In the cyber arms race, humans will replace computers in the crosshairs
Like a supercharged car powering up a steep mountain, cybersecurity threats have shifted into another gear.
In the beginning, when “script kiddies” tapping on rudimentary computers in their parents’ basements would break into websites and deface them, attacks were a nuisance and not much more. As major businesses began to use the internet for transactional processing, networks became targets for items of real value, from proprietary corporate secrets to money.
Now the stakes are becoming much higher, as illustrated by the indictments of 12 Russian military officers last year for the hacking of documents from the Democratic National Committee. The hackers were charged with conspiring to influence the U.S. presidential election.
It was a theft of mindshare and, if security experts gathered at the RSA Conference in San Francisco this week are to be believed, the debacle of 2016 will look like a mere stroll in the park next to what’s going to happen next year.
“Hacking computers is hot today, but very soon it will be the least of our concerns,” said Kenneth Geers, chief research scientist at Comodo Security Solutions Inc. and Cyber Centre Ambassador for NATO. “Hacking humans is next.”
Botnets influence opinion
At the heart of the security community’s concern is the ability of malicious actors to leverage botnets and tools provided by social media networks themselves to influence public opinion. Reports released by the U.S. Senate in December found that more than 30 million people in the U.S. shared content from Russia’s spy agency on Facebook between 2015 and 2017. The reports indicated that the Russian operation reached 126 million people on Facebook and 20 million on Instagram and also uploaded more than 1,000 videos on YouTube.
At RSA on Monday, security researchers noted that rather than a decrease in 2018, the pace of influencing activity on social media actually grew in last year’s midterm elections. Microsoft Corp. has documented new Russian hacking attempts that targeted specific candidates and political groups over the past year.
“This will be an omnichannel attack in 2020,” James Foster, chief executive of ZeroFox, said in his RSA presentation with Comodo’s Geers. Foster described a process that would enlist all forms of digital communication. “The target for elections from here on out will be mindshare,” he said.
Fake followers and ad fraud
There are plenty of signs that malicious actors will be well-equipped in the battle for mindshare, based on recent activity seen in manipulating public opinion though fake followers and the growth of advertising fraud driven by sophisticated botnets.
Security researchers from GoSecure have been analyzing Linux/Moose, an “internet of things” botnet that infects devices with embedded Linux systems. They found that it robs HTTP cookies, or bits of identifying code, on social media sites and generates fraudulent “likes,” illegitimate page views and fake followers.
Manipulating inflated numbers of followers and other forms of “support” on social media sites can lead to an impression that a particular cause or candidate might have significant popularity. In January, the attorney general of New York settled a case against Devumi, a firm that sold hundreds of millions of fake followers to politicians and celebrities seeking the appearance of being very well-liked.
Devumi went out of business last year. “Instagram was the main social network that the botnet was automating against,” said Olivier Bilodeau, cybersecurity research director at GoSecure Inc. “It’s really easy and cheap to inflate social media followers.”
When bad actors aren’t making selected humans look good, their automated systems are getting really good at acting like humans. This is becoming more apparent in the multibillion-dollar industry of advertising fraud.
‘Magic quadrant’ of crime
“We’re in an arms race against those who target American consumers,” said Michael Tiffany, president and co-founder of White Ops Inc. “Ad fraud is in the ‘magic quadrant’ of cybercrime.”
Working with Google LLC, White Ops recently took down a massive botnet operation that was generating 300 million ad impressions per day, according to Tiffany. Called Methbot, the operation was run by criminals who were mostly based in – wait for it – Russia. They made deals with advertisers to place online ads and then simulated internet users to click on them.
The key is that the traffic and user behavior looked real. And the sinister side is that bots can develop lifelike behavior simply from the computers they infect. Another bot can develop new humanlike behavior based on a wholly different set of compromised machines.
“You can now buy bots to listen to songs on streaming platforms,” Tamer Hassan, co-founder and chief technology officer of White Ops, said in his presentation with Tiffany. “All of this is making them look more human.”
In the face of this sophisticated onslaught, how can the security community respond? The White Ops researchers believe one solution is to tilt the arms race in favor of the forces for good by coding in silent alarms to detect an adversary without giving them a direct feedback loop.
They also recommend finding ways to disrupt the criminals’ revenue stream, which would put a dent in their hacking motivation. It’s all part of a strategy to observe, orient, decide and act — an approach known as OODA — while confusing the enemy.
“All arms races are resource depletion games,” Tiffany said. “The bad guys have to play round two of the game before they can decide if they won round one or not. The trick here is to get inside the adversary’s OODA loop.”
New tool from Google
Google is also taking steps to slow down cybercrime by offering enterprises its massive search technology and storage capacity to identify malicious behavior more quickly. Chronicle, which graduated from Alphabet X’s moonshot factory last year, unveiled its latest product on Monday.
Backstory is a cloud-based service that lets users view security data over time and rapidly determine if any computer was ever linked to a malicious website. Chronicle executives claimed on Monday that Russian hacking of the Democratic National Committee in 2016 could have been prevented if the organization had its tool.
“If the DNC had Backstory on their network, they would have seen this activity and would have been able to stop it,” Mike Wiacek, Chronicle’s co-founder and chief security officer, said at a press conference at RSA on Monday.
Looming over the current state of affairs in the beleaguered cybersecurity industry is an inescapable truth: Hacking not only pays, it now has the ability to sway world events, perhaps even presidential elections. The stakes are much higher now.
“Every day cybercriminals win, they get awesome profits,” said White Ops’ Tiffany. “Every day we win, we get to keep our stressful startup jobs.”
Photo: Mark Albertson/SiliconANGLE
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.