"Will attackers continue to focus on enterprise and government targets, or ... focus on the myriad soft targets of individuals?"But what is clever is choosing to attack via infrastructure providers, because that opens up the potential to disrupt many more organisations at once. Over the last two years, we've heard all about the "cyber-espionage" threat, particularly in relation to a large east Asian nation -- slow, covert operations that attempt to avoid detection. We know they're happening, although there's still some disagreement about the scope. We've also heard about "cyber-warfare" operations that might take out critical infrastructure such as electricity grids, transport or military targets. We know "cyber-weapons" are being developed, although there's still some disagreement about their potential effectiveness. We've also seen the rise of well-organised transnational cybercrime. What the SEA represents is something that we haven't seen before -- at least not with this scale and scope -- and that's an overt, coherently run operation that blends propaganda and disruption for political aims. Something well short of warfare, but that's still "politics by other means" and that causes real pain. And the SEA is probably a mere precursor to much better-funded, more sophisticated and far more dangerous groups to come -- run by or in support of national-scale organisations, or maybe something else. In Sydney last week, IT research and advisory firm Gartner presented its five-year vision for the future of global information security -- four potential scenarios that might or might not unfold. Will attackers continue to focus on enterprise and government targets, or will the development of cheap, automated hacking tools lead them to focus on the myriad soft targets of individuals? Will the defensive response be driven in a centralised, monolithic way, or will it be more fragmented, in a community or even tribal fashion? The resulting scenarios, Gartner says, range from a massively increased surveillance society cracking down on a criminalised underground "darknet" to a chaotic global battle between self-forming cyber-militias and extreme anarcho-hacktivist groups that governments simply can't control, and others. Whichever way things go, one underlying fact will always be true. In the US, there are already more than 100 university degree-level courses in "white hat" hacking techniques, funded by the National Security Agency and the Department of Homeland Security. Similar programs operate in the UK. In Israel, every high school student will get cyber-security training before their compulsory military service. China is also a major player. Even if 90% of all these professionally trained hackers continue to wear a white hat, it's clear that there'll still be plenty of scope for complex global mischief. This is only the beginning.
Assad’s army: the future of hacking is here, with a new target
Syrian interests have brought down the New York Times via a Melbourne IT company. Hacking is changing, new targets are in sight -- and it could lead to a surveillance society or total chaos.