as the TOR network. This network is making headlines again after several of its output nodes have got apparently collapsed. This attack could have been perpetrated  by both sides. It  could be the prelude to a new wave of compromised nodes as it has already happened in the past.

The strategies for information theft evolve over time, adapting to how the customer uses technology at each moment. WordPress sites are increasingly being targeted by cyber attackers who compromise this platform in order to seize it and upload malware to the websites, so the visitors get infected.

A battle against time: good guys are always running several seconds behind the bad ones. Between them, it is the user whose clock seems to have stopped ten years ago.


Post a Comment