by Ted Miracco
It seems like hacking is all over the news these days, from the Black Hat and Defcon conferences to the near-constant coverage of the Russian involvement in the 2016 U.S. presidential election.
With all this sudden awareness, as someone who has had visibility into piracy and hacking for many years now, I think it is very important to take a deep breath and reflect on the situation. As part of my research for guest speakers for the upcoming CylyntAnti-Piracy and License Compliance Summit 2017, I had the pleasure of reading several books by Ira Winkler on cybersecurity and industrial espionage. One of Ira’s books, Spies Among Us, provides a comprehensive overview of the people, nation states, and other players in this high-stakes game. What is most surprising about the book is the copyright date. While everything in the book seems like it was written this year, it was actually published back in 2005!
There are many takeaways from Spies Among Us, and as our special keynote speaker I am sure Ira will bring a fresh perspective in October at the summit, but here is a short preview of what we could have learned more than a decade ago. None of this is new. Not only is espionage something that has been going on since the dawn of the nation state, but cyber espionage has been going strong for decades. Yes, there has been an acceleration with the exponential growth of internet users and the proliferation of mobile devices, but the basic tools of the trade have been in place and in widespread use for many years.
Another takeaway, and certainly one we are familiar with from our anti-piracy efforts at SmartFlow, is that the vast majority of hackers are not particularly sophisticated. The recent unauthorized leak of NSA hacking tools exploited in the WannaCry attacks (discussed in my 5/17 blog ) and others have lowered the bar dramatically to get in the hacking game. Today's hackers do not need a Ph.D. in computer science to cause havoc. The dark web has allowed inexperienced hackers to exploit vulnerabilities that were once only available to the most sophisticated security experts out there. Another point Ira makes, and this one is scary, is that nothing is really secure and it is not possible to make anything totally secure. The best we can hope to do is to detect hacks early and be prepared with countermeasures to rapidly contain the breach and minimize the damages. This point was recently proved at the Defcon conference, where a team of hackers was able to quickly exploit the numerous vulnerabilities in popular voting machines. How this affects software piracy is also quite obvious in that it is not possible to develop a completely secure license management system, so the best defense is a detection of the vulnerabilities and readiness with appropriate counter measures.
We live in interesting times…. if you are interested in joining the conversation, please request an invitation to the Cylynt Anti-Piracy and License Compliance Summit and join us in Santa Rosa, CA as we discuss ways to protect our valuable intellectual property from the ever-present and determined hackers.