Researchers from the University of Michigan have developed a mathematical model made to demonstrate and understand how hacking is done by cybercriminals.
The model made by University of Michigan student Rumen Iliev and political scientists and former UN and US Department of Defense employee, Robert Axelrod, is used to analyze the pros and cons attacking on a particular day and the type of security flaws that were exploited. These data were then juxtaposed from previous hacking attacks to discover the ideal time to stage a hack.
According to the researchers, recent hacks, including the attack on Iran's nuclear plans, were precisely timed to create the most damage.
Their model, which focuses on zero-day vulnerabilities, also predicts the ideal time when hackers might attack. Zero-day vulnerability is a security flaw not known to the developers of the program that could be attacked by hackers. It is called as such because when the developers are made aware of the flaw, the attack has already been done.
The Michigan researchers claim that national governments worldwide store the details of zero-day vulnerabilities of the security system of rival countries. By storing these vulnerabilities, the hackers can attack the flaw during the time when it will create the most damage. However, as soon as the attack takes place and the developers notice it, they will develop a patch or a fix, ending the attack. Similarly, if the developers are aware of the flaw even if the attack was made, the hackers won't have the chance to stage their attack.
"As the world's economy increasingly relies on an open and protected internet, cyber security has become a top priority for countries' economic health and national security," wrote Prof. Iliev.
The developers of the model also said that their discovery might help governments have a better understanding of cyber-attacks and therefore come up with more effective ways of preventing them.
The research was published in the Proceedings of the National Academy of Sciences (PNAS).