Archive - Cyberwar RSS Feed

Fighting Scary Cyber Threats

PumpkinThis is that time of year when we turn to fall sweaters, football and pumpkin pie.

Its also time to get off the couch for a moment and recalibrate our Cyber security awareness meter. The bad guys are out in force and they are organized, ruthless and hungry.

They attack on every front and in every sector. Industry, government, large businesses, small businesses, students, families or any target connected to “the grid” is open game.

Once again, the Department of Homeland Security kicked off their annual Cyber Security Awareness Month to help raise awareness in this cyber community we have all become attached to and somewhat dependent upon.

“Everyone has to play a role in cybersecurity. Constantly evolving cyber threats require the engagement of the entire nation — from government and law enforcement to the private sector and most importantly, the public. Cyberspace is woven into the fabric of our daily lives and the world is more interconnected today than ever before. We enjoy the benefits and convenience that cyberspace provides as we shop from home online, bank using our smart phones, and interact with friends from around the world through social networks.” Continue Reading…

3 Reasons To Care About CISPA

CapitolDomeAny current legislation being debated in Congress which affects the handling of our private information, deserves attention.

The Cyber Intelligence Sharing and Protection Act (CISPA) has recently passed the House and now awaits Senate approval. Under the provisions of CISPA, U.S. companies could hand over all of your private data  to the government, all in the name of national defense.

This information sharing would be done in the interest of “national security” and the justification for CISPA, is to help our government fight back against foreign hackers like China and Iran.

According to US News and World Report:

“A very long list of major companies – including AT&T, Verizon, Intel, HP, Time Warner Cable, IBM, Comcast, McAfee, Oracle, Google and Facebook – like CISPA because it lets them off the hook. So when Anonymous called for a blackout to protest CISPA, it fell on deaf ears to the big tech, Internet and cable companies responsible for vast swaths of the Internet.”

Three reasons you should care: Continue Reading…

Who’s Afraid Of The Big Bad Wolf?

Ol’ Blue Eyes is back…. and he’s not Frank Sinatra.

In my last post, we discussed this wolf’s current barrage of savage and relentless attacks on private data repositories.

The crimes range from the theft of individual NPPI ( Non Public Personal Information), to raids on corporate data,  to the recent malicious hack into servers at the Central Intelligence Agency.

The culprits could basically be described and motivated in one of three ways:

  • Criminal tricks – Thieves
  • Juvenile kicks –  Hackers
  • Rogue politics –  Enemies

We went on to look at the observations of two of the world’s leading privacy/security thought leaders (Bruce Schneier and Mikko Hypponen) discovering that they not only acknowledge the on-going war, but they are eager to explain the modus operandi  and general motivation that drives each of these blood-thirsty intruders. Continue Reading…

3 Snipers Targeting Your Private Data

The U.S. is being targeted at the highest levels of our nation’s critical infrastructure. You’re a target too.

Sadly, there are at least three privacy snipers out there, who have our valuable data in their sights. You can choose to ignore them, deny them or avoid them; however they are relentless and they aren’t  planning on going away any time soon. Informed security experts clearly acknowledge this reality. We should too.

I recently watched two compelling talks given by security gurus Bruce Schneier and Mikko Hypponen. Their distinct messages and points of view shared a very common theme. Digital crime has emerged as one of our nation’s greatest security threats. These rogue attacks are neither diminishing, nor are they under control.

Bruce Schneier believes that our preconceived notions of security have lulled us to sleep. We believe that the hotels we trust, the food we eat, and the planes we board are safe. According to Schneier, that feeling of security bears little resemblance to actual security, we have just talked ourselves into believing that those activities are what he refers to as “models of safety”. Those models, Schneier says, are hard to dislodge. This thinking makes us more vulnerable to the tactics of relentless identity thieves and hackers.

Hypponen on the other hand, sees value in identifying the three types of online attackers who rule the digital underworld. They are: Continue Reading…

Ahoy Matey! Piracy In The Digital Age

Google’s eye-catching twenty four hour “blackout” last Wednesday, protesting PIPA and SOPA sure got my attention.  How did it make you feel?

