Saturday, April 25, 2015

The pools is polluted and we're all swimming in it. Don't get to much in your mouth!

We've been chasing this massive breach --global in scope.  We don't like to publish these things openly -grandiose outings of breaches and defensive conquests are wonderful for a short time, but in the end, one story becomes just like the last, and just like the next.

Rather than becoming yet another intelligence group spending months writing a big story, our preference is to warn folks when we find out --as early as possible, stay under the radar, notify those who need notifying, and moving on to the next place that the data takes us.

At the same time, the story is out.. without the purposeful push, but none-the-less, those outside of our circles tell the story, and at some point, we're going to have to speak publicly and openly about our findings. So how do we do that without becoming yet another, pumping our chest, telling the world how great we are? I didn't know, but I know someone who does.

So I called him.

We talked about the idea that as internet use grows, so does the proportionate crime. First from nuisance focused kiddie-scripters, then organized crime, robot networks (botnets), espionage, and now, integrity attacks.  The normal population has crime --murder, car theft, breakins, etc.,  so does the Internet.  So a thinking person might consider the correlations right?? I'm not taking on a long term academic study, but I'd assume that if someone would attempt a break-in in the physical world, they might also do so in the cyber realm right? And in cyber, many people still think that getting away with something is relatively simple, so those who might have considered a physical breakin, but didn't because of a fear of being caught, might now do so on the Internet because of a lowered risk of ending up in the hooscow... right?

Let's try some simple math... the most dangerous city last year had roughly 1340 crimes per 100,000 people -roughly 1.3% per capita. So what if we transferred that math to internet crime?

The graphic below shows internet users per 100, on a growth plan from 11% in 1996 to over 77% in 2013 --at a time when the world population was ~7 billion people. 31% globally use the Internet. Now plug in that 1.3% crime rate per capita... that means that just over 28 million people are committing crimes --and not on local breakins, murder, theft, it's on a global scale! 28 million people have the ability to touch anyone... and they do.  My thinking is those internet criminals probably don't do just one break-in, they probably do thousands at a time via robot networks (botnets)... the numbers grow exponentially with the use of technology.

http://en.wikipedia.org/wiki/List_of_countries_by_number_of_Internet_users
The Internet knows no boundaries, and the fear uncertainty and doubt argument no longer works... so try maybe math is a better approach. I'm sure mine isn't perfect, but it certainly illustrates the idea that since 1998 the growth in volume, increase in sophistication, and changes in motivation and intent have grown right along with the growth in users... and it ain't gonna get better any time soon. Crime, espionage, integrity, destruction? They're all a part of our new normal --and we better get used to it. Those nice, trusted computers that we thought we owned years ago are as much a thing of the past as the AMC Jeep... that's a steep Internet adoption curve --and a correspondingly steep crime adoption curve.

So when we say we're chasing a currently unpublished global set of breaches, so what right? It's just another day. It's the new normal.  The pools is polluted and we're all swimming in it.  Our best hope? Don't get to much in your mouth!

What're we chasing?  Check it out... https://cms.wapacklabs.com.

Still thinking about joining Red Sky?  Want to know more? Call us. We're here to help.