At first, it just seemed to be a trickle of bad news. This company or another was the object of a cyberattack. Sometimes it was the hackers group with the ominous-sounding name, Anonymous, that was blamed. Then, Anonymous reportedly defaced the entire MIT website in revenge following the recent suicide of Aaron Swartz. It also hacked the Department of Justice Sentencing Commission website and threatened to launch "multiple warheads." This prompted me to do some digging. I found that hacking incidents seem to be much more pervasive—and serious—than I’d thought. The reports of cybersecurity breaches have grown more numerous in the last few years, and there have been a flood of security warnings recently.
Bob Violino, reporting in InfoWorld, cautioned that an “all-out cyber war on the U.S. has begun.” While some might claim that this is spreading FUD (fear, uncertainty, and doubt), he cites security pros and government officials who warn that the war is indeed raging on the internet.
You can think of it as a war on the digital homeland. If you work for a power company, bank, defense contractor, transportation provider, or other critical infrastructure type of operation, your organization might be in the direct line of fire. And everyone can become collateral damage. A cyberwar has been brewing for at least the past year, and although you might view this battle as governments going head to head in a shadow fight, security experts say the battleground is shifting from government entities to the private sector, to civilian targets that provide many essential services to U.S. citizens.
Violino reports the worrisome findings of Israel Martinez, a board member of the U.S. National Cyber Security Council, a nonprofit group composed of federal government and private sector executives. “The cyber war has been under way in the private sector for the past year … We’re finding espionage, advanced persistent threats (APTs), and other malware sitting in networks, often for more than a year before it’s ever detected … U.S. entities are being targeted on multiple fronts by China and Iran for espionage and intellectual property theft, by interests in Russia and Eastern Europe for syndicated crime such [as] stealing cash and identities, by social-agenda ‘hacktivist’ groups such as Anonymous, and by increasingly skilled individual criminal hackers.”
Targets Big and Small
Law firms are apparently among the companies being targeted by cybercriminals, according to a recent PricewaterhouseCoopers publication, “Safeguarding your firm from cyber attacks.” It noted that, “Organizations involved in cyber crime are well funded, extremely sophisticated, and relentless. And they grow more so every day.” The report urged law firms to make sure their “cyber defenses keep pace with ever-evolving threats.” Interestingly, rather than try to attack through a firms’ firewall, many hackers will reportedly go after employee workstations, email, and mobile devices to grab intelligence and data.
It’s not just big multinational firms that are targeted. Any business that stores data electronically is vulnerable. The PWC report cites both a fraud alert issued by the FBI in 2011 that warned that cybercriminals had begun to aggressively target small and midsize businesses, and a 2012 report in the Wall Street Journal that there had been a sharp increase in data breaches among companies with 100 or fewer employees. The Journal article told several sad tales of small business owners whose businesses had been hacked through their computerized cash registers and online bank accounts.
Hacking the Media
The latest highly publicized attacks have been against some major media properties. In one week in late January 2013, both The New York Times and the Wall Street Journal reported that their computers had been infiltrated by cyberhacks. An article on Feb. 1, 2013, in The Washington Post, reported that The Post had also been the victim of a sophisticated cyberattack “that resembled intrusions against other major American news organizations and that company officials suspect was the work of Chinese hackers.
For the past 4 months, Chinese hackers had persistently attacked The New York Times, infiltrating its computer systems and getting passwords for its reporters and other employees. According to The Times, it secretly tracked the intruders, erected better defenses, and has expelled the attackers from its systems. The paper noted that the timing of the attacks “coincided with the reporting for a Times investigation, published online on Oct. 25 , that found that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings.”
Reading through The Times description of the methods of attack, I was struck by the levels of deception that were used: cloaking the source by routing through university computers and ISPs, installing malware, and stealing corporate passwords for every employee. This is serious stuff. The article also noted that Bloomberg News had been targeted by Chinese hackers in 2012 after publishing a similar article about wealth accumulation. As several media commentators have recently noted, the question now is, who hasn’t China hacked?
The Wall Street Journal article noted that the paper had been “notified by the FBI of a potential breach in the middle of last year, when the FBI came across data that apparently had come from the computer network in the Journal’s Beijing bureau.” An investigation showed that a “number of computers were totally controlled by outside hackers, who had broad access across the Journal’s computer networks.”
Paula Keve, a spokeswoman for Journal publisher Dow Jones, said, “Evidence shows that infiltration efforts target the monitoring of the Journal’s coverage of China and are not an attempt to gain commercial advantage or to misappropriate customer information.” The Journal says it has now completed a network security overhaul.
But Wait, There’s More …
Just when I think I’m finished with this report, I stumble on yet another incident. A posting on the Twitter blog on Feb. 1, 2013 noted that an “extremely sophisticated” attack may have exposed user information—usernames, email addresses, session tokens and passwords—for approximately 250,000 users.
Finally, the Associated Press just reported that the “Obama administration is considering more assertive action against Beijing to combat a persistent cyber-espionage campaign it believes Chinese hackers are waging against U.S. companies and government agencies.”