by RS Bailey
There is a war raging in cyberspace. Attacks and counterattacks are being waged against governments and corporations. Attacks are being waged against the internet itself. Itâ€™s hard to figure out who are good guys and bad guys, or if itâ€™s just an old fashioned free-for-all. The U.S. Military claims it is under attack from China, North Korea, and Russia. China claims it is under attack from the U.S., Japan, and Russia. It is now common knowledge that Iran was attacked by either the U.S. or Israel, who planted a worm dubbed Stuxnet that shut down their nuclear enrichment centrifuges.
Northrup-Grumann alleges China is funding research for cyber attacks against the U.S. Military and its contractors, particularly in the area of telecommunications. TrendMicro, a Japanese security firm claims that Gu Kaiyuan, an employee at Chinaâ€™s Tancent, a leading internet portal company, is linked to a breach of computers belonging to companies in Japan, India, and Tibet. They point out that he is receiving research financing from the Chinese government.
China claims that 8.9 million computers were attacked in China from 47,000 foreign IP addresses last year resulting in server destruction, website distortion, and data theft. The attacks are supposed to have originated in the U.S., Japan, and South Korea. The Pentagon is dealing with an increasing number of cyber attacks and now considers that computer sabotage can constitute an â€śact of warâ€ť and could be reason for traditional military response. A military commander is quoted as saying, â€śIf you shut down our power grid, maybe we will put a missile down one of your smokestacks.”
The Head of the Nuclear Security Administration has said that U.S. nuclear weapons are under constant cyber attack, facing up to 10 million attempts daily. They are asking for budget increases from $126 in 2012 to $155 million in 2013, in order to increase security. They point out that the Oak Ridge National Laboratory was successfully attacked and that several megabytes of data were stolen.
In February the Canadian Treasury Board, Dept. of Finance, and Dept. of National Defense were attacked by the Chinese. Al Qaidaâ€™s internet message forums have been shut down, possibly to prevent circulation of video footage of the recent attacks in France. Everybody is getting in on the action.
The U.S. Dept of Homeland Security and the National Security Administration launched an automated process in 2004, called EINSTEIN to deal with the problem. It works on three levels. EINSTEIN 1 monitors flow records including the IP addresses of connecting computers to detect and mitigate malicious activity that threatens federal networks. EINSTEIN 2 collects the information and scans the content of the communications. EINSTEIN 3 is designed to detect threats and to block and respond to them before any harm is done.
In recent testimony before Congress the head of U.S. Cyber Command, Gen. Keith Alexander confirmed that China was behind last yearâ€™s attack on RSA, a respected internet security company, which resulted in the theft of â€śunderlying software.â€ť He claims that if China “can do it against RSA that means almost all companies are vulnerable.” In written testimony Alexander declared that attackers were shifting attacks from â€śbotnetsâ€ť to targeting security companies as well as smartphones and â€śphishingâ€ť emails.
Former presidential candidate Sen. John McCain, a ranking member of the committee expressed concern that the lead in the defense effort was being headed by the Dept. of Homeland Security. Gen. Alexander clarified that the Pentagon will be shifting Cyber Commandâ€™s 13,000 troops from it primary focus on defense to building â€śimpressive and effective offensive capabilities.â€ť He added, under questioning by Sen. McCain, that threats from cyber attacks are the greatest threats faced by the U.S. Military and that the probability of an attack grows every day.
The military also warns that the â€śadversaryâ€™ is probably already in our systems much in the same manner that Stuxnet infiltrated the Iranian system. Agents of infection have been flash drives; I remember finding a virus on a cheap flash drive I purchased online last year. They can be in email attachments or hiding on internet cafĂ© computers. They arenâ€™t designed to harm personal networks or files but to wait until one of them roams around from system to system and finds a computer of interest. They can hide for years before finding something to activate them.
There are those that liken this to the beginning of World War III. In many ways it is a recalling of ancient battle tactics when the size of your army was the determining factor. How many simultaneous cyber attacks can a system withstand before it falls? Ultimately it could come down to the number of hackers working on each side. It reminds me of a statistic published in 2007. â€śThere are more honor students in China that the entire number of students in the U.S.â€ť
So do your part for the national defense. Keep your virus definitions up to date. Use the â€śtoolsâ€ť application on your internet access providerâ€™s tool bar to delete cookies and temporary internet files.
In short, keep your cyber ware clean, keep your virus definitions up to date, and keep your powder dry.