Black Hat Roundup: Keeping Tabs on the Ones That Got Away

B. Ostergaard

B. Ostergaard

Summary Bullets:

  • With the annual Black Hat event in Las Vegas, the global Internet community celebrates its felons.
  • Like physical combat, Internet security requires a good understanding of enemy black hat strategies.

Last week saw Las Vegas hosting the 15th annual Black Hat event.  From its inception in 1997, Black Hat has grown from a single annual conference in Las Vegas (still the main event with the highest stakes) to a global conference series with annual events in Abu Dhabi, Barcelona, Las Vegas and Washington, DC.  From its nefarious roots, it spouts uncomfortable truths about the insecurities we face every day as global net workers.  It’s difficult to find any other industry where crime and passion are so closely aligned and where ‘respect’ and ‘respectable’ are terms so far apart.  Cyber-warfare for profit and power lacks any basic ‘Geneva Convention’ that could specify global rules of conduct and the means to prosecute felons.

The most prestigious prize at the 2012 Vegas Black Hat event, the Epic Ownage award, which goes to the hackers responsible for delivering the most damaging, widely publicized, or hilarious ‘ownage,’ went to the creators of Flame, an advanced persistent threat (APT) virus that masquerades as a Windows Update file and is thus able to install any software on any Windows device.  Needless to say, no one came forward to pick up the award.

The event reminds us of the origins and evolution of the Internet – not as a product of international telco standards bodies, but emerging from the uneasy junction of anarchistic academia and military ruthlessness.  Today, global business operations face significant elements of cyber warfare every day.

So, when CIOs and their IT departments address the daily barrage of user demands for more flexibility, as well as their executives’ demands for higher performance, lower cost and greater security, they must tread a fine line in their ever increasing dependency on the Internet and the error-prone code on which it is based.  With the emergence of cloud computing, the notion of boundaries between enterprise networks and the open range of the Internet evaporates.  With critical applications online, security becomes a question of defense in depth as well as constant monitoring of activities and trends in the black hat community.  Is this part of your security routine?  Do people from your security group attending events such as this to keep tabs on the bad guys?

About Bernt Ostergaard
As Research Director for Business Networks and IT Services at Current Analysis, Bernt covers the competitive landscape for system integration and IT service provisioning, and analyzing the managed security services across carriers and IT Service Providers. He brings with him a broad understanding of the competitive issues and environment that currently exists in the rapidly changing IT services and telco sectors.

What do you think?

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: