The origins of hacker attacks

Here’s an article from the March 31, 2008 issue of Investors Business Daily:

About half of all hacker attacks originate from the .edu domain used by colleges, according to data recently compiled by network security experts at Microsoft.  The software giant’s chief security officer said this frustrating trend is a fundamental problem and indicates that more collaboration with universities is needed to stop it, tech news site reported.

A couple of thoughts on this.  First, I was not among the security experts who compiled the data.  I know some of my readers may be shocked to hear that, but alas, it’s true.

Second, this report tends to correlate with my own general observations about the nature of security.  Universities and other educational institutions usually have open terminals.  Many times they don’t have the best security software on there.  People tend to come and go, come and go, and terminals can have multiple users on them on a single day.  This is contrasted from many large corporations where terminals usually have only a couple of people working on them.  Also, large corporations have security personnel dedicated to enforcing network security.

I think universities do the best they can but the inherent insecurity (namely, people coming and going, sleep-deprived students passing out their password information) of open terminal locations is going to be a problem for a long time.  I think that this is an area that technology is going to have to solve.  I don’t mean in the sense that technology can prevent hacking attacks if it’s enforced, I mean that technology will need to be developed that can pre-empt users from doing something that compromises the integrity of the network.

In the anti-spam world, the optimal solution is for humans to write spam rules but computers to score them.  This allows for flexibility in rule creation but technology to prevent a badly written rule from going in and causing havoc.  Similarly, I envision technology that allows users to use the workstations but prevent them from doing something silly, like giving out passwords or downloading viruses.  In other words, we need better IT enforcement of the nullification of PEBKAC.