Security news 22/12/2017
- After many, many years with the ever-pressing threat of quantum computers, NIST has finally published the final list of the first round of algorithm evaluations for post-quantum cryptography. https://csrc.nist.gov/projects/post-quantum-cryptography/round-1-submissions
- The National Office of Cyber and Information Security has developed a decree on criteria for essential services https://www.govcert.cz/cs/vyhlaska-c-437-2017-sb-o-kriteriich-pro-urceni-provozovatele-zakladni-sluzby/, which is similar in the digital world to the critical infrastructure https://www.zakonyprolidi.cz/cs/2010-432 in the physical world. The practical significance of this is not so much technical as it is that other legal requirements can be brought to bear on it, both in a negative sense from our perspective (safeguards, vetting, certification) and in a positive sense (easing of tender rules, contract splitting, etc.).
- The digital underworld has one specificity compared to the physical one. There is a large number of “good” criminals (white hat hackers) who appear in the physical world only in fairy tales. Their illegal activities, although they can be highly destructive, do not serve to enrich or attack, but instead serve the public good. The scale of such actions is at times breathtaking, such as when in 2012 nearly half a million network devices https://en.wikipedia.org/wiki/Carna_botnet were taken over to monitor the activity of the Internet as a whole, an invaluable source of information http://census2012.sourceforge.net/paper.html for setting global policies for the world’s information infrastructure.
A similarly monstrous action was also revealed in recent days, when a group of hackers who were ridding the Internet of compromised devices that were involved, or at risk of being involved, in one of the attack botnets (mainly Mirai, etc.) announced the end of their work. According to their statement https://ghostbin.com/paste/q2vq2, DDoS attacks, which already bring the Internet to the brink of collapse at times, would be absolutely devastating. The controversy is whether someone has the right to break such a device remotely if it cannot be cured. In any case, the question is how the situation will continue to evolve after their activities have ended.
Author: František Řezáč