The global and independent platform for the SAP community.
IT Security Column, MAG 15-10

To see is to believe...

Faster-than-light spaceships and fighting elves, preferably in surround sound - plus chips and a cold beer. The evening is saved. There's nothing wrong with that. It becomes problematic when the line between fiction and reality blurs.
E-3 Magazine
September 22, 2015
Content:
it security header
avatar
This text has been automatically translated from German to English.

In criminal investigations, the "CSI effect" has become a serious problem in the USA: Jurors are "corrupted," for example, by methods and timelines exemplified in popular crime series.

Now that there are also movies and series set in the "cyber" environment, this problem is also slowly spilling over into IT security.

Of course, it is impressive when "the good guys" "disintegrate" the enemy firewall with effective Trojan bombardment.

The password cracker, which tries out all passwords in ten minutes, or the anonymous Internet user, who can be effectively unmasked over several stations on a world map, are also not to be sneezed at.

Light years from reality

Almost everything in film and television has to be visually appealing. And where this is not the case in reality, things are just made to look better.

Often beyond recognition: alleged "hackers," whether on the right or wrong side, are stereotypically portrayed as "nerds": either the chubby variety with black clothes and long hair - or aspen-faced, wearing a lumberjack shirt and black horn-rimmed glasses.

In both cases, however, coupled with the necessary criminal energy. But IT security today is neither visually spectacular nor simple.

In many cases, it is simply boring for outsiders. Criminal activities in cyberspace are also rarely carried out by technical and criminal geniuses.

On the contrary, as in "normal" industry, there is a clear division of tasks: those with the technical knowledge to create attack tools of any kind are not necessarily the ones who use them.
A very good description of the current situation is provided by the recently presented "Bundeslagebild Cybercrime 2014" of the Federal Criminal Police Office. This explicitly addresses the growth of cybercrime as a service: Criminal clients can use it to carry out IT attacks without needing technical knowledge or infrastructure themselves.

While the cybercriminal underground has already undergone its own industrial revolution in the past (work processes characterized by a strong division of labor and optimization), it has now arrived at a service society.

This conclusion is consistent with Trend Micro's observations. For years, we have been monitoring the cybercriminal underground in various regions, including North and South America, Africa, Asia, and Russia.

Not only the actors are of interest, but also the type of tools offered, services and their prices allow interesting conclusions to be drawn.

We have published the latest results on the Russian underground in the study "The Russian Underground 2.0". It clearly shows that the Russian underground is currently the most professional and advanced market. On the one hand, there are highly specialized tools and techniques.

But even without a technical background, there is a wide range of services on the other side.

So there's something for everyone - whether tech-savvy or "just" criminal. So reality stands in contrast to fiction. You don't need a technical and/or criminal genius.

The criminal energy and the necessary small change to buy a service do the trick. And the technical expertise is already included here.

The cyberspace exemplified in film and television is visually imposing - and as long as we don't forget that this is far removed from any reality, there is nothing to prevent a relaxed movie experience.

avatar
E-3 Magazine

Information and educational outreach by and for the SAP community.


All articles of the author

Write a comment

Security: How to protect SAP systems effectively

Precisely supports Amazon RDS for Db2 Service

Flexera completes acquisition of Snow Software

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork. All information about the event can be found here:

SAP Competence Center Summit 2024

Venue

Event Room, FourSide Hotel Salzburg,
At the exhibition center 2,
A-5020 Salzburg

Event date

June 5 and 6, 2024

Regular ticket:

€ 590 excl. VAT

Venue

Event Room, Hotel Hilton Heidelberg,
Kurfürstenanlage 1,
69115 Heidelberg

Event date

28 and 29 February 2024

Tickets

Regular ticket
EUR 590 excl. VAT
The organizer is the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes the attendance of all lectures of the Steampunk and BTP Summit 2024, the visit of the exhibition area, the participation in the evening event as well as the catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due time.