Digital Red Cross and how it prevents cyber attacks
What exactly is a digital red cross, and is it possible that it may prevent cyber attacks?
The software used to steal cryptocurrency receives an update, and the federal government is able to take one billion dollars' worth of cryptocurrency from the hacker who was responsible for the silk road.
All of this and more is going to be covered in today's collection of news about cyber security technology.
Everyone is familiar with the symbol of the red cross, and during times of conflict, it is often painted on the sides of vehicles, tents, and even people. This is done to communicate to the enemy that the individuals bearing the symbol are medical personnel, and they should not be shot.
In theory, the Geneva convention affords protection to everything wearing this emblem. In practice, however, this is not always the case.
But today, in addition to traditional dangers, medical services must also contend with new ones, like cybercrime and cyberwar.
And I really doubt that slapping some bloody crosses on the back of computers would dissuade cybercriminals in any way.
Malware does not necessarily know who it is infecting, and it will simply lock up the computer of anyone is unlucky enough to download it. While many cyber criminals do swear not to target healthcare organizations, malware does not necessarily know who it is infecting.
Consequently, a new paper on "digitalizing the red cross" has been released. The focus of this research is on the question of how a computer might inform malicious software that it is connected to medical issues and ask that it be left alone.
If you want to let Google know that you'd rather they didn't crawl your website, for instance, you'd simply create a robots.txt file in the root directory of your website and mark it as disallowed within that file. It seems as though the implementation of a "digital red cross" would be something that could be done with a fair amount of ease.
It is possible that a file like red-cross.txt exists in this scenario, the sheer presence of which would tip off hackers to the fact that the computer in question is used for medical purposes.
I mean, yeah, anybody could abuse this by writing the txt on their own computer, but anyone
can wear an armband, so this isn't a new concern. I'm just saying.
However, there is still another significant drawback associated with using this technique, and it is not what you may anticipate.
If a hacker breaks into a computer and then attempts to determine whether or not this particular file exists, the compromised system will be able to recognize an attempt to access it and will thus be aware that it is being attacked.
This would mean that virtually all organizations, regardless of whether they are related to the medical field or not, would monitor whether or not the existence of this file is being checked for. If it is, then they would know that they are being attacked and would lock down their systems in response to the threat.
As a result, hackers simply would not want to check for the file, which renders the whole purpose of it irrelevant.
Therefore, in order to get hackers interested in checking for a "digital red cross," the system in question has to be tailored to their requirements. They must be able to seek for it without setting off any alarms, since this is an essential component.
The report includes a number of suggestions as to how this could be put into action. One of these suggestions is that a solution could be based on DNS, in the form of a new top level domain that is reserved exclusively for healthcare organizations. However, DNS is not immune to people tampering with it.
Additionally, it's possible that the organization's domain isn't even viewable from all of the machines that are connected to the network.
The second concept is one that is based on Internet Protocol (IP). Medical organizations may submit the IP addresses that they use to a neutral third party, which could create and publish a list of all the IPs that people should leave alone... However, because of a technology known as "network address translation," it is possible for a large number of devices to be hidden behind a single public IP address.
How then do you know that all of these systems are medical, and that a malicious party is not just using this virtual barrier to their advantage?
You don't, and that's the thing: putting in place a "digital red cross" is far more difficult than it may first seem to be.
The report does not provide a definitive answer on how this could be solved, but it does settle on what is being called a "Authenticated Digital Emblem," or ADEM for short. This would mean that an organization digitally signs the traffic that their network generates on certain protocols. This would allow malicious actors to determine whether a target is related to healthcare with a simple ping.
This entire concept hasn't even left the whitepaper yet; it still has to be prototyped, so we won't know whether it truly works until we put it into reality. In the meanwhile, we'll just have to wait and watch.