Four proposals for global solutions to GhostNet-style malware invasions

March 31, 10:00 AMMedia Industry ExaminerJudah Freed

Previous Next

Comment Print Email RSS Subscribe

Subscribe

Get alerts when there is a new article from the Media Industry Examiner. Read Examiner.com's terms of use.

Email Address   Include other special offers from Examiner.com Terms of Use

The world is still reeling from revelations over the weekend of a malicious software infestation of more than 1200 government and corporate computers in 103 countries. 

The malware was first detected by the IT staff of the Tibetan Government in Exile (TBIE) in Dharamsala, India, which triggered a nine-month investigation by the Information Warfare Monitor (IMW), a joint venture of Toronto University’s Citizen Lab at the Munke Centre for International Studies and the Canadian think-tank SecDev.

IWM said on March 28 that hackers in China appeared to be the main source of the malware network, called "GhostNet," but the hackers have not yet been publicly identified. The government of the People Republic of China dismisses their alleged involvement in these espionage activities as "propaganda."

As discussed today in my political issues column, the best long-term solution to malware is not so much diplomatic sanctions as a solid technical fix. I have four initial suggestions.

First, all of the compromised computers were using Microsoft Windows, as best I can determine. Given Windows' well-documented vulnerabilities to attack, the most logical solution is obvious. Governments and corporations could switch their secure IT operations to either Apple Macintosh systems, which are highly resistant to worms and viruses, or else convert to Unix, which also is resistant.

Second, governments and corporations need to create more buffers and firewalls to prevent malware from being imported. In the case of GhostNet, according to IMW, the initial incursion was through a PDF  file that was innocuously downloaded by one of the TBIE staffers. Therefore, from now on, there needs to be a physical divide between computer connected to the outside world and the internal network of computers that conduct sensitive operations. I know it's cumbersome to require data to be carried by a physical medium from an Internet-connected system to a separate intranet, but it sure is more secure.

Third, governments and corporation need to team up with the Open Source software community to develop new security protocols that cannot be breached so easily. A possible model might be Public Key Encryption, which requires so many man-hours to hack that the hurculean effort is not worthwhile.

Fourth, the software community needs to concentrate its creative efforts on developing a new generation of filters to detect malware, worms, viruses, and other nasties, such as the latest April Fools Day virus now infesting Windows-based systems.  This may mean that proprietary software vendors will need to open their code (discreetly) for the filters to identify what's legit code and what's malware code, yet I'd argue that the small loss of proprietary rights will be more than offset by the security gains.

These are or just four initial suggestions. You might have better ones, which I encourage you to post in the comments section below. Perhaps together we can do the world some good here.

To submit News Tips and Press Releases:

A REQUEST: Please keep your comments relevant to the topic of the posting above.
And please practice civility in your interactions with others. Thanks.