The Cyber and The Security

Cybersecurity has been on my mind lately. There is a lot of bad stuff going on, from giant dDOS attacks, to subscription bombing, to the ongoing low level harassment that some people have to deal with on a daily basis. I’ve written a lot about how I think marketers are going to have to step up and stop being a conduit for abuse. I do believe this. There are a lot of different issues to discuss but there are also many, many different stake holders in the issue of cybersecurity.
I’ve been on multiple calls with different groups over the last few weeks discussing the implications of the subscription attack and how it was carried out. The majority of my focus is email and how to protect senders from becoming a conduit for abuse. Other folks participating on the call are looking at what abuse is out there and how to stop it or minimize it.
One thing that came up on a recent call is that the bulk of dDOS traffic that took Brian Krebs’ website down was from various Internet of Things devices. Security cameras, DVD players, televisions, lightbulbs and other connected devices were part of the problem. It’s a huge issue, and one that cannot simply be mitigated by just ISPs and providers. But convincing individuals to secure their lightbulbs can be a challenge, we can’t even protect their computers completely. Convincing companies to stop providing default usernames and passwords or using the same keys for every device is another challenge.
These are big issues that we’re going to have to deal with.
Last night, with 100 million of my virtual friends and a small group of local ones, I watched the first Presidential debate. Part of the debate was about cyber security. To misquote Vice President Biden, “Cybersecurity is a big freaking deal.” We have nation states, and groups with the resources of nation states, conducting covert operations online. We have hacking, compromises, bonnets and other malicious activity occurring every, single day. And, the more complex the site and the more users it has the more likely it is to be compromised. Cybersecurity is a critical part of national security and our own individual security. We must take it seriously and we must address it.
Now, I’ll be honestI don’t think there is a solution to the problem. I think, though, that there are hundreds of things we can do as individuals, as companies, as nations, as volunteer organizations, as NGOs and as coalitions to solve different parts of the problem. We all need to think about what it is and who’s doing the bad stuff.
It’s common to think of hackers as lonely boys in basements who have too much time and too little to do. Back in the ancient days of the spam wars some folks referred to them as “chickenboners“: beer drinking rednecks who ate fried chicken and threw the bones on the floors of their trailers. The reality even then, though, was that many spammers ran businesses and made a lot of money. Admittedly, the descriptions of how the business was run are cringe inducing and full of illegal activity.
Now, much of the hacking is actually organized crime outside the US. This makes it hard to address successfully through legal channels.
It’s all very complicated. But I think we can agree security is a big deal. We are all part of the solution, by securing our sites and our personal devices. We’re also part of the solution by paying attention to the larger issues and events going on around us.
 
 
 
 

Related Posts

Post-mortem on the Spamhaus DOS

There’s been a ton of press over the last week on the denial of service attack on Spamhaus. A lot of it has been overly excited and exaggerated, probably in an effort to generate clicks and ad revenue at the relevant websites. But we’re starting to see the security and network experts talk about the attack, it’s effects and what it tells us about future attacks.
I posted an analysis from the ISC yesterday. They had some useful information about the attack and about what everyone should be doing to stop from contributing to future attacks (close your open DNS resolver). The nice thing about this article is that it looked at the attack from the point of view of network health and security.
Today another article was published in TechWeekEurope that said many of the same things that the ISC article did about the size and impact of the attacks.
What’s the takeaway from this?

Read More

Working around email security

One of the common things I see as a delivery consultant is that companies do their best to set effective policies about email, but make it difficult to comply with those policies. It happens all the time. It’s one of the reasons that the tweets Steve shared about Sec. Clinton’s email server rang so true to me.
Security.
One of the commenters on that post disagrees, and uses banks and health care as an example.
Erik says:

Read More

Security issues affect us all

I’ve been talking about security more on the blog. A lot of that is because the security issues are directly affecting many senders. The biggest effect recently has been on companies ending up on the SBL because their signup forms were the target of a subscription attack. But there are other things affecting online spaces that are security related. Right now not much of it is affecting email senders, but it’s good to be aware of.
DDOS attacks
There has been an increase in DDOS attacks against different companies and network. Some of the online game sites have been targeted including EA, Blizzard and others. A group called PoodleCorp is claiming responsibility for those attacks.
Another set of DDOS attacks hit Brian Krebs’ website this week. The site stayed up, but Akamai has told Brian they can no longer host his website. His website is down for now and the foreseeable future.
While this activity doesn’t affect marketers directly, it does tell us that there is active development happening on the less legal side of the internet. The volumes of the recent attacks have sent records. They’re also changing in scope and including new kinds of traffic in an effort to knock sites offline. Even more concerning, they appear to be systematically attempting to discover defenses in order to attack the internet as a whole.
Increase in Spam
Spam has been on the decrease over the last few years. Many of us were treating it as a mostly-solved problem. But a new report from Cisco Talos shows that trend is reversing and spam levels are increasing. Current levels are approaching those last seen more than 5 years ago. Cisco Talos has used a number of different sources of data, all showing an increase in spam directly and indirectly.

Read More