Other issues in this category (22)
"Forces of good" arrive via vulnerabilities
Malware makers and scammers are the scourge of today's Internet. They can penetrate and attack any system including infrastructures of critically important organisations such as schools and hospitals. And it’s likely that there’s no hacker alive today who has not tried at least once to penetrate the Pentagon’s or NASA’s networks. So apparently someone decided that enough was enough.
The United States Department of Defense will seek and destroy malicious programs on the Internet—it is going to search as many as 80% of public IP address worldwide.
The hunt for malware is part of a DARPA (Defense Advanced Research Projects Agency) project. "DARPA will facilitate access to relevant data sources by leveraging both commercial and USG relationships and data exchange agreements", DARPA's proposal reads.
Under the project, a software agent will exploit known vulnerabilities to gain access to target machines in order to identify and eliminate malware.
DARPA is expected to decide before the end of September this year which contractor will be hired to implement the project. The development life cycle is estimated to last four years. The corresponding information can be found in DARPA's project proposal, which was studied by RT.
Several months ago, RT wrote about DARPA's global project (CHASE). Under the project, the agency intended to develop tools that would enable it to identify malware all over the Internet. Contractors must design routines that can identify malicious activities in large arrays of data. The development of software exploits wasn't part of that project.
“Improving the security posture of Department of Defense (DoD) networks alone is insufficient to counter such threats to national security, as the majority of botnet nodes reside in neutral networks (“gray space”),” DARPA wrote. “Current incident response methods are too resource and time consuming to address the problem at scale.” DARPA did not immediately respond to RT’s request for comment.
All in all, the empire Pentagon strikes back. How feasible is this idea? Well, pretty feasible: after all, most users don't install updates and use weak passwords.
But once access has been gained to a target host, the information on it will probably be gathered automatically—the estimated scale of the Internet clean-up is such that a human operator would simply be unable to distinguish data from specific computers.
Some security experts believe that DARPA seeks to procure an anti-botnet solution that will be able to gain access to any data on all PCs, servers and other hardware connected to the Internet.
Suffice it to say, if you aren’t willing to patch the loopholes on your computer, don't be surprised when someone eventually takes advantage of that—whether it be cybercriminals or "forces of good".#vulnerability #security_update #remote_access
- Install security updates as soon as they are released. That doesn't guarantee that the vulnerabilities known only to secret services will get patched, but it will significantly reduce the risk of someone infiltrating your system.
- Use strong passwords.
- Make sure no new software is launched on your computer without your knowledge. Miracles don’t happen. If something is launched behind your back, you can figure that out using standard operating system tools or special software.
- Use an anti-virus. Remote connection programs are favourite tools among intruders seeking to acquire personal information. An anti-virus will help you prevent programs of this kind from being launched.