Corruption, Tech and Possible Future

Over the holidays I've had the change to read through a bunch of outstanding research and other docs that have been piling up for a while.  One of them caught my attention I thought it was an interesting thought.  It's actually two reports.  The first, Transparency International's 2010 Global Corruption Barometer is an in-depth study of countries and their respective corruption standing.  The second is the World Economic forum's Global Information Technology Report (2009-2010).  This report details out countries adoption, and predictive adoption, of technology.  Unto themselves the reports are interesting, however, what got me thinking is how the two might relate to each other.

It's interesting to note that most of the countries we see an increase in corporate thefts and fraud related activities are low on the corruption index (high is good and low is bad).  What's interesting is the mechanism in which these crimes are taking place.  If the premise is accepted that technology is just a tool then we should expect


  • The adoption of technology for the globe hasn't fully penetrated the vast majority of countries
  • Most of the countries that technology hasn't been adopted have high levels of corruption
  • Technology is just a tool that has been increasingly used to commit financial, extortion and other commonly accepted crimes.
  • The probability to commit a technology facilitated crime and not get caught is much higher than traditional methods
  • If the adoption of technology happens in these corrupted countries, we should see a dramatic increase in these crimes via technology
  • The root of the problem, if causality can be proven, is the reasons for the corruption.  Without addressing that the problem will persist.
  • The current problems that exist in identifying and catching these criminals will continue as Local and Country police are typically not equipped to handle it.  In addition, Interpol, who's capabilities have dramatically increased, are highly dependent on the state police to help solve the crimes.
  • Businesses should reflect on the corruption of the countries in which they are using to establish offices or provide services out of as part of their overall risk process.

Over the past six years we've seen a dramatic increase in electronic crime that hasn't been seen before.  With this adoption we could be seeing just the tip of the iceberg.  The Nigerian scams are a great example of how the problem is extremely difficult to root out as majority of town revenue streams come from the crime.

Countries of Note due to high "Police" corruption and low technology adoption.  Using a Police corruption number of 3.8 as a cut off for clarity.

Country      Corupt. Political Parties  Corupt. Police
          GITR Rank
Vietnam 2.0438388 3.8077635 54
Brazil 4.1451104 3.8198103 61
Argentina 4.1175891 3.8446812 91
Taiwan 3.5332984 3.8666974 11
Romania 4.5444174 3.8934996 59
Peru 4.2007345 3.9155075 92
Russia 3.5236709 3.9386525 80
Mongolia 4.1816065 3.9501134 94
Colombia 4.2311558 4.001005 60
India 4.2217742 4.0674044 43
Liberia 2.8963661 4.0763052 Unknown
Armenia 3.5971731 4.0825893 101
Bolivia 4.2205342 4.0836821 131
Zambia 3.5695122 4.1127211 97
Moldova 3.8246639 4.1363434 Unknown
Malaysia 3.990625 4.1465164 27
Ukraine 4.0301418 4.3349411 Unknown
El Salvador 4.4437751 4.3420523 81
South Africa 3.9114924 4.3666732 62
Sierra Leone 3.5328859 4.3674293 Unknown
Venezuela 4.0452675 4.3880446 112
Bangladesh 3.8281734 4.3894467 118
Mexico 4.4125156 4.4282141 78
Pakistan 4.0727034 4.4706267 87
Cameroon 3.9943524 4.5120915 128
Ghana 4.1121755 4.5615865 98
Kenya 3.7685056 4.568006 90
Senegal 4.4482759 4.6148225 75
Uganda 3.0574257 4.6236453 115
Nigeria 4.5270236 4.658404 99

Targeted Attacks and Common Defenses

Targeted attacks have been around for a while now but only recntly come to public light.  We've seen Titan Rain in 2003, Hydraq in 2009, Stuxnet in 2010 and more.  A lot of people talk about who the bad actors are as if that's going to help solve the problem.  The issue we need to focus on is not asmuch as who's doing it rather how do we stop it.  Not a lot of people are talking about that so I thought I would.  I've been talking about these defenses with peers for over 4 years now and they seem to have worked fairly well.

1) Block all dynamic DNS requests.  A large portion, over 90%, of the malware attacks are using dynamic DNS to stage and relay the attacks.  In addition they have little to no business impact to blocking.

2) Implement a NAC solution.  Most companies have little to no control over what the users plug into their networks.  This has been a significant issue for a long time.  We can't ensure the protection of the device if we don't control the device.

3) Identify key data points.  The attacks are going after two things.  Intellectual Property or PII.  Understanding where the data is and ensuring proper identity and authentication is key.  Ensuring basics such as logging and patch management is also key.

4) Data Egress.  In all cases the attacker is taking the data (email, files, etc), compressing them and sending them out to drop sites on the Internet.  By implementing a Data Loss Prevention (DLP) and a Proxy (Bluecoat or Symantec Web Gateway) you can dramatically drop data loss.  Blocking all FTP, RAR, or unauthorized encrypted outbound traffic would help significantly.  At a simple level, blocking specific content is still good via a DLP solution.

5) Educate the users.  Most users still will click on anthing they are given.  Information Security organizations do very poorly in truly educating the users on safe computing.

6) Implement a proper log collection and correllation tool.  Most companies that have been attacked were not able to find all compromised systems or couldn't get the data without many weeks going by because they didn't have a SSIM in place.  Quick identification and remediation is key in the future of security.

There are more but these should help a lot