Use your computer fearlessly.




[ Security | Consulting | Research ]





Arms Race

by Brent Kirkpatrick

(Date Published: .)



If cyberwar is severe economic damage due to hacking, then the innovation of methods to detect exploits is its arms race.



Computer security is a just-in-time profession. The job is to identify exploits in the wild and innovate patches to the vulnerabilities that they exploit. One wants to patch the vulnerabilities that are actually exploited rather than the ones that we imagine being exploited. Much of the industry does the latter rather than the former, simply because they lack to ability to capture and analyze cleverly hidden exploits. Yet, this is exactly the task of the profession.

There is an arms race every time hackers saturate the ability of the industry to respond, requiring new methods to be innovated. For the duration of the arms race, this creates a brutally competitive environment for computer systems experts. If you fail to secure your systems well enough, you may be plagued by set-backs or be outed by the hackers as having weak security.

Worse, as hackers successfully compromise the computer industry, they gain access to source codes that can be used to broaden their attacks. For example, if a hacker gains access to a BIOS manufacturer's source, they can embed a back-door in the BIOS, compile it, and distribute their version as an update. If they are very successful, the hacker might be able to get their version of the BIOS shipped with the computer.

When computer professionals suspect that they are hacked, they usually begin looking for machine code. After being unable to find exploit machine code, many professionals wrongly assume that their systems are not hacked. The principle of "innocent until proven guilty" only works with people, not computers. It is more appropriate to assume that an arbitrary computer is hacked, and that there is a skills or methods crises that prevents discovery of the exploit machine code.

We are currently in an arms race that began in 2014. The industry is staggering under the load of discovering and defending against active exploits. Intrepid estimates that there are half-a-dozen worms currently in the wild.

Intrepid Net Computing is in the business of capturing and analyzing difficult-to-find exploits, including worms and Trojans. These exploits often clean-up after themselves or hide very cleverly. We use experimental methods and statistics to isolate machine code.










bbkirk@intrepidnetcomputing.com




© 2015, 2016, 2017, 2018 Intrepid Net Computing. All rights reserved.