August 6, 2010:
Cyber War, at last the civilian version, is undergoing a major change. More Internet criminals are shifting their efforts to wireless (wi-fi) and cell phone targets. Smart Phones (like iPhone, Blackberry and Android) are getting a lot more attention. The hackers consider these targets as more lucrative (wealthier users in a more vulnerable environment.) Smart phone apps are considered particularly troublesome. Apple is very strict about which apps it allows to run on its devices, but other vendors are not as vigilant. These new vulnerability areas are worrisome to military network security experts, because more and more military equipment is networked, often with Internet access as well. At the same time, the military is also moving more to these same technologies, making the new threat a military one as well.
This is not all one sided. Crime, and warfare, over the Internet is getting more dangerous for the attackers as well. That's one reason many hackers are turning to wireless networks. Internet security experts are now doing to hackers what hackers have been doing for years; finding flaws in their software and exploiting it. This makes it possible to counterattack and, more importantly, identify, locate and arrest criminal hackers. For military ones, you could obtain GPS coordinates, enabling you to send a "cease and desist" message in the form of smart bombs. Or simply apply some more effective diplomatic pressure.
For years, security experts have been taking apart the hacker software secretly placed on PCs. Often, this is sloppy code, and over the past few years, the "white hat" (security company hackers) have been developing ways to exploit those flaws to more quickly shut down the bad guys, or even find them.
The most popular hacker tool; zombie computers and botnets, use special programs to infect computers, and enable the botnet owner to control these captured machines. The most visible use of a botnet is DDOS attacks. In plain English, that means buying access to hundreds, or thousands, of home and business PCs that have had special software secretly installed. This allows whoever installed the software that turned these PCs into zombies, to do whatever they want with these machines. The most common thing done is to have those PCs, when hooked up to the Internet, send as many emails, or other electronic messages, as they can, to specified websites or email addresses. When this is done to a single website, with lots of zombies (a botnet), the flood of messages becomes a DDOS (Distributed Denial of Service) attack that shuts the target down. This happens because so much junk is coming in from the botnet, that no one else can get in. But as flaws in the zombie and botnet control software are found, it is being exploited to shut down botnets and catch the guys running them. A lot more botnet creators, and users, are being caught, prosecuted and jailed these days.
But there are even more dangerous cyberwar weapons out there, which have also been found to have exploitable flaws. These are worm and virus programs modified to take advantage of largely unknown Internet vulnerabilities, that allow the user access to many business, government and military computers. This sort of thing is called, "using high value exploits" (flaws in code that are not yet widely known). These exploits are a lot more expensive, and require more skill to use. Currently, a major source of exploits are hackers for hire. These are skilled hackers, who know they are working on the wrong side of the law, and know how to do the job, take the money, and run. This situation has developed because organized crime has discovered the Internet, and the relatively easy money to be made via Internet extortion and theft. Some of these hackers also sell flaws in hacker software. No honor among thieves and all that.