Ten threat predictions for 2008

Ten threat predictions for 2008

Summary: It is that time of year again. Time to publish my predictions for 2008.


It is that time of year again. Time to publish my predictions for 2008.

ThreatChaos Predictions for 2008

1. Facebook widgets will be used to distribute malware. Facebook, the hugely popular social networking site with millions of users has recently introduced the ability of users to create and publish small applications, widgets. These applications could be for just about anything. I have seen one that asks you to compare your friends in a “hot or not” like manner. Another, a simple game, is a blatant rip-off of Scrabble. Facebook hosts these applications and makes it possible for users to share and interact with them. In 2008 we will see attempts to exploit Facebook through these widgets. It could be through a vulnerability in an existing application that could for instance allow the download of a malicious Trojan. Or, it could be a new application deployed to steal information or infect visitors’ computers.

2. Google’s just announced OpenSocial is an attempt to break the strangle hold that MySpace, Facebook, and LinkedIn are attempting to establish with their user bases. OpenSocial is a set of tools meant to allow developers to create social network applications that can cross the boundaries of proprietary systems. Imagine a mash-up between your Linkedin network and your Salesforce.com database. While OpenSocial promises great rewards in increased networking functionality it opens up risks for exploitation. In 2008 we will see the first attempts to exploit Open Social tools to hack social networks.

3. Salesforce.com AppStore will be involved in a data loss incident. In 2007 we saw the first targeting of Salesforce.com (SFDC) through phishing attacks. Once a user’s credentials where stolen they were used to gain access to their database of contacts who were then spammed. Imagine the power of a SFDC application that is maliciously used to steal information from those who use it. I predict that 2008 will be the year that SFDM applications will be exploited for nefarious purposes.

4. China will continue to have its way with other nation’s critical information. In 2007 we learned that attacks emanating from the Chinese military had penetrated the German Chancellery, England’s Whitehall and the Pentagon. 2008 will see a continuance of China’s attacks on Western governments and industry. More penetrations of government agencies will be uncovered and publicized.

5. Ex-Soviet states will continue to snipe at each other using the weapons of cyber-extortionists: Distributed Denial of Service Attacks, the tactical nukes of the digital era. In May of 2007 a political dispute over a war memorial in Estonia escalated to a full fledged cyber attack against Estonia encouraged by the Putin regime. I predict that Russia will continue to use their newfound ability to use cyber extortionists’ tools to impose their political will on break away states.

6. Cyber crime will get up close and personal. Targeting will become the most profitable means of attack for the cyber criminal. In 2007 Igor Klopov, a 24 year old Russian, used the Forbes list of wealthiest Americans to choose a target billionaire in Texas. More companies and individuals will find themselves the targets of hackers in 2008.

7. Financial markets will be disrupted by increasingly elaborate schemes: pump and dump combined with DDoS for instance. One scenario that could play out: Hackers use phishing attacks to gain access to online brokerage accounts. They liquidate the victim’s stock portfolio and buy short positions in some other stock. They then execute a massive denial of service attack against the company behind that stock and redeem their positions when the stock tumbles.

8. The world learns what the Storm Trojan is for. The Storm Trojan is one of the most sophisticated pieces of malware ever. It has defensive abilities that are used to try to shut down researchers. To date it has not been used but its huge distribution, possibly more than 50 million instances, could be a one of the most disruptive weapons ever deployed on the Internet. In 2008 we will learn just what the Storm Trojan is meant to do.

9. Terrorist organizations bring out DDoS as a weapon against e-commerce and media sites that choose to display images of Mohamed. This actually first occurred in December 2006 but the site involved chose not to publicize the incident. Imagine what would happen if a site started selling plush toys bearing the names of various prophets? Watch for it in 2008.

10. Game console exploits will be transmitted over the Internet, the Wii in particular. The game console industry is tremendously competitive. One of their biggest opportunities is in networking games between consoles. Network access means exposure to network attacks. That coupled with the wide ownership of game consoles by hackers and you have an easy prediction for 2008. Vulnerabilities in game consoles will be exploited to spread malware.

-Richard Stiennon

Disclaimer: These predictions are my personal opinions. They in no way reflect the opinions of my employer or ZDNET.

Topics: Hardware, Collaboration, Google, Mobility, Networking, Security, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • And the Western World will accept these attacks

    The western world will bury their heads in the sand, because it would not be politically correct, to openly advise all, that Muslims and the Communists are enemy's of the west. I wait for the end of left wing liberalism, we need to fight fire with fire, not passive rhetoric.
    • Muslims?

      It's not their religion. It's the people themselves. Their religion is often blamed, but there are many times more muslims that are kind, decent people. Do you see people blaming all Christians for the actions of a few?
      • Do you see people blaming all Christians for the actions of a few?

        Why, yes! Don't you?
      • Islam, Christianity, Hinduism, any religion

        It's all delusional stupidity.

        Without religion Good people do good things, and Evil people do evil things. It takes religion to get good people to do evil things.
        tracy anne
        • Not ANY religion

          And precisely (in recent times) what evil has anyone done in the name of Christ?? (That was, in fact, a GOOD person.)

