|Topic:||Wireless Cyber Attacks: The Battle Begins|
|Author:||Clifford P. Wagner Jr|
With the proliferation of wireless data and devices has come the danger of cyber attacks. These can take down networks, businesses, and end user devices – even emergency services. There are many gaps in wireless data security. The technology currently employed has been used for many years. Newer technology – intrusion protection systems (IPS) that combines the features of firewalls, intrusion detection and anti-virus system, that record and trace intrusions and extend protection to network devices such as routers – is needed.
Network Denies Millions of Mobile Users An Attack Scenario The entire NeverDown Wireless data and messaging network has remained unavailable to data service subscribers nationwide for over twelve hours since the surprise cyber attack this morning. “I run a small business as an independent landscape contractor. My mobile phone is my business line, home phone and voicemail service”, stated Reggie Oliver, NeverDown customer and owner of Reggie’s Gardens. “My clients, crew and family have all learned the most efficient way to communicate job status and schedule changes is with my messaging service. Now I’m out of touch and am spending a lot of my time trying to track people down. I don’t understand how something like this can happen, I expect my mobile services to be available.” In addition to customers like Mr. Oliver, corporate clients have also been dramatically affected. “Our insurance practice utilizes the latest mobile data service to process claims quickly and accurately – that’s one of our competitive advantages”, said Alison Westcott of Random Insurance. “ We have changed our operations to be automated this way. We are not prepared nor staffed to have manual workarounds. When we adopted a mobile data strategy for our business we presumed a level of reliability higher than this.” A NeverDown Wireless spokesperson stated that the attack was launched through the recently deployed TrustUs data service designed to provide subscribers with high-speed data featuring both GPRS and Wireless LAN connectivity. “Due to unforeseen network security vulnerabilities and the random nature of this attack, we regret that NeverDown Wireless subscribers were unable to fully utilize our mobile services”, added the spokesperson. NeverDown Wireless was not able to confirm how much subscriber data was compromised, nor how soon measures would be in place to prevent such an outage from happening again. The Increasing Vulnerability of Wireless Networks While the scenario presented above is fictitious, wireless cyber attacks have become a very stark reality with an alarming increase in number and severity. A prominent Tier One western hemisphere operator recently experienced a prolonged outage of its provisioning system, caused by a cyber attack. Another CALA (Caribbean and Latin America) Tier One operator lost its SMS (short message service) network for four days when an attacker brought it down and then demanded ransom to “release” it. The long anticipated adoption of data services on wireless networks provides improved value, productivity and convenience to customers, and a much needed revenue source for service providers. However, with these benefits come significant and unique operational challenges. The inevitable transition from the ‘walled garden’ approach to providing content and applications to one of an open and virtual nature has resulted in the critical need to address immediate exposures in the areas of security and control. Damages resulting from malicious intrusions into a wireless network are very real, ranging from immediate losses of millions of dollars of revenue and recovery costs, to long-term erosion of customer confidence and a weakened market position. Threats to network security are not new. Wireline networks, the Internet and such have been repeated targets of attacks for years. The Computer Emergency Response Team (CERT) at Carnegie Mellon University has tracked reported incidents, now totaling in the hundreds of thousands annually, for the last five years. The wireless industry is increasingly in the crosshairs of attackers. The impact of attacks is not something that is confined to desktop computers, in fact, the radio access network, IP core, backbone, service gateway, and internal and external content and service platforms are all exposed. In addition to the physical network, critical Operational Support Systems (OSS) and Business Support Systems (BSS) are now just as vulnerable. All of these areas of exposure, of course, can have direct impact upon customers. There is increasing sophistication present in end-user devices, including operating systems, increased memory, SIM design, and resident applications. These have all combined to make phones and ‘smart devices’ themselves targets of attacks – and even platforms from which to launch attacks. Finally, enterprises are increasing using mobile data, providing mobile access to mission-critical information and expanding their exposure. With increasing opportunity comes increasing risk and wireless service providers now find themselves in a cyber security tempest. A sample of security incidents targeted at wireless includes: * Timofonica Virus – the first to target mobile phone users. It sent a message to thousands of random GSM cell phones. * Love Bug – this was a network breakdown that left 8.7M clients without service for more than seven hours. A fine of more than $32M may be imposed. * E-commerce website