“We have a cyber war age converging with a privacy revolution. People have the ability to hurt us and our infrastructure, and they have an increasing amount of information about us, to help them do it”, Thompson wrote in a recent blog.
Thompson explained that the world is going through a privacy revolution – or perhaps a no-privacy revolution – in which a large number of unknown entities know who we are, what we are doing, and what we are interested in.
“The alarming thing is that this is coinciding with a new wave of malicious code….in which software has become a weapon”, Thompson said in an interview with Infosecurity.
The ICSA Labs researcher said that the advent of Stuxnet and Duqu has sparked an interest among nations in developing software that can destroy critical infrastructure. “They are all thinking along those lines now”, he observed.
Nations or groups that want to attack infrastructure need to know a lot about that infrastructure and the people who work with that infrastructure. The privacy and cyber war revolutions coincide with spear phishing attacks designed to penetrate highly sensitive information and systems.
“If you want to launch directed attacks against people, you really need to know a fair bit about them. If I want to get you to open a document, I can’t just send any old document to you and assume you will open it. I need to give you a compelling reason”, Thompson explained.
“If you want to get someone to open a document, it is a really good idea if you know a lot about them and can convince them that it is a legitimate document coming from someone they know and is talking about something they are interested in”, he said.
“Then you open the document or PDF file, and it actually has an exploit that drops a backdoor on your system and you are owned”, he added.
Thompson lamented the fact that the best and brightest are not going into information security but online marketing. “Unfortunately, it is also a time when many of our best and brightest minds are spending most of their efforts trying to figure out how to make us click on a given advertisement. It would be kind of nice if they saw the world a little differently and tried to help us secure it instead”, he concluded in his blog.