          Christians do not force people to convert at gunpoint.
          Christians do not blow themselves up in order to kill someone in the name of God.

          I will argue that the evil that some Christians have done recently (for example, killing a doctor that performs abortions), is (a) isolated and (b) they were evil anyway.

          I believe that many, if not most, that follow Islam are peaceful. So, I'm not so sure that their religion is making them do evil things.

          I think that I'd argue that those that do evil things are in fact evil. Or have been led to doing evil things by evil people.

          Think about this... Are all who join (criminal) gangs evil? Probably NOT. BUT, they are led by evil people into doing evil things. Such is the way of gangs.

          Similarly, such is the way with some religious leaders. BUT, I doubt that any Christians would strap on a bomb and go blow them selves up in a large city. And why not? Because they have been taught that murder is an evil thing to do.
  • The White Bear is out there

    A white Peace Teddy Bear was on the market within days of the arrest of the British teacher in the Sudan.

    You described computer invasions as the cyber WMD. What is needed is a cyber Stratigic Air Command with counter strike capability. Plant Trojans in likely targeted files. It would not have to be too complex. Just a DOD level HD cleaner. And program in a massive power surge to fry the components. Or, just add an attachment that says "Open to to see mude photograph of Britney."
    • Get rid of the botnets

      > What is needed is a cyber Stratigic Air Command
      > with counter strike capability.

      If my poposal is called neo-Darwinism, so be it. Governments should attack the botnet breeding grounds, i.e. insecure machines. The strategy is simple, use ordinary vulnerabilities to install viruses that delete entire partitions. Or even brick machines if possible. Irresponsible owners don't give a flying F*** if their machines are being used to spam/phish the rest of the planet, DDOS legitimate websites, or launch ransomware attacks. If being careless meant getting your drive wiped, or your machine bricked, the fools would damn well start to care. If a person is incapable of driving without running over children, they get their licence taken away, and car seized. Similarly irresponsible computer owners should be treated the same way.
      Knorthern Knight
  • RE: Ten threat predictions for 2008

    Scary Stuff!
    The world needs two things:
    1. A "Net Force" type of organization to track down these hackers.
    2. Very stiff punishment for those involved in malicious hacking. Such as life in prison without possibility of parole.

    And when hacking is found to be goverment sponsored, sever trade agreements with these countries until they stop their activities and prosicute the parties responsible.
  • ISPs bottleneck

    Not to mention the effect such tactics will have on the system as a whole: users in Europe are seriously ticked with their ISPs about paying for 8mbs downloads and getting less than 1mbs. Much of this overload is spam, 10mb video ads streamed with 2kb of hard data, for instance.
  • What!!!

    Ok, the first 3 points of the "premonition" were interesting. It helped me understand, as a simple Internet user, which threats I'm going to face next year.
    But then, the other 7 points... I'm sorry to say this... useless!
    When I saw the titled of the paper, I hoped it would give me some useful information about Internet threats for 2008, so I can be prepared... but you actually turn your premonitions into some sort of a James Bond movie stuff. And also those 7 points were redundant. We knew of them back in 2006, and they were "predicted" at that time.
    Is not the first paper I saw about preditions on the site! People are analysing things that we already know.
  • RE: Ten threat predictions for 2008

    What strikes me is that we (apparently) know so much about Internet threats and the scumbags that infect the network, why is it that nobody (apparently again) retaliate in kind by infecting the black hats' sites or servers. Is it so difficult to do, technically?
    If I ever get bitten by a dog, I plan on biting that dog right back.
  • RE: Ten threat predictions for 2008

    Why most of westerners take China as a threat no matter in politics or industry? Because the fears!!! They are not admit China is getting stronger the people in China are living a better life even better than some westerners. They are able to travel a lot since 2000 even earlier years. They are more rich and educated. The most important reason is China is still the biggest country in the world. Therefore some western countries are afraid of their position will be taken by China especially U.S.A.

    The US make itself a international policeman to involve every sigle thing in other countries even the WAR! Why? They can be benefit from the affair they participate in--it is so mean!!!So don't blame others before admit your own fault.I'd like to give US government a advice that is to manage your own business is better than be a international policeman and you are not GOD even you think you are,BUT YOU ARE NOT!!!
    • What are you talking about?

      wait, wait, wait... we're talking about technology here, not War... or who is better than the other...please, limitate yourself to discuss about that subject please...
  • RE: Ten threat predictions for 2008

    Re: Facebook Widgets and Apps,
    Who has time to use all this STUFF?? Personally, I make it a point NOT to use more that a handful of carefully chosen apps on Facebook. With all the social networking groups and features online, anyone who actually has a life in real time can't possible deal with all this MESS, and I think the apps and widgets on FB are so much clutter I can't stand it. I've got a notification box filled with requests by other users to add stuff. Drives me nuts. Just don't install the crap, you'll be fine!
  • dude..u guys need help

    seriously...this is messed up. I dont even understand the whole wii thing and every thing else is like..uh uh. yeah..no more.