As volunteer director of the SANS Institute’s Internet Storm Center, Marcus Sachs has an eagle-eyed view of Internet security, tracking cyber-threats in real time and raising awareness when malicious hackers launch attacks.
Sachs also directs the Washington operations of the Cyber Security Research and Development Center, which is operated by SRI International’s Computer Science Laboratory under a contract with the U.S. Department of Homeland Security.
On a typical day at the ISC, Sachs and a group of about 40 volunteers keep watch over about 500,000 different IP addresses to look for signs of malicious activity. In addition, the ISC incident handlers collect data from third-party sources and maintain the popular daily handler’s diary of the biggest security issues of the day.
In this interview with Ziff Davis Internet News, Sachs talks about his work at the ISC, the changing face of network worms and virus attacks, his Web browser, of course, and the general state of Internet security.
It’s been almost a year since Microsoft Corp. shipped XP Service Pack 2 to counter the big network worms. Are we any safer today?
I think we are, I really do. If you look at the numbers, there is a reduction in the traditional types of attacks. We haven’t seen a big worm since Sasser more than a year ago, so, in that sense, SP2 has served the purpose. But that’s not to say the Internet has become safe, because the threats have shifted dramatically.
We’re still seeing nonstop activity around e-mail viruses and Trojans and botnet zombies
That’s the shift I’m talking about. The attacks have moved from being a hacker wanting to prove a point by creating chaos, to one where he is out to make money. That’s why phishing is such a big problem.
The malware writers are looking to steal identities and credit card data. They are using their skills to make money from illegal activity. They’re no longer going after typical attack mechanisms that are more along the lines of a nuisance. Now, it’s a subversive, organized scheme. It’s about making money from the Internet rather than harassing the Internet.
It has always been changing over the years. In the mid- to late 1990s, the big threat was Web site defacements. Then it moved to the e-mail viruses and then to the self-replicating worm. A few years ago, we had all the big worms coming one after the other, but we haven’t seen one in over a year.
In the last 18 to 24 months, the big swing has been toward tricking people into giving up their credit card information. We’re seeing massive intrusions into meeting points where the financial world comes together. Large containers of intellectual property are being breached.
Have we seen the last of the big, nuisance-related network worm?
I don’t know that you can say that. It’s hard to predict what the underground will do. It’s not a stretch to imagine that a newcomer will still want to make his name with a nuisance worm, but I think the wave has crested in terms of types of worms we’ve seen.
Read the full story on eWEEK.com: Today’s Hackers Code for Cash, Not Chaos