Points of Pain

A recent article I wrote for ADVANCE for IT Executives on-line magazine (http://health-care-it.advanceweb.com) dealt with the challenges unique to the health care industry because of their unfortunate position in the cross hairs their routine communications employ similar terminology to the purveyors of smut and spam. Common industry words, in their context benign, such as “breast” or “Viagra,” pose particular problems for filtering mechanisms, which can’t distinguish the difference between purveyors of smut and patient communications or correspondence from health care colleagues. Think about how costly, time-consuming and distracting that misjudgment can be. In a reflection of how tightly intertwined spam and the health care industry are, in October 2008, a U.S. District Court shut down what had been called the largest “spam gang” in the world after amassing more than three million complaints about the operation’s attempt to sell prescription drugs, weight-loss pills and male-enhancement products.

So while the health care community is particularly hampered by the inherent flaws of traditional spam filtering mechanisms which were designed to only guess at the safety of the message by screening for “suspect” words, that industry isn’t alone in feeling acute pain. If we randomly selected IT Administrators from any range of industries and forced them into a group session, every one of them could fill hours on the couch with stories about how their resource allocations were haywire dealing with spam.

To reuse a very recently overused cliché, if the definition of insanity is doing the same thing over and over in anticipation of a different outcome, then we might all need group therapy or more. Leaves me wondering why so many are still using filter technology in ever increasing variations, getting the same failed results, and trying yet another variation.

Zombie PCs Attack

Internet News published this article yesterday, about zombie PCs (http://www.internetnews.com/security/article.php/3796526/The+Webs+Latest+Threat+Smarter+Zombies.htm) getting smarter and harder to track, as they are regularly asking for new IP addresses from their ISPs, ultimately rendering anti-spam software that works by blocking IPs now useless:

Unfortunately, my first thought reading through this is a big “I told you so” to the universe of security experts who keep insisting that IP reputation is the silver bullet in the ongoing war against spam and other e-mail bourn threats. Commtouch (www.commtouch.com) is a world recognized expert in the field of IP based reputation and should be taken at their word. If they say that IP reputation is finally dead, I would agree.

The fact that IP based reputation schemes are flawed has been well known to Sendio (www.sendio.com) for years. We have always believed the only type of security that really works is active security. All of the current IP reputation schemes are passive/reactive; employing complex algorithms to make guesses based on patterns and probabilities. Clearly, in a world where there is big money at stake, the bad guys are highly motivated to find mechanism that allow them to evade these passive security paradigms.

I believe the time has come for the security community-at-large to recognize that we need to move away from passive guessing schemes to active authentication methodologies.

Cisco’s annual security study is out, and…

Cisco’s annual security study is out, and not surprisingly personalized spam and phishing attacks are on the rise:

http://ibtimes.com/articles/20081217/personalized-spam-rising-sharply-study-finds.htm

Personalized spam rising sharply, study finds
By JORDAN ROBERTSON

SAN FRANCISCO (AP) — Yes, guys, those spam e-mails for Viagra or baldness cream just might be directed to you personally. So, too, are many of the other crafty come-ons clogging inboxes, trying to lure us to fake Web sites so criminals can steal our personal information.

A new study by Cisco Systems Inc. found an alarming increase in the amount of personalized spam, which online identity thieves create using stolen lists of e-mail addresses or other poached data about their victims, such as where they went to school or which bank they use.

Unlike traditional spam, most of which is blocked by e-mail filters, personalized spam, known as “spear phishing” messages, often sail through unmolested. They’re sent in smaller chunks, and often come from accounts the criminals have set up at reputable Web-based e-mail services. Some of the messages are expertly crafted, linking to beautifully designed Web sites that are bogus or immediately install malicious programs.

Cisco’s annual security study found that spam is growing quickly — nearly 200 billion spam messages are now sent each day, double the volume in 2007 — and that targeted attacks are also rising sharply.

More than 0.4 percent of all spam sent in September were targeted attacks, Cisco found. That might sound low, but since 90 percent of all e-mails sent worldwide are spam, this means 800 million messages a day are attempts are spear phishing. A year ago, targeted attacks with personalized messages were less than 0.1 percent of all spam.

The latest attacks include text-message spam, e-mails trying to trick business owners into coughing up credentials for their Google advertising accounts, or personalized “whaling” e-mails to executives claiming that their businesses are under investigation by the FBI or that there’s a problem with their personal bank account.

As the world’s largest maker of networking gear, Cisco is in a unique position to study the traffic flowing through its customers’ networks, which include the biggest Internet providers and corporations. The latest study was based in part on the company’s ability to monitor 30 percent of all Web and e-mail traffic through its hardware and software and a network of companies that contribute data.