Cyber Espionage threatens global security

NEW YORK, June 10, 2010/ Troy Media/- Teenage hackers cracking government and corporate networks for the sheer thrill of breaking into reputedly impenetrable firewalls once made compelling headlines.

Typically, the mischievous techie perpetrators were high-IQ technical wizards obsessed with and fascinated by the intricacies and mysteries of computer technology. Their lives revolved around understanding how computers worked. All their free time was spent building computers and creating their own code. In fact, many became so adept at crafting code capable of breaking into what many organizations boasted were impenetrable firewalls, it became a challenging game.

What a thrill it must have been for a young code jockey to hack through the myriad codes and passwords and penetrate firewalls of prestigious bastions of government like the US, Pentagon or household capitalistic empires like Microsoft or Google.

The fun ended when the hackers were caught and jailed. Today, most precocious young hackers have grown up. They’ve turned over a new leaf and mainstreamed their talents. They landed scholarships to some of the best technical colleges and universities in the US, and landed jobs at Fortune 500 technology companies like Microsoft, Intel, Sun Microsystems or Apple.

Considering the damage these technical wunderkinds were capable of, it’s a good thing most of the young cyber truants have turned their technical talents to good use. When they look back on their late-night forays into cyberspace searching for targets, they candidly admit that what they once considered fun could have led to limitless destruction.

Yet, not all hackers have mended their ways and taken the straight-and-narrow path. Many have become deft cyber criminals, specializing in identity theft or stealing millions from the coffers of global corporate empires. Others have taken a lethal path and have become psychopathic predators capable of wreaking death and destruction.

The hacker message

Even though many young hackers did untold damage by breaking into large organizations, often crashing major industrial websites for days and destroying valuable databases, there was an element of dark humor surrounding the events. There was little question that the wrongdoers must be jailed and fined, but the very fact that kids hardly out of puberty actually pulled the wool over the eyes of smart and sophisticated technologists was disturbing evidence of our vulnerability.

Sadly, it took a series of catastrophic events – 9/11 topping the list - to point up the critical importance of making cyber security a top-of-the-charts, critical issue that can no longer be considered a second-tier priority.

Cyber crime escalates

Online networks experienced their heaviest brute-force attacks to date this year, with more websites suffering sustained assaults. Virtually anyone, individual or institution, is vulnerable to cyber attack. Security breaches have been going on for the past two decades, says Scott Morrison, CTO and chief architect at Layer 7 Technologies , a security software company in Vancouver, BC. The frightening new twist is that they’ve escalated to the point where governments and organizations can no longer hide the news.

This year, more than 34 companies were victims of cyber attacks, says Morrison. All of them were high-tech and defense companies. Lockheed and Dow Chemical were two of the companies hit.

Cyber security spending investments kept under wraps

Josh Zachry, associate director of research operations at the Institute for Cyber Security at the University of Texas at San Antonio, says that it’s unknown how much the global powers - the US, China, Russia and India - spend on cyber warfare/spying. But it’s clearly in the billions, he says.

While large-company and government security breaches eventually make headlines, most organizations never report security breaches. It can be likened to broadcasting that your home was broken into. That’s an open invitation for other bad guys to try their luck, says Morrison.

Cyber attack statistics are sketchy, and grossly underestimate the extent of the problem. Nevertheless, they shouldn’t be taken lightly, adds Norman Rankis, a Bethlehem, Pa. -based cyber security expert. Rankis has worked closely with many US government agencies, such as the Department of Homeland Security, training cyber security operatives.

“Cybergedd0n” highly unlikely

The extent and breadth of cyber crime and espionage accelerated to the point where it’s so out of control that even the experts have little idea how pervasive it is. From closely monitoring the accelerating number of reported security breaches, Rankis estimates that cyber attacks have increased more than 40 per cent per year. That includes both the private and government sectors.

