Wednesday, December 18, 2013

Hacking in the Year 2030

If you are anything like me, when you hear
"Hacking in the Year 2030" you immediately
visualize hacking robot armies and UFOs to take
them down with lazers and ultrasonic USB
attachments via your PlayStation 10 using only
changes in pupil dilation to read mental instructions
of what hacking tools to launch. Well this
technology may very well be around in 2030, but
unfortunately most of you are more likely to still be
exploiting Cross Site Scripting (XSS) vulnerabilities
in the web interface of the killer robots. So to paint
a picture of what we may be doing, lets get an idea
of the threat landscape in 2030 by having a look at
how things have progressed in recent years. Over
the last 10 years we have seen a series of what I
am calling "Hacking Revolutions", as listed below;
- Infrastructure Hacking Revolution - Web
Application Hacking Revolution - Client-Side
Software Hacking Revolution - Social Networking
Hacking Revolution - The Hacktivism Revolution -
Mobile Hacking Revolution The "Infrastructure
Hacking Revolution" was the first where most
attacks were targeting infrastructure. This was
because coding within operating systems and
services seemed to be lacking a small thing called
security. This forced software vendors (primarily
Microsoft) to realise that security was pretty
important in their long term vision, which led to a
dramatic drop in remotely exploitable infrastructure
related vulnerabiltiies. This drop in exploitable
vulnerabilities then led into the "Web Application
Hacking Revolution". Development was now being
undertaken by inexperienced developers with
restricted timeframes, budgets, and insecure
frameworks, which meant that security was pretty
much out of scope. On the up side, this has kept
most penetration testers in jobs for many years and
will continue to for years to come. Although the
Web Application Hacking Revolution is like that
odor in the car that just won't go away, the "Client-
Side Software Hacking Revolution" forced itself into
the spotlight of hackers. This phase included email
Phishing attacks containing exploit code to trigger
vulnerabilities in web browsers, office programs,
Adobe Flash, Adobe Reader, Java, and so on. This
continues today with the ongoing release of 0-day
exploits. One noteable attack technique known as
"DLL Hijacking" was identified during this period,
which basically revealed a vulnerability that
existed in what seemed to be every piece of client-
side software that existed on the planet and had to
be addressed independently in each piece of
software. The "Social Networking Hacking
Revolution" was then born. This provided attackers
with not only a vast number of access control flaws
to exploit to harvest our private information, but
also a new avenue to bypass Spam and Phishing
filters allowing malware and web-worms to be
propogated more effectively. The Hacktivism
Revolution then began where it seemed that every
day was a bright new day for companies being
breached and corporate data being published on
Pastebin. Hundreds of millions of accounts were
compromised during this era and many executives
were realising that the Fear, Uncertainty and Doubt
(FUD) that their security officers were spreading is
actually an every day occurrance. For a period
during The Hacktivism Revolution, it appeared that
Anonymous was going to be the next superpower
as they forced multi-national corporations to shake
at the knees by simply mentioning them in a two
minute YouTube video. Although things are
relatively quiet after a number of Anonymous
members were arrested, it is only a matter of time
until the fear wears off and Hacktivists continue
their rampage. The "Mobile Hacking Revolution"
came of age where companies were dropped into
an area that they have never been before whilst
sitting in the middle of an environment where
major security breaches and data theft occur
regularly. This shift has forced both developers and
companies into upskilling and investing in security.
Unfortunately access control flaws are rampant and
security breaches occur at a larger scale as more
individuals trust the app developers with their
usernames, passwords and personal data. The most
recent breach gaining access to over 50,000,000
accounts. This Hacking History Lesson reveals one
key concept; As new technologies are developed,
the risk to our systems and data increases, and the
impact of security breaches increases
exponentially. So what will "Hacking in the Year
2030" look like? To start with, the number of
techniques to perform financial theft will only be
limited to hackers' imaginations. Country-based
currencies will be left behind as virtual currencies
gain popularity. Virtual currencies will therefore
become a primary target, and we have seen the
conception of this already where financial scams
are occurring within virtual online-worlds. These
scams are then able to convert their stolen virtual
currencies to real world dollars and cents. This
leads into the loss of control that world
governments will experience as they begin to lose
their enforcement capabilities since country-based
laws are no longer enforcable within virtual online-
worlds. This is because virtual online-worlds are
distributed on systems that are hosted in countries
throughout the world with different cyber-crime
laws - that is if they have any cyber-crime laws.
Combining the excessive amounts of data collected
on each of us, the massively advanced analysis
techniques, and extreme processing power
developed by 2030, artificial intelligence systems
will have the capability to accurately predict what
you will do before you do it. Currently we see
compromised online accounts being sold in
underground markets for use in identity theft and
various other attacks for financial gain. The value
of today's online accounts pale into insignificance
compared to what malicious and profitable exploits
can be implemented, by both criminals and
organisations, if our actions can be determined
before they happen. The future also requires
massive power demands to run the excessive
amount of technology, from our wireless Coke can
coolers through to our driverless cars and transport
systems. Energy suppliers will become even more
critical and therefore even more valuable targets
for hackers. This may range from extortion
attempts by shutting down transport systems
through to industrial espionage to steal secrets of
how to generate energy more efficiently and in a
more cost-effective manner. "Hacking for Physical
Harm" has been used a couple of times in the past,
with one example being an epilepsy website that
was defaced with flashing coloured squares to
trigger epileptic fits. When we eventually lose the
need to talk with our mouths and start ordering our
coffees using direct interfaces to our brains, a
major terrorist threat is introduced where mass
murder can be performed in high-tech drive-bys.
This situation may seem unrealistic, but is actually
already a reality. A security researcher has already
identified a technique where pacemakers can be
hacked from 50-feet away to deliver a deadly shock
to their owner. Luckily for pacemaker owners,
farming of replacement organs will also be a
reality. Unfortunately if the Organ Farm is hacked
and the thermostats in the Growth Centres are
modified, millions of replacement organs become
useless leading to major sections of the population
dropping off. As we have seen through the
Hacking History Lesson earlier, companies will
struggle find the budgets to maintain their security
as technology continues to advance at a rapid pace.
This will lead to companies existing completely in
the cloud and relying on third party companies
protecting their assets. This simply leads to a
central cloud that hackers need to compromise;
however, this means that they have everyone's
data rather than just a single company. If you
made it this far, I trust you enjoyed the read, Ty
Miller CTO, Pure Hacking

Share this:

Copyright © 2014 Ayo Paul. Designed by OddThemes | Distributed By Gooyaabi Templates