Olympic Hacking

by

In just over 250 days, the eyes of the world will turn to London, England, for the opening of the Summer Olympic Games. Athletes from countries around the globe are deep into training regimens in preparation for the largest stage of athleticism on the planet.

But while athletes still are only in the preparatory stages for the 2012 Olympics, a much different event of “Olympic” proportions is already well underway and these “games” will likely extend well beyond the dimming of the Olympic torch on August 12 of next year. The event is the hacking of international and government computer systems…and while entrants from the United States may be as competitive in this event as they are in most of the events of the Summer Games, it seems that a different country leads the way in the hacking event.

McAfee recently reported that over the last five years there have been 72 targeted hacks on the International Olympic Committee as well as governments and the United Nations. And in spite of their government’s insistence that they neither sponsor nor condone the practice, McAfee notes that China is by far the clear-cut leader in the race for hacking gold.

Although much of the evidence in the hacks studied by McAfee point to Beijing-based culprit, the fact remains that, much like Olympic events, every country in the world has an entry in the hacking games.

True Spirit of Sportsmanship…NOT

Regardless of their point of origin or even their targets, the hacks on the IOC, UN and other international governments prove one thing – hacking has become a truly global sport that thrives on its intended targets acting as spectators rather than active participants. To combat hacking, organizations must get involved and make wise strategic defensive plans to combat hack attacks.

Unfortunately, too many companies take a passive approach to their defense by installing a third-party security system. Historically, security systems have been fine if you want to know when someone or something has infiltrated your perimeter, but in terms of actual proactive defensive measures they are little better than France's “Maginot Line” which failed so miserably to prevent the Germans from invading in World War II.

Every defensive force since the beginning of time has known that if you want to keep the infiltration from happening, you first need to secure your interior – or in the technology age, your application software.

The Glory of Sport and Honor of Our Teams

As shown in the MITRE and the SANS Institute report on the 25 Most Dangerous Programming Flaws released earlier this year, topping the list of flaws in application software code was the one that has been behind many of the highest profile hacks in recent memory – SQL Injection. While there are instances of these flaws coming as a result of new code, many of the vulnerabilities we see in today’s software result from issues in pre-existing code – flaws have lied dormant for generations of application software only to be exploited as hackers become more aware of their existence.

Private and public organizations can ill afford to take the time to rewrite new code every time they need to create a new application, let alone when they customize one. Nevertheless, there needs to be some due diligence applied to ensure that the code upon which new software is built meets with the latest standards and norms of the industry.

If organizations want to keep hackers out of their data, they need to get smarter and build an impenetrable fortress for that data – one without a vulnerable piece of application software. The only way to do that is to perform a complete assessment of the structural quality and overall health of not only newly written code, but also any pre-existing code an application is built upon to ensure it meets up with current standards and hacker intelligence.

Locating and addressing the vulnerabilities will keep organizations just a bit ahead of the hackers in the technology race and deny them the gold medal for Olympic-sized hacking.

Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey
Jonathan Bloom
Jonathan Bloom Technology Writer & Consultant
Jonathan Bloom has been a technology writer and consultant for over 20 years. During his career, Jon has written thousands of journal and magazine articles, blogs and other materials addressing various topics within the IT sector, including software development, enterprise software, mobile, database, security, BI, SaaS/cloud, Health Care IT and Sustainable Technology.
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|