Tuesday, January 24, 2012

Guest Post: John Mariotti author of The Chinese Conspiracy

John Mariotti, author of The Chinese Conspiracy, stopped by with a piece he wrote.

The Crimes No One Can Stop; The Attackers No One Can Find
by John L. Mariotti

If a thief were invisible, he might be able to steal at will and never be caught. How would anyone catch him? No one would know what he looks like. What could you look for? Next imagine groups of malicious vandals that cannot be seen ... or found. How can you stop them? Can anyone stop them?

These simple metaphorical questions describe the dilemma of dealing with cyber-crime and cyber-terrorism. There may be telltale traces of the crime, but these usually don't point back to any specific enemy. There is no way to counter-attack if you cannot find who attacked you, or how, or where they are.

Though it is not often headlined in the news, cyber-crime is something many people should be concerned about, "The continued rise of organized cyber-criminal gangs and emergence of targeted advanced malware threats are the most concerning trend we've seen." said Dan Hubbard, CTO at Websense. Malware is defined as programs that are intended to do harm, and hackers, or "organized cyber criminal gangs," are people who try to "hack" into systems to alter them, either mischievously, or maliciously.

The conclusion of the United Nations Brief: "The Prevention of Cyber-Terrorism and Cyber-War" is not very comforting, because it reaches similar conclusions about cyber-attacks and cyber-crime, "In sum, until the U.N. issues an effective international treaty to combat cyber crime, states, businesses and individuals have to protect themselves from cyber-attacks. THis is nearly impossible as cyberspace is too large, too sophisticated and too interconnected to be dealt with alone without cooperation. Therefore, it is time for governments to sit together and formulate a single solution to this top concerning problem at the international level."

The trouble with this conclusion is that few believe any U.N. International Treaty will ever inhibit cyber-terrorists or cyber-criminals. Instead, they will laugh at it, and then hack into the sites and systems describing the treaty, disrupting them or ridiculing the efforts.

However, experts around the world are puzzling over this challenge constantly, and some solutions are emerging. According to Matt Jonkman, founder of Emerging Threats Pro, some existing security strategies are effective agains cyber-terrorism; some of these include:

IDS (Intrusion Detection Systems)
IPS (Intrusion Protection Systems)
Antivirus, anti-malware, and anti-spyware software and hardware
Regular third-party testing

Other experts strongly recommend a multi-faceted approach. Keep existing measures in place and up to date; use the most secure networks possible; make sure firewalls are "on," use passwords that are robust and changed often, assure that virus protection is completely up to date, (because virus writers are constantly changing their invasion methods and places), and so forth. For example, virus writers are now creating viruses that morph, changing just a little bit of their code to avoid detection by anti-virus programs that looks for "signatures" - small sequences of coding that are common to a given kind of virus. When a little bit of that signature changes, does the anti-virus scan pick it up or not? It depends on how "little" the modification is.

All of the preceding is intended to make readers aware of the large and imminent threat presented by malware and hackers. When these hackers are many in number, the problem multiplies. "Crowd sourcing" gathers many hackers together electronically and aims them at the same target. THis has become a popular form of attack. A report out of Dubai disclosed that al-Qaeda has combined the global reach of the Internet as a cyber-terrorism tool to influence and win over non-Arab sympathizers. Many believe that the Russian government used "crowd sourcing" attacks to shut down the nation of Estonia - a former Russian province - to show the Estonians that they were not really independent of Russian quite yet.

The largest problem is when a country - referred to as a nation-state - is the sponsor and perpetrator of cyber-crimes or cyber-terrorism. China has long been allege to be the source of some of the nastiest worm viruses yet launched, most notably the famous Conficker worm virus. It is reported to have infected tens of millions of computers, perhaps far more, because no one knows with any certainty. China is also the alleged source of Ghostnet, an attack on Tibet, which also inadvertently infected more than 1200 important systems in over 100 countries.

The problem is that no one can yet identify these crimes or criminals. They cannot "see" or trace them with enough certainty to stop them, apprehend or counter-attack. Some invasions leave "back doors" through which the perpetrators can easily "re-enter". Clean them out, and some time in the future, they reappear, as if magic.

We have come full circle to the original dilemma. How do you stop a criminal you can't see, or prevent them from committing a crime you can't trace? The answers, thus far, are more conjecture than certainty. Use all the best known tools: be vigilant; collaborate against them, just as they collaborate to do harm, or create chaos. Above all, do not be complacent. The threats are real and imminent.

John Mariotti is an internationally known, award-winning author.

In The Chinese Conspiracy he merges an exciting fictional thriller with the factual reality of America's risk of Cyber-Attacks.

His last book, The Conspiracy Crisis was chosen one of 2008's Best Business Books.

Mariotti does keynote speeches, serves on corporate boards and is a consultant/advisor to companies on strategy/execution.  He can be reached at www.mariotti.net or www.thechineseconspiracy.com.

The Chinese Conspiracy is available now at on-line booksellers.

When Jim Martini goes back to his WV hometown to see why its major employer failed suddenly he finds more than a failed company. He risks his life, finds a lost love, and stumbles into an international conspiracy. A Chinese revolutionary group is using viruses, hacking, malware and cyber-technology to over-throw its own government and attempt to control the US--by shutting down all forms of computers and communications--all at once.

Suddenly nothing works-communications are "silenced". The US is preoccupied fighting global terrorism, so it's up to Jim, hometown friends and a small team of CIA, FBI, and NSA agents to overcome this devastating threat and stop The Chinese Conspiracy.

Set in the lush mountains of West Virginia and half-way around the world in China, The Chinese Conspiracy weaves a chilling tale of cyber-terrorism, current events and a tender love story. Read The Chinese Conspiracy and then call or e-mail someone you love, but do it while everything still works.


Post a Comment