Business has a phrase called “Barriers to Entry” meaning that depending on skill and money, some companies are easier to start than others. It is easy to start a bookstore on Amazon, it is very hard to start up a company to take on Cisco.
Hacking has become a “easy access” or “Low barrier to entry” business, meaning all the kids who have a bent to see what they can get away with, are playing around with freely developed, open sourced, fully supported, hacking tools. These are tools that can be downloaded, installed, and used on just about any computing platform out there.
Earlier I talked about why Information Security needs to get out of the Ivory tower and start working with people to work out how best to share information, and avert the train wreck that is coming with the Internet generation, cyber crime, information warfare, and all the other issues that we have when it comes to sharing information.
The kids are winning, we are loosing.
How are they winning?
They prepackage systems like Virus Kits, Phishing Kits, and turn hacking into a child’s game. Kids are smart, they will go where ever they want to go, and they will learn from anyone willing to teach them.
In January, a hacker unleashed an exploit that completely freezes up Apple’s iPhone. Once installed, the app says only the word “shoes.” When uninstalled, it removes files from the device’s directory, effectively disabling Sendfile and other utilities. The exploit’s creator is 11 years old. His dad has revoked his Internet
privileges. Source: Dark Reading
When we give away information like “Tool Physically Hacks Windows, Lets an attacker use Firewire to take over a ‘locked’ Windows machine” we not only let the good guys know, but we are taking information from the bad guys and using it to let the good guys know.
Kids read this stuff, they know this already, and odds are that there is going to be some teenager reading this and laughing, because they know exactly what is being said here. Kids have free access to tools and technology but little guidance outside of the support systems around the tools that they download.
It is not that the parents are absent, it is that the kids are doing things the parents have no hope of understanding. It is even more difficult to wrap your head around the FBI visiting your house because your precious snowflake is running a 50,000 computer botnet sending millions of spam messages a day.
We need to share our information, we need to monitor the hacking communities, and we need to be teaching proper information security ethics, skills, and knowledge. This is why I make the argument that sharing in this case is essential.