security breach – allowed outsiders to see confidential credit card and billing information of hundreds of customers which was publicly circulated in Internet chat rooms. Attack trends In 1997 CERT identified six attack trends. Six years later the trends are the same, but the proliferation and impact have increased significantly: * Infrastructure Attack Threats * Permeability of Firewalls * Automation & Speed of Attack Tools * Sophistication of Attacks * Number of Vulnerabilities * Asymmetric Threats Infrastructure attack threats occur when hackers attack the router or use the router as a platform to launch other attacks. Firewalls are permeable when they are either ‘bypassed’ by special programs or by using ‘friendly’ protocols. To further illustrate the increased sophistication and speed of attacks, note that in 2001, NIMDA (which is ADMIN spelled backward) was one of the first automated attacks, meaning that it was a hybrid of both a virus and a worm. A virus is an attack that requires human intervention to launch whereas a worm propagates without human intervention. In 2001 the Code Red virus took many hours to spread throughout the world with a self-replication rate of 37 minutes on average. In 2003, the Sequel Slammer spread around the world in about ten minutes with a self-replication rate that was almost immediate. CERT statistics reveal that the number of vulnerabilities “doubles” each year. As threats become increasingly sophisticated and automated, other varieties of asymmetric attacks will emerge with more than one type of threat in the attack, making detection and prevention more difficult. Current Efforts to Prevent Intrusions Wireless network operators currently utilize technology that has existed for years. A combination of firewalls, intrusion detection systems (IDS) and anti-virus software is typical of many operators’ security solutions. Malicious traffic and experienced hackers can easily penetrate firewalls, and anti-virus systems require updates to maintain their effectiveness. IDS remains an evolving science that simply detects intrusions and not all IDS solutions have the same functionality. Finally, note that all existing solutions leave the router unprotected. The following diagram illustrates common flaws in current security approaches including the permeability of firewalls, and the ineffectiveness of the IDS. In the United States, the National Reliability and Interoperability Council (NRIC) recently became part of the Federal Communications Commission’s (FCC) Homeland Security initiative. The NRIC’s charter is to ensure operational reliability, interoperability, interconnectivity of and accessibility to the public telecommunications network. The NRIC’s team of industry experts includes chief security personnel from many telecommunications corporations and equipment vendors. Focus Group 1B recently released a list of over one hundred cyber security recovery and prevention measures. Companies who followed these recommendations were unaffected by the Slammer worm that cost others up to $1.2 billion (US). A single solution to address the security needs of all wireless network operators does not exist. Every network has a unique configuration and the network elements have different functions, so different security solutions must be implemented. Wireless security experts recommend a layered approach to network security for wireless network operators and recommend that new technologies be continually investigated and deployed. One of those new technologies is intrusion prevention. The inability of common security methods to protect the router is a huge gap that needs to be addressed. Intrusion prevention systems (IPS) combine many of the functionalities of conventional solutions like firewalls, IDS and antivirus software in one platform and protect the entire network at the border. Intrusion prevention technology can also stop threats that other solutions are not capable of mitigating, including: * Distributed Denial of Service (DDoS) * IP Spoofing * Blended Threats Advanced capabilities are needed to record intrusions and identify the intruders to support post attack investigations and problem isolation. The ability to identify potential and actual perpetrators of network intrusions helps reduce the costs associated with attacks and improves the ability to prosecute offenders. The Cost of Attacks The direct costs of these attacks include lost revenue and associated recovery costs. The following chart displays the significance of such costs from real world attack examples: It should also be emphasized that the impact to service providers is not limited to the immediate costs. The near-term effects include loss of customer confidence and slower time-to-market of services. In fact, the magnitude of an attack will ripple with negative effects across a carrier’s customer base and operations, and will have lasting impact upon the carrier’s ability to compete. Where Do We Go From Here? The future for wireless network security is not necessarily bleak. With every wave of technical innovation come expected complexities and chinks in the armor. Consumers will not tolerate practices and technology that do not provide an acceptable level of protection. The industry and governing bodies must alert users and set standards to reduce the dangers. The cost to preventing attacks is far less than that of suffering them. Progressive operators already understand that comprehensive wireless network security is not a necessary evil, but a competitive advantage.