Rankis calls the precarious state of cyber security “Cybergeddon,” a scare term dating back to the late 1990s, which describes the destruction of online communications through technological warfare. The term is an obvious spinoff of “Armageddon.” Most experts consider cybergeddon highly remote and unlikely.

Extent of damage

According to statistics compiled by Rankis from government and private sources, the US has 20.6 million attempted attacks originating from computers within its border; China ranks second, with 7.7 million attempted attacks within its borders; followed by Brazil, South Korea, Poland, Japan, Russia, Taiwan, Germany and, lastly, Canada.

In the first six months of this year, the US Department of Defense has spent more than $100 million to repair damage caused by cyber attacks.

Recently, the Information Warfare Monitor (Citizen Lab, Munk School of Global Affairs, University of Toronto and the SecDev Group, Ottawa) and the Shadowserver Foundation released the report Shadows in the Cloud: An investigation into cyber espionage 2.0 .

The well-researched report tracked a sophisticated cyber espionage network that systematically targeted and compromised computer systems in India, the Offices of the Dalai Lama, the United Nations, and several other countries. More disturbing, the Toronto team recovered stolen sensitive and classified government, business and academic documents from the Offices of the Dalai Lama, Indian national security departments and Canadian visa applications, to name a few.

In Part 2 of this ongoing series, we will look at where the greatest cyber dangers lie, and what the security landscape looks like for the next five years.

NEW YORK, June 16, 2010/ Troy Media/- The frequency and intensity of cyber attacks have escalated to the point where no one is safe.

The culprit responsible for the marked increase in cyber crime is technology, which has become both a blessing and a curse. While it has streamlined our lives and increased productivity, it also has opened the information floodgates, making it easy for anyone to gather information on virtually anything, from building houses to building bombs capable of leveling entire towns.

Motives for spying haven’t changed in decades, says Josh Zachry, associate director of research operations at the Institute for Cyber Security at the University of Texas at San Antonio. “What has changed are the means by which people spy,” he says. “Cyber spying has accelerated due to increased network speeds and sophisticated chip processing capabilities. Cyber-terrorists have turned Internet technology into a weapon capable of unimaginable destruction. The result is that everyone is a target.”

Cyber warfare has created a new and far more destructive way of fighting, eliminating all geographic boundaries between opponents. Government experts are understandably reluctant to tell the public the unsettling truth: It doesn’t matter where you are on the planet – house next door, or in a tiny hamlet in the quiet and tranquil mountains of Tibet - once you’re in a cyber terrorist’s crosshairs, there is no escape.

The greatest cyber threats that governments and organizations face are not industrial espionage or penetration of government agency firewalls but “destruction of infrastructures – power, water, communications,” says Zachry. “Crippling critical infrastructure losses can lead to catastrophic consequences. If people do not have clean water, they will not survive.”

Potential horrific scenarios

“Imagine what happens if there is a massive communications breakdown – not a temporary power outage, where thousands of people temporarily lose electricity to power their homes and the infinite assortment of gadgets they’ve come to depend upon,” Zachry ponders. “The real danger is crippling strategically placed power grids in the US, Canada and, potentially, other points on the globe.”

Zachry isn’t describing a potential sci-fi film plot, but a real-life possibility. Once power grids are disabled, “airplanes and railroads won’t be able to communicate,” he explains. “Not only do they lose power, but their backup/emergency systems and fail-safe emergency computers crash as well. The result would be a surreal cataclysm, a cacophony of chaos, ramped-up death and destruction, all taking place in a moment of time. There wouldn’t even be time for anarchy or mass looting.”

There is an eerie, apocalyptic truth to all the blockbuster end-of-the-world sci-fi films produced during the past half-century. Sci-fi cult classics such as The Day the Earth Stood Still, The Day the Earth Caught Fire, On the Beach, When Worlds Collide, and The Day the Earth Caught Fire no longer seem that far-fetched.

