The concussion from the bombardment of computer code is silent, though the havoc wreaked is deafening. Cyber-attacks have escalated in scope and frequency in the last five months affecting finance, creditability, and confidence in the private and public sector.
What is going on and why?
There are several fronts in this battle. From the left flank, there is Lulz Security (Twitter: @lulzsec). This brash band of rapscallions unleashed a fifty-day torrent of hacking terror upon government agencies, gaming and broadcasting companies. It began in March with a successful attack of RSA (the security group within EMC) who owns SecurID’s two-factor authentication products used by large organizations to provide security for corporate networks. Once they had these keys, the group breached dozens of corporations.
Suspected of breaking into the Sony PlayStation network, LulzSec potentially stole millions of customer’s accounts. They also rendered the peer-to-peer network, which allows worldwide gamers to play each other interactively, in shambles for weeks. Before they reigned in their troops, they performed several distributed denial of service (DDoS) attacks on various agencies including the CIA, FBI, and Senate. Simultaneously tweeting while attacking, the rationale for their acts were twofold; amusement and their disdain for organizations that leave known security vulnerabilities unpatched.
From the right flank are purported foreign countries that pursue U.S. national intelligence. It is difficult to determine if these attacks are coming from the foreign states or individual groups within those countries. The highest threat is derived from China and Russia. According to The New York Times, a foreign intelligence service hacked into a corporate contractor and obtained 24,000 Pentagon files in March. Disclosed just days ago, this is one of the worst attacks in US history.
Lastly, from the rear are News Corp. and the Rupert Murdock scandal. Journalists “hacked” into nearly 4,000 phones and listened to voicemails. Phone hacking (Phreaking) has a long history going back to the 1950’s. Early “phreakers” made free pay phone calls by tapping the phone circuit fast enough to mimic the rotary sound, allowing dialing for free. Currently the News Corp. scandal exploits some telecoms rather weak security. One security flaw is that fully one third of users still have their cell phone issued password to access voicemail. A simple Internet search will yield the three primary default passwords. By trial and error, the journalist at News Corp. used these default passwords to gain access. The other dominant weakness is the host of tools available to anyone in the wicked ways of accessing networks illegally for data or financial gain. Those utilizing preexisting tools to exploit networks are script kiddies.
Combating these fronts the U.S. Federal Government has unveiled a new cyber security strategy. In the plan, the Pentagon declared that cyber-attacks on its networks could be considered an act of war. They also outlined potential threats and some tools available to counter cyber-attacks. It is clear that the Government is taking the previous and the recent uptick in attacks very seriously. With the increased reliance of the Internet, there is little doubt that our leadership considers future battles to be fought via servers and the interconnected pipes of the web and they are preparing vigilantly.