It looks like Richard beat me to it. I also recently watched the first two episodes of CourtTV‘s, now TruTV’s, Tiger Team series and I can honestly say that I enjoyed it. It’s rare to find a show that is educational, entertaining, and not over the top when it comes to showing how the technology is used (think of the movie Hackers – when was the last time you flew through the internet and attacked the kernel?).

In case you’re unfamiliar with the Tiger Team premise, Wikipedia has a very good description:

The show follows a “tiger team” of Chris Nickerson, Luke McOmie, and Ryan Jones, which is hired to infiltrate organizations with the objective of testing their weaknesses to electronic, psychological, tactical, and physical threats. Attacks executed on organizations in this television show include social engineering, wired and wireless hacking, and physically breaking into buildings.

One highlight that I’d like to mention is how easy it was for the team to clone their targets RFID pass by simply walking up to him on the street with a relatively small piece of hardware (S01E02: 24 Karat Caper). I’ll be honest, this scared the hell out of me. The best part of the episode came from the target during the debriefing phase. He learned how a simple sleeve for his card could have avoided the cloning attack. Noticeably agitated he asked something like “You mean this could be solved by a $20 piece of plastic?” (paraphrasing because I don’t remember the exact words).

See…sometimes it’s the simple things that make the difference 🙂

I, like Richard, was upset to learn that TruTV was not going to continue with the show. In fact, a quick search on the TruTV website returns no results. Hopefully they reconsider and bring the show back. I think it’s a great educational tool for businesses.

Everyone else posts their predictions for the coming year so I figure I should throw mine into the air as well.

More Public and Damning Breaches

I predict that several large breaches will occur and will be revealed to the public. I also predict that one of these breaches will be that of a sensitive government or military target that will dwarf the severity of the TJX breach. These breaches could very well be outside of North America but I have a feeling the major breach will happen in the United States. The breaches will also lend credibility to any of the Presidential candidates “new” cyberwar policies that they will enact once elected.

Increased Focus on Foreign Cyberwar Capabilities

I predict that the perceived Chinese cyber-threat will continue to grow and that the capabilities of other unfriendly nations will be thrust into the public eye. Since 2008 is an election year you’ll probably notice this being talked about quite a bit on the campaign trail. I also suspect that there will be promises of increased military spending to combat this “new” threat. Is this the start of another “cold war” on the digital plain? Will the major military players start stockpiling “cyber warriors” in their arsenal?

Year of the Rootkit

I predict that 2008 will be a very bad year for rootkits. More freely available rootkit creation tools will be published allowing more script-kiddies to build their own distribution packages. Rootkits themselves we become increasingly complicated and harder to detect by common methods. I also suspect that 4th year University & College computer science courses will start showing up over the next several years, showing students how to create, and defend against, these new technologies.

Economic Downturn will Impact Training Budgets

I predict that 2008 will be a bad year for security professionals looking to receive training from their organizations. With the U.S. dollar in flux, organizations will be hesitant to spend their budget on something that isn’t perceived as a tangible return on investment. Expect training organizations to drive their customers towards the web and mobile training solutions to help stay competitive.

Forensic Requirements will drive SIM/SEM/SIEM Products

I predict that forensic analysis of stored data will become the hot topic for 2008. Log retention and storage was the key driver in 2007 but now that people have all of this information stored, they are going to need a way to actively use it for investigatory purposes. Expect customers to push back on their SIM/SEM/SIEM vendors for faster and better correlation between events, vulnerabilities, and flows. Also expect several failed PCI investigations to push the top players in the industry to increase the forensic capabilities of their offerings.

I was contacted by Warren Lee to provide my input on the recent crackdown on 8 botnet herders and their subsequent arrest. From the article:

Security expert Andrew Hay, Manager of Integration Services, Q1 Labs Inc. says over the long haul, the impact of the arrests will be quite small, and he sees a negative effect too.

“I don’t think the arrests will provide the long-term impact that the FBI is expecting. In fact, [they] may actually be a double-edged sword.”

Making such a public example of these botnet herders, he said, may drive their competitors and colleagues further underground.

Experts say financial gain is the big driver behind most bot activity.

As there is a lot of money to be made, organized crime has got involved in a big way. will continue to drive the development of new, and more sophisticated, botnets, Alperovitch notes.

He says botnets are “at the root of nearly all cybercrime activities we see on the Internet today.”

And as Hay points out, botnet herders are already breaking down their larger botnets into smaller, dispersed, and harder-to-track bots. The costs and risks of doing business continue to be quite low for the bot masters.

Also from the article:

Apart from standard defense tools such as firewalls, intrusion detection/prevention, and router access control lists, IT managers can now access a range of newly available services.

These include Trend Micro’s Botnet Identification Service, or managed security services from Arbor Networks or Damballa – both of which specifically target botnet activity.

Andrew Hay of Q1 Labs believes botnets can only be effectively detected by using advanced flow and log correlation network security management products.

“The mixture of logs and network flows allow you to distinguish attacks from a simple increase in normal traffic.”

The full article can be found here. Enjoy!