The reality of massive cyber destruction

Most people rarely think about their total dependence on technology. Why should they? Connected 24/7, they’re safe and secure knowing that most of their needs are easily accessible, many within fingertip reach or – better yet – voice activated.

But pull the plug, cut off the power supply, and most people’s worlds will come to an abrupt halt. The end is not punctuated by a deafening crescendo, but by an unnerving silence and stillness. Rather than electronically generated bleeps and beeps, all that’s heard are the sounds of nature-wind rustling through trees, sounds of running water, crackling thunder, the early warnings of a storm on the horizon.

Fast-track technocrats suddenly find themselves in a situation they never dreamed could actually happen. The tight bodies, powerful arms and limbs and six-pack abs honed by high-tech exercise machines are useless in a disconnected, powerless world they have no idea how to function in.

Social Darwinism returns

It was sociologist Herbert Spencer who’s credited with taking Charles Darwin’s theory of evolution and developing the notion of survival of the fittest. One of Social Darwinism’s major tenets is that the strong survive and the weak perish.

Putting Spencer’s premises to the test, imagine what would happen if legions of 21st-century super-achievers were stripped of their connectivity gadgets and left to fend for themselves. After experiencing a massive connectivity breakdown followed by a torturous withdrawal, they’d have no choice but to relearn basic survival skills. If Zachry’s image of a massive crippling of power grids were to reach global proportions, it could be several months, even years, before power would be restored. Suddenly, survivalists would emerge from the forests, woodlands, wetlands, and jungles of the world and become multimillionaires, teaching human beings how to survive using their God-given talents.

Maybe Zachry’s futuristic image seems extreme, but who’s to say it couldn’t happen? Sept. 11 was horrific proof that terrorists are capable of death and destruction on a massive scale. Combine fanaticism with the sophisticated weapons of cyber warfare, and the results could be beyond human comprehension.

A scary view of the future

K. Scott Morrison, CTO and Chief Architect at Layer 7 Technologies ( in Vancouver picks up where Zachry left off, and draws the following chilling projection of the cyber-terrorism landscape in the next half-decade:

Cyber attacks will become more sophisticated.

Cyber attacks will become more sophisticated.

By 2015, there will be a disruptive act of cyber terrorism. Likely target: the power grid. “The quickest path back to feudalism is to turn off the power for an extended period of time,” says Morrison “From a security perspective, the power grid is where the phone system was in the 1970s and early ’80s. The phreaking culture of this period developed around exploitation of this infrastructure.”

A major diplomatic crisis will ensue within the next two years over state-sponsored cyber attacks. This will be against systems residing in a neutral third-party country.

An increase in the use of mercenary hackers-for-hire, for crime and terrorism.

A rise in patriotic hacking from China.

Enterprises will adopt very aggressive and – by today’s standards – draconian mail quarantine policies. Anything with an attachment or embedded links will be isolated from recipients until it can go through multiple passes of security scanning. Enterprises will put in place considerable new processes and authorization requirements that all users must pass through before they can access attachments.

Aggressive website blacklisting at the corporate edge will take place. This already is becoming commonplace in many organizations, but the practice will become much more widespread. ISPs will offer this as a default service to many subscribers.

Social engineering hacks will become very targeted and will be the new front pne.

The weakest link in the security model will be people. Organizations are dealing with this problem by rethinking how information is shared. Expect restrictions on e-mail and web browsing.

More corporations will demand signed mail and will begin segmenting services based on trust models. This will force mail signing to become mainstream, despite the logistics overhead.

The Internet will continue to segment into private darknets that facilitate everything from evading general corporate or governmental security restrictions to more nefarious acts such as terrorism, crime and sharing of copywritten material.

Membership in the Electronic Frontier Foundation will rise in response to a growing perception of loss of rights. The Net-neutrality debate will increase in importance as ISPs and carriers institute new measures intended to increase security.

Copyright © 2018. Owned and Operated by Co. All Rights Reserved

Back to top