Watching sites like Wikipedia and Google go dark, reminded me of the media censorship I witnessed as a tourist in Asia a few years ago. Downright creepy.

Imagine not having online access to the information you need (assuming it is legal for you to own it). That’s the question we must face.

Do you and I have a right to freely acquire copyrighted content such as books, movies and music without paying?

Digital pirates think the status-quo is swell because the more we feast, the richer they get.

Law enforcement officials in New Zealand , in cooperation with the FBI, arrested the 38 year-old founder of one of the web’s largest file-sharing sites, also known as “file-sharing lockers” Megaupload on Wednesday.

The suspect, who had his name legally changed from Continue Reading…

How Egypt Pulled The Internet’s Plug

The Egyptian government has apparently accomplished what many technology experts said could not possibly happen.

Published reports indicate that the “plug” was pulled on Internet access in Egypt on the evening of January 27th, 2011  at about 6PM local time. According to fraud prevention, monitoring  and analytics company  iovation,  Egyptian use of the internet instantly and almost literally fell off a cliff.

As reported in  the blog of  noted security expert Robert Siciliano:

NPR reports “Egypt has apparently done what many technologists thought was unthinkable for any country with a major Internet economy: It unplugged itself entirely from the Internet to try and silence dissent. Experts say it’s unlikely that what’s happened in Egypt could happen in the United States because the U.S. has numerous Internet providers and ways of connecting to the Internet. Coordinating a simultaneous shutdown would be a massive undertaking.”

The Los Angeles Times confirmed that both Facebook and Twitter were affected by the outage, but that after a week of unrest, access to the Internet has been restored by the Egyptian government: Continue Reading…

Tis’ The Season For Ruthless Online Fraud

The most troubling aspect about the newest WikiLeaks breach is the grim realization that our nation’s most sensitive information can be so vulnerable, easily accessed and leaked to the world.

You can’t help but wonder, if the U.S. Defense Department can be hacked and attacked from the inside-out,  just how safe is the personal data belonging to the average U.S. citizen?

Here are 10 tips from the Better Business Bureau to help keep you safe online not just during the holidays, but all year long.

The BBB offers this advice:

1. Protect your computer – A computer should always have the most recent updates installed for spam filters, anti-virus and anti-spyware software and a secure firewall.

2. Shop on trustworthy websites – Shoppers should start with BBB to check on the seller’s reputation and record for customer satisfaction. Always look for the BBB seal and other widely-recognized “trustmarks” on retailer websites and click on the seals to confirm that they are valid.

3. Protect your personal information – BBB recommends taking the time to read the site’s privacy policy and understand what personal information is being requested and how it will be used. If there isn’t one posted, it should be taken as a red flag that personal information may be sold to others without permission.

4. Beware of deals that sound too good to be true – Offers on websites and in unsolicited e-mails can often sound too good to be true, especially extremely low prices on hard-to-get items. Consumers should always go with their instincts and not be afraid to pass up a “deal” that might cost them dearly in the end.

5. Beware of phishing – Legitimate businesses do not send e-mails claiming problems with an order or an account to lure the “buyer” into revealing financial information. If a consumer receives such an e-mail, BBB recommends picking up the phone and calling the contact number on the website where the purchase was made to confirm that there really is a problem with the transaction.  Continue Reading…

Cyber Battlefield In Our Own Backyard

With the war in Iraq winding down and the war in Afghanistan heating up, many of us are unaware of the cyber-war raging on our own home turf.  If this is old news to you, stay with me.

According to a Congressional committee, attacks on the Department of Defense computer systems jumped 60 percent in 2009.

Russia, China and North Korea have all launched sustained attacks on U.S. government agencies including the Federal Trade Commission and the Department of the Treasury.

Analysts believe that security standards like the ones created by the National Institute of Standards and Technology (NIST), should be implemented immediately. According to the experts, NIST could get us 90 percent closer to where we need to be.

