The wheel. Fire. Antibiotics. Indoor Plumbing. HBO Go. That’s how I’d rank history’s greatest inventions nowadays given my addiction – shared with my wife – to Game of Thrones. We’re working our way rapidly though the entire series, and the dialogue in a Season 4 episode caught my attention recently. In a conversation with his “adopted” niece, Davos Seaworth was asked if he was a pirate in his younger days. He replied that he’d not been a pirate, but rather a smuggler. When asked by the girl what the difference was, he replied, “Well, if you’re a smuggler, and you’re well-known, you’re not doing it right.”
Clever line (lots of those in Game of Thrones), but it also nicely encapsulates the state of enterprise cyber threats today. There was a time when the bad guys aspired to be pirates. DDOS attacks, self-replicating viruses, the desire to cripple systems, wreak havoc, and generate attention. Even the early data thieves preferred smash-and-grab techniques: break-in, take what you can quickly, and get out. Ransomware perpetrators – recently very popular – may seem like pirates on the surface, but they first have to gain access to the information they’re taking hostage, and that requires patience.
Unfortunately, the bad actors we in cyber security confront today no longer pine for fame as much as profit or attention to a particular cause. They’re smugglers…and that’s bad news for us. They’re hard to detect because they assume the identity of legitimate network users, commandeering credentials, and then wielding their most insidious weapon: patience. Steven Wright, one of my favorite comedians from an ill-spent youth: “I came home the other day to find that someone had broken into my apartment and replaced everything with an exact replica. When my roommate walked in, I said ‘who are you?’”
To the network, someone using Jeff Hill’s username and password to navigate looks exactly like Jeff Hill. Unless their behavior is suspicious (this is where patience comes in), it’s extremely difficult to identify it as the work of someone other than me. If I’m a network administrator with access to just about any machine, and the ability to install software, it’s even worse.
By definition, smugglers lurk in the shadows and are very hard to detect. That’s what we’re up against now.
Kinda makes you nostalgic for the good old days of pirates.