In association with heise online

31 December 2007, 12:34

The year 2008 in a review through the crystal ball

Thanks to heise Security's special crystal ball, we are already -- and, of course, exclusively -- able to take a look forwards and provide you with a review of the most important security events of 2008.

February 2nd: UK Commissioner of Police, Paul Broomfield, suddenly steps down. There are rumours that he was forced to do so because his office had failed to produce even a working demonstration of the controversial anti-crime trojan even though the budget for its development had already been completely exhausted. The former UK head of MI5, John Kendall, is expected to succeed him.

March 8th: Scotland Yard have achieved a spectacular success story: in the dead of the night, they liberate 12-year-old Sandy and apprehend her kidnapper, who was unsuspectingly sitting at his PC. They got his address based on data stored by its provider. UK Commissioner of Police Kendall celebrated the event as the first time that the new laws for data retention have actually saved a life. It is not yet known whether Sandy's parents paid the 100,000 pounds in ransom.

March 12th: Scotland Yard's explanations on its recent success in the case of kidnapped Sandy are raising more questions than they answer. Where did Scotland Yard get the kidnapper's IP address? Where did they get the draft of his demand for ransom that was never sent if, as they explained, no PC was found? Scotland Yard is tight-lipped on the matter.

April 18th: In an extensive interview in the current issue of The Times newspaper, an unidentified party with the codename "Hiro" says he provided the information that led to the freeing of little Sandy. He says that the video of the little girl broadcast on UK television touched him so deeply that he immediately decided to do everything he could to help save her. He then contacted Scotland Yard and offered to install investigation software on as many computers as possible. Scotland Yard reportedly then gave him a customized version of its "Remote Forensic Software", which he installed on 10 million PCs.

May 2nd: An iPhone Worm is spreading through a hole in a service at port 1720. Because iPhones are constantly connected to the Internet via GPRS or WLAN, all iPhone users are highly vulnerable, the UK government's IT authorities recommend that users switch off their cell phones until a remedy has been found.

May 14th: UK newspaper The Guardian has discovered that "Hiro" operates a giant bot network consisting of several million PCs; the network mainly sends out spam and spyware. He reportedly had Scotland Yard's spyware downloaded from its central Command&Control server. The Guardian says that the bot network is still active. Furthermore somebody transferred 200,000 pounds to "Hiro's" account on March 3. Scotland Yard did not wish to comment on the matter. The website of The Guardian is currently off-line.

May 18th: The iPhone Worm, now popularly called iPulse, made all infected cell phones ring simultaneously at 12 noon today. Those who answered were presented with a video containing diabolical laughter; their contact data were then entirely deleted.

June 1st: The Chaos Computer Club (CCC) has managed to obtain a copy of the "Remote Forensic Software" used to capture little Sandy's kidnapper and has analyzed it. Written in Visual Basic, the software apparently looks for such key words as "Sandy" and "ransom" in doc files on a PC. The anti-crime trojan then transmits the files it finds without encryption via HTTP to a server located in Cardiff. A flaw in the Web server's PHP script then allowed for access to directories containing the files still stored there. In addition, the security experts at CCC found at least two critical vulnerabilities in the anti-crime trojan that allow code to be injected and executed.

August 2nd: Once it turned out that the anti-crime trojan did not even fulfil the minimum requirements for security, scalability, and code quality, the project "Open Trojan" was established. The goal is to produce an open source solution for the remote, covert surveillance and investigation of PCs that fulfils the highest demands.

October 2: A previously unknown vulnerability in Flash Player is currently being actively exploited. Within only a few days, millions of users have infected themselves with a contaminant called W32.Pron from a video at YouPorn.

October 4: W32.Pron turns out to be a sophisticated spy program based on the Open Trojan project. Based on the various data found on PCs, the contaminant determines the owner's name and address, which it then publishes on a practically endless array of forum sites. UK Commissioner of Police Kendall and a number of politicians, all of them male, are pro-actively contacting the press to make sure that forum operators understand that they must immediately delete this data without reading it or face damage claims from this trojan's victims, whose privacy has been violated.

Last year, our crystal ball wasn't very accurate, so we can hope that at least some of the events described above won't happen. Best wishes for 2008 from your

heise Security team

Print Version | Permalink:
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit