Swatting and Anticipating New Security Risks in 2008

Rob Enderle

Technology brings with it new rewards and new risks as this technology is misused.

 

The most recent "prank" using older technology is called "swatting" and it is incredibly dangerous. So much so that if you haven't had a chat with your kids about it, you probably should.

 

Let's talk about the risks we are likely to see in 2008 and swatting in particular.

 

Swatting: The Prank That Can Put You Away for More Than a Decade

 

Swatting is the act of spoofing the Caller ID service and calling in a false crime report that requires armed SWAT response. This is being done by both individuals and gangs of people -- both kids and adults. The Caller ID system's security is not very robust, the technology old, and the hacking tools appear to be easy to get.


 

It is, however, interesting to note that in some instances, the folks doing this have used phishing techniques to trick phone company personnel into giving them access to secure systems.

 

The result is an armed response by the local police department's SWAT team. This is far more fun to watch on TV than to experience. As part of my own police training, I've been on the receiving end of a prone felony search, and we are not talking about something you'll forget anytime soon.

 

Anytime folks show up with guns and are worried about being shot themselves, someone could make a really nasty mistake. As a result, the penalty for making such calls can exceed 15 years hard prison time. This goes well beyond identity theft (which this actually is) because it is life-threatening.

 

Playing Heads-Up Ball in 2008

 

In the case of swatting, the Caller ID system is penetrated one of two ways: easy-to-find and use software, which basically spoofs the system, or a more traditional phishing attack on the phone company.

 

Both methods were on a strong rise in 2007. The Eastern Block of Europe is turning out a rapidly growing set of professional-quality malware designed to pull passwords and gain access to personal information. And phishing is only the latest name to be applied to a confidence game that fools folks into doing something they otherwise, with full disclosure, would not have done, such as giving away passwords and personal information.

 

As we go into 2008, I'm becoming increasingly convinced that the attacks will both become more creative and much more highly targeted at a broad spectrum of confidential data that can be marketed. Everything from insider knowledge of publicly traded companies to personal information will continue to be high-value targets. This means both employees and their families have to start becoming more informed of potential threats so they aren't the weak link in the security chain that puts either your family or your company at risk.

 

If there was ever a time to enforce multi-factor authentication, biometrics, turning on and using Trusted Platform Modules, and security training for your employees, 2008 will likely be it. Having your company appear too difficult to penetrate could be vastly safer than any actual security product you are likely to buy.

 

There's that old joke about the hikers and the bear. One hiker stops to put on his shoes while the bear is charging. The other hiker asks why he is doing that because he'll never outrun a bear, and the guy putting on the shoes says, "I don't have to outrun the bear; I just have to outrun you."

 

The goal is not to be impossible to penetrate. The goal is to make sure you don't appear to be the easiest. If your employees embrace security, you'll likely fall way down on the attack list.



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.