An interesting article in The Register caught my eye today. The story comes from Sunnet Beskeming, an Australian security consultancy with an unusual Dutch-derived name. They point to some interesting activity (or lack of it) on the Internet. Their researchers have noted an unexplained deviation in Global network traffic in the last few days, particularly in South America, Asia and Australia.
The researchers spotted a 5% dip in the measured index, accompanied by an 11% climb in packet loss and a significant improvement in response times. These changes, combined with other traffic analysis observations suggest an event or series of events. Yet none have been reported.
This type of analysis is significant to all security professionals. Not so much because there might be something brewing that’s about to hit Europe and the USA. But because it signals a new tool in the CISO’s toolbox. Communications traffic analysis, previously the preserve of Government signals intelligence agencies is becoming an important source of real-time intelligence to anyone who needs to spot zero-day attacks or large-scale leakage of confidential data. And that’s most of us. So we should all be looking to exploit this technique. Because with today's technology, we can identify, analyse and report on many types of anomolous activity, shedding a new searchlight on the dark side of network behaviour.