Cyber attacks from individuals, organized crime, extremist groups, terrorists as well as nation states pose a significant threat to the national security of the United States. While many believe that this is a government issue, closer analysis of the problem suggests otherwise. Any computer that is not properly protected can be compromised and used as a weapon against the system owner, businesses and our economy, the nation’s infrastructure or in some rare cases our defenses. Personal, business and government systems are constantly under attack and the frequency and sophistication of the attacks is rapidly increasing.
The number of new computer systems threat skyrocketed nearly 570 percent from those identified in 2006. According to one 2007 computer security study, the average annual loss reported by U.S. companies increased by nearly 210 percent to $350,424 (per occurence) in 2007. The top three primary sources of loss were financial fraud, losses due to computer virus and system penetration by outsiders. About 20 percent of the companies reporting security incidents said they have fallen victim to targeted malware attacks. Nearly 1.2 million different pieces of malware have been identified and reside in the malware repository. Malware is software designed to infiltrate or damage a computer system without the owner’s informed consent. The term is a combination of the words malicious and software. The expression is a general term used by computer professionals to mean a variety of forms of hostile, destructive, intrusive, or annoying software. The bad news is malware is just one of the many threats to computers, systems and networks.
A reader of the blog asked me “Why with all the U.S. technological expertise are we so vulnerable to these threats?” That is a great question. Considering a recent report suggested that around 90 percent of breaches could have been prevented, why are our computer systems so at risk?
After giving this a fair amount of thought I came to the following realization. It is our attitude! For some reason there is an abundance of “I know more than they do” types in information security. If that is not bad enough, the second most prominent attitude is “It can’t happen here” followed closely by “I will address it when it happens to me.”
Example 1 — A $13 billion publically traded corporation has five full time staff assigned to information security. When I asked the Director how he spent his time he said by far most was in the Human Resources Department and with corporate lawyers.
Example 2 — A systems design and development organization that services part of our nation’s infrastructure was briefed on the issues and threats of cyber attack. Numerous examples were provided to that organization that showed their industry had already experienced cyber attacks. In addition, a high level overview of their operational procedures resulted in the identification of two critical vulnerabilities that exposed the systems to compromise. The organization addressed one of those issues and decided to take a wait and see approach to addressing the other.
Example 3 — A security consulting firm contacted me as an advisor. They were brought in to review security and recommend changes of a publically traded company. During their work they discovered the company had been breached. They had found a “bot” attached to an Oracle database. The “bot” collected information about the manufacturing cost of the company’s products. They approached the CIO with the facts and the Sarbanes-Oxley issues, he refused to communicate the issue to the senior executives and then cancelled their contract.
Well, we don’t know more than all the hackers do. This is a highly dynamic threat environment that even the top security professional say is “challenging.” The “it can’t happen here” attitude is insane. One veteran US Special Agent in cybercrime investigation publically stated how companies do their best to cover up corporate espionage and insider theft. He went on to say he had seen entire corporate networks of over 100,000 systems completely compromised and hundreds of thousands of files exfiltrated and not disclosed. The fact is, if all system breaches were reported the security metrics would be much worse that the ones reported earlier here. So it not only can happen here, it probably already did and got covered up.
maybe interesting for you !! i am a security admin for one of the IRANIAN biggest comapny (yes your old enemy !!! ha ha ha). one of our servers was under attack for 2 day , someone tried to extract info about company activity that is publicly accessible but not contain sensitive information.the attack was not DOS , that was some kind of unauthorized access.the interesting thinngs was attack was sourced from almost 30 counrty in different region.hard to find who is really behind the attack but we find the proper way to block the attack.i belive the most threat against iranian computer system come from US.pretending that you are at high risk more than the countries you named them adversaries is like a joke.while most high-tech especially computer related technology come from US , most threats come from US.for etc what china can do while Windows code owned by MS and the most important , sophisticated linux kernel security , SELinux come from NSA !!! (i always disable it when i build my own linux kernel.who read the source code of SELinux entirely ? ) . but as your all time reader i awlays love your website.i think being enemy in cyber world is more better than reall war.who know , maybe we , in near future become friends.thks
Places such as military.com,navyseals.com,myspace.com are
heavily hacked already…I’ve been dealing with it on my ids etc…It’s usually VOIP Virtual etc.
Ali! Re-read your post,it doesn’t have a core!
That picture is from the game Uplink. It’s a good game if anyone is interested.
Nice information thanks, quite surprise see the number increased doubled even triple every year
Ali
I think you took a great first step on the path to friendship.
As for your attack. Based on what you said in the post, it looks like a botnet was used in the assault on your servers. That is becomming more common now days. There are an estimated 150 million computers around the world that have been compromised and have bots implanted in them. Sourcing the attack has become nearly impossible given the use of botnets.
Who is to blame you ask WE ALL AHARE IN THIS ONE.
US technological expertise? Something like 60% of our engineers are foreign born — young Americans just want to smoke pot, skateboard, become marketing or psychology majors etc..
Whatever technological edge we still have is due to the fact that we were until recently (perhaps still are, but less so) a nice place to move too..
As Mongo mentioned, the photo is from the computer game Uplink. For anyone who wants a crash course in how rudimentary hacking works, try playing the game for just 30 minutes and you’ll have a solid idea.
I disagree. Playing the game Uplink for half an hour is *not* a crash course in how hacking works. One might learn a little about concealing one’s physical location by “bouncing” a signal from Moscow to Tokyo to Seoul before attacking a target in Dallas. Thus the techs in Dallas would look for suspects in Korea or Japan when they should be looking in Russia.
There is a standard CISSP course. Tell your boss to pay for it. Take it and pass. Then you will have a basic knowledge of hacking.