The Next Generation of IT Risk

The next generation of hardware and software is a constant source of speculation. However, this article will focus on the next generation of IT risk. While malicious software has evolved, such as the adaptive Stuxnet virus, there are new threats emerging in IT.

  • Key generation software is used to create crack codes for software licenses. However, software licenses are increasingly given on a case by case, login by login basis. For example, users accessing a subscription site from a home computer, work computer and mobile device do not want to pay for three software licenses. Use the same application from the cloud, albeit after providing the necessary passwords or codes. Key generation software will likely evolve to provide temporary access to cloud based applications for those on the move or seeking short term usage of applications.
  • Personally identifiable information (PII) has focused on names, addresses, phone numbers, Social Security Numbers (SSN) and sometimes insurance ID numbers. PII is expanding to include web identities. If the government creates a Web ID similar to a Simplified Sign On (SSO) model for use on government websites, it may be mandated down the chain to everything from your local travel authority’s TollTag website to SNAP card balance checking and signing up for unemployment. This will make the person’s Web ID as valuable or more so than someone’s SSN.
  • Disposable cell phones allow terrorists to keep in touch without being tracked. Disposable online personas provide a web presence for the right buyer. I have observed on crowd-sourcing websites jobs such as “create an email account with this domain, then give me the login and password, $1” or “create social networking account here and give credentials, 50 cents”. I’ve even seen “create a Craigslist account with this email address, validate with your phone number, then give me the credentials, $5”. Those barred form access based on their IP address get around this hassle by asking others to create new accounts for them. I expect this phenomena to expand as phishing scammers see whole nations’ IP addresses blocked and use crowd-sourcing websites to pay others to create whole online personas, from email accounts to social networking profiles. Maintaining a constant stream of new email accounts and personas allows someone to remain online as quickly as they are discovered and shut down by administrators.
  • Social media is back in the spot light as it was discovered that the U.S. government has created social networking profiles to monitor online chats. It is also seeking bids for software to manage up to 10 profiles automatically, such as posting innocuous comments and updates. This creates the illusion of real people that can then be connected to others to track their statements, actions and online associations. While valuable in intelligence gathering and purportedly for anti-terrorism monitoring, this software will quickly spread beyond the government domain. It will move to the private market and get used by marketers to create false online presences to promote products and services. It will also get stolen and used by phishers to elicit personally identifiable information.