Integrity Attacks Begin as Mistakes
Last year I wrote First They Came for Bandwidth, where I described a progression through three attack types:
- First they came for bandwidth... These are attacks on availability, executed via denial of service attacks starting in the mid 1990's and monetized later via extortion.
- Next they came for secrets... These are attacks on confidentiality, executed via disclosure of sensitive data starting in the late 1990's and monetized as personally identifiable information and accounts for sale in the underground.
- Now they are coming to make a difference... These are attacks on integrity, executed by degrading information starting at the beginning of this decade. These attacks will manifest as changes to trusted data such that those alterations benefit the party making the change. This sort of attack undermines the trustworthiness of data.
The scariest part is the last attack can be the hardest to detect and recover.
I thought about this when I read this entry in the newest Risks Digest as Software glitch causes incorrect medication dosages:
Patients at VA health centers were given incorrect doses of drugs, had needed treatments delayed and may have been exposed to other medical errors due to the glitches that showed faulty displays of their electronic health records, according to internal documents obtained by The Associated Press under the Freedom of Information Act.
The VA's recent glitches involved medical data -- vital signs, lab results, active meds -- that sometimes popped up under another patient's name on the computer screen. Records also failed to clearly display a doctor's stop order for a treatment, leading to reported cases of unnecessary doses of intravenous drugs such as blood-thinning heparin.
According to interviews and the VA's internal memos, the glitches began after the VA distributed its annual software upgrade last August .
By early October, hospitals began reporting the troubling problems: When doctors pulled up electronic records of different patients within 10 minutes of each other to offer treatment advice, the medical information of the first patient sometimes displayed under the second person's name. In some records, a doctor's stop order for intravenous injections also failed to
Ref: Veterans given wrong drug doses due to glitch (MSNBC)
The next step is intentional alteration of records.
If we think it's tough to maintain availability and confidentiality, wait until we security people are tasked with validating the integrity of data. It will happen after a celebrity dies or a group of "normal people" do, unfortunately en masse.
Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for the best rates.