Editor's note
Editor's note
Editor's note
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
When Computer<br />
Attacks<br />
But before taking any action we have to bring<br />
awareness to what this new kind of threat means:<br />
the only way to be protected is understanding<br />
what this means for the organizations and how it<br />
could impact their business. Undoubtedly exceptional<br />
circumstances call for exceptional actions. So, maybe<br />
it is time to acknowledge that computer attacks do not<br />
always happen to others; we need to become aware and<br />
to be prepared in advance to minimize risk exposure at<br />
this kind of attacks, protecting both our organizations<br />
and their leaders.<br />
Even if you are not an expert in Information Security,<br />
you can infer that in order to attack different targets such<br />
as the UN (United Nations); Colombia’s Administrative<br />
Department of Security (DAS for its Spanish acronym);<br />
Guayaquil City Hall’s Website; thousands of Ecuadorian<br />
policemen’s personal data; Latin American political<br />
leaders’ Twitter and Facebook accounts; and similar<br />
targets in Europe or in the US, significant know-how and<br />
coordination levels are required. And all of this calls for<br />
resources that exceed the possibilities of enthusiastic<br />
university (or college) hackers.<br />
Furthermore, Internet-disclosed threats about future<br />
attacks on new public and private companies’ sites in the<br />
short run should act as a wake-up call to understand that<br />
we are facing an unprecedented type of motivation.<br />
Please <strong>note</strong> that although Advanced Persistent<br />
Threats are the type of attacks perpetrated by some<br />
starterkit 02/2011(2)<br />
SOCIAL FRAUD<br />
don’t always happen to others: Advanced Persistent<br />
Threats<br />
There is a new type of cyber threat that is catching more victims<br />
every day; many people know it is called Advanced Persistent<br />
Threats, and there is a trace of high profile victims out there to<br />
give us enough.<br />
social action and cyber-terrorism groups worldwide<br />
(of proven reach in Latin America), rather than<br />
categorizing their perpetrators from the philosophical<br />
and political standpoints, we should take threats<br />
seriously and become aware that globalization of<br />
knowledge and information put these techniques at<br />
hand for anyone with motivation and time enough to<br />
deploy them.<br />
The Murder of Ego (…and some other myths<br />
as well)<br />
So, this kind of attacks present the three main aspects<br />
of a crime: motive, means and opportunity; there’s not<br />
much we can do to influence on the first one; but we do<br />
have plenty of things to do with respect to the remaining<br />
two… needless to say that crimes are not feasible<br />
without one of these three aspects!<br />
In the first place we must destroy the myth of those<br />
who so far, have not experienced a massive proportion<br />
computer attack. To them information security is not a<br />
priority, or directly (in the worst case scenario) it is not<br />
a significant issue. Maybe this is a wound for the ego of<br />
many security administrators. Though let’s face it: we’d<br />
better feel touched by a whitepaper that enables us<br />
to be prepared and to prevent, rather than suffering a<br />
large scale attack with serious consequences.<br />
As a professional, without a doubt this is one of the<br />
worst arguments I could possibly hear from those<br />
Page 30 http://pentestmag.com