TECHNOLOGY TODAY: Cybercriminals Wage War on the Internet
We are under cyberattack. That’s a strong statement, but it’s not meant to be alarmist.
Cyberwarfare, referred to as iWar by NATO, is as frightening as it’s underreported. Some light was shed on this shadowy realm recently with Google’s announcement last January that the security of some of its Gmail accounts in China, Europe, and the U.S. had been breached by a cyberattack from China.
Similar things have happened before. Last year China and North Korea were implicated in attacks against websites in South Korea and the U.S. And it’s not just us. Before the Russia–Georgia War last August, Georgian government websites were cyberattacked by sources in Russia.
Cybersecurity expert Joseph Menn, in book Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet, makes the case that governments in some cases, not just rogue computer hackers, are behind the cyberattacks.
It didn’t start this way. Computer hacking began in the 1960s as a way for young computer nerds to gain bragging rights among their peers by breaking into the computer systems of large companies and government agencies. No harm was intended, even though in some cases it wound up costing millions to repair the damage caused inadvertently.
In the 1990s computer hacking evolved into a criminal money-making activity as hackers figured out ways to profit from their expertise. Some hackers began teaming up with organized crime. Others went legit, landing jobs in companies and government agencies to help secure their computer assets from other hackers.
The most common types of computer crime initiated by hackers include extortion, identity theft and spam. One common tactic is the use of bots, also called zombies. Hackers gain control of thousands of others’ computers through the Internet and plant software on them that does the dirty work behind the scenes, without individual users’ knowledge.
With extortion, the software directs the thousands of zombie computers to simultaneously connect to the computer servers of the victim, thus overloading them and shutting down the website. Victims of these denial-of-service attacks are typically businesses with a vital online presence that lose money when they’re not online. If they pay the hacker, the attack stops.
With identity theft and spam, the thousands of computers controlled by the hacker’s software send out unsolicited email to millions of others to try to trick them into revealing their credit card, banking or other financial information or into buying sham medical remedies and other bogus products.
Cybercriminals, according to Menn, seem to be disproportionately from Russia and Eastern Europe, though they operate out of the Far East and elsewhere as well, including the U.S.
At some point some governments realized the benefit of working with hackers to further their own agenda. Indications are, according to Menn, that the Russian government has used Russian hackers to cyberattack government and media Web sites in Georgia and Estonia, mainstream Russian media websites that disseminate information the Russian government doesn’t like, and Russian dissidents such as Garry Kasparov.
Menn also believes that the recent Google attacks are connected to the Chinese government, with it trying to stifle Chinese dissidents from communicating with one another and to prevent Chinese citizens from accessing information the Chinese government doesn’t want it to access.
More harmful to U.S. interests, the Chinese government, according to Menn, is supporting a massive effort by hackers to steal proprietary commercial information from American companies as well as U.S. military secrets as a way of catching up to the U.S. in these areas.
Unlike with Sept. 11 attacks, there has been no massive act of destruction, so all this has largely flown under the radar. Further, evidence linking governments to these cyberattacks has been largely circumstantial. But ultimately, a catastrophic consequence from a cyberattack is possible, perhaps initiated by terrorists, such as taking down the U.S. electrical grid.
Each of us can help thwart the bad guys by taking the appropriate computer security precautions, frequently written about but worth repeating.
Buy legitimate software rather than cheap pirated programs and operating systems, which are difficult or impossible to patch with needed security updates. Update key software such as your Web browser whenever a new security patch or version comes out.
Use third-party security software that helps ward off hackers, viruses, spyware, and other bad stuff. Even if you need to pay for it, security suites from companies such as McAfee (www.mcafee.com) and Symantec (www.symantec.com) can provide valuable protection that helps all of us.