In Congressional testimony earlier this year, former National Intelligence Director Mike McConnell said that we could be on the brink of an all-out cyberwar. McConnell’s view has been repudiated by the current Secretary of Defense Robert Gates.

If  Moore’s law is true,  (every 24 months a dollar buys twice the amount of computing power that it did before) our enemies may be able to buy, beg, borrow or hack twice as much of our data as  they can today for the same effort.

Computer scientist Daniel Geer Jr. aptly reveals what is at stake:

” We have spent centuries learning about securing the physical world, plus a few years learning about securing the digital world. What we know to be common to both is this: That which cannot be tolerated must be prevented.”

America’s most valued, electronically stored data is being targeted. Government agencies, private think tanks and university data warehouses are all vulnerable. The enemy operates from a distance with virtually no risk of personal danger.

What defense mechanisms can we construct to prevent our data from being stolen at the speed of light?

Cyberspies Working Overtime to Upset U.S. Power Grid

New threats to America’s power grid are surfacing daily. The folks at McAfee  spend most of their waking hours looking for ways to defend their clients from the never ending barrage of cyber-threats.

On the other hand, non- geeks simply want a worry-free, hacker-free Internet experience and we generally don’t care about the details of the international day to day battle of tech wits.

However, some tech experts on the front lines are alarmed these days. They have known about the foreign threat for years, but they have come to realize something that is both disturbing and revealing about our own willingness to fight back.

Elan Winkler over at McAfee surveyed 200 critical infrastructure IT professionals and discovered an eye opening attitude. These industry insiders blame cost and complacency for our predicament. Winkler states:

“So, if the people in the know, knew, how come we’re still vulnerable? I asked them that question as well. The number one answer: cost. Number two: complacency. No real surprises there; those are the same answers that we used to get from IT departments 15 years ago on why they didn’t have defense in depth technologies set up to protect servers and databases.”

The survey respondents also provided the following comments:

  • “There hasn’t been a real incident so no one takes it seriously.”
  • “Lack of knowledge and understanding.”
  • “Inability of decision makers to commit to security upgrades.”
  • “No one wants to pay for security.”
  • “False sense of security.”
  • “Security competes with other priorities for resources.”
  • “We, as Americans, believe we are invulnerable to this kind of attack.”

In neighborhoods across our great country,  most power outages are often simply a result of the forces of  Mother Nature. For example, a nasty December storm blew through our neighborhood just last night leaving about 700 homes in the dark, well into the night.

Imagine what could happen if our own complacency and budget constraints were to put the entire nation at risk.

Government’s job is to protect citizens from both foreign and domestic threats.  Our job is to support them in any way we can.

This pervasive, lazy attitude held by many inside the IT community, renders the term”computer geek” more laughable than it already is.

Looming Cyber-Threat Has Fed's Attention

Outgoing National Intelligence Director Michael McConnell reported last week that Cyber-threats are among his greatest concerns, second only to Iran’s continuing development of nuclear weapons.

MSNBC and the Associated Press reported:

“…Iran producing a nuclear weapon and a cyber attack on critical government or private computer networks top the list of concerns nagging at National Intelligence Director Michael McConnell as he prepares to leave office.”

There are many well intentioned observers who seem to think that cyber-crime in general is on the decline inside the United States. Although there is statistically no need for mass panic, it is foolish to assume that our computer infrastructure isn’t the greatest information target in the world. As a practical matter, I think we are all better off with “someone on the gate” to guard our repositories of personal, commercial,  educational, financial and military data.

The truth is that many potentially damaging breaches go undetected and are often intentionally unreported. Back in 2005, the Department of Homeland Security constructed a worst-case-scenario type cyber-attack and concluded that over 20 million credit cards might be affected over a period as short as just one week. The Department concluded that an event like this could undermine faith in the entire U.S. financial system.

We all pray that President Obama’s team remains watchful and vigilant on the cyber-front during these desperate times. The Obama Administration has already declared our nation’s cyber-infrastructure a “strategic asset” and has pledged to protect “America’s competitive advantage”.

Great start Mr. President.

Page 1 of 212»