Director of National Intelligence: cyber threat
Director of National Intelligence: misses WMD cyber threat
The following Op-Ed by Melissa Hathaway, Cyber Coordination Executive for the Office of the Director of National Intelligence, was published by the McClatchy-Tribune News Service on Wednesday, October 8, 2008:
Safeguarding our cyber borders
By Melissa Hathaway – Op-Ed – McClatchy-Tribune News Service
London shoppers who bought groceries with bankcards over the last two years paid a higher price than they bargained for.
Cyber thieves had implanted unauthorized circuitry in keypads sold to supermarkets in the Barking and Dagenham area of the British capital. The corrupted keypads were then used to capture account information and Personal Identification Numbers (PINs). The data were siphoned off and used to skim from or in some cases empty shoppers' bank accounts.
The thieves covered their tracks by encrypting the numbers they stole, then storing them on a computer server abroad. It took more than a year for the authorities to catch on.
Stories such as that aren't only sobering news for consumers. For folks charged with securing and protecting the nation's defense and intelligence infrastructure, however, increasingly sophisticated cyber assaults are a chilling -- and increasingly familiar -- challenge.
The same devices that thieves use to sneak into bank accounts, the same techniques that hackers use to disrupt Internet service or alter a digital profile, are being used by foreign military and spy services to besiege information systems that are vital to our nation's defense.
Because defense and other national security contractors share data and systems with their government partners, an attack on one can be an attack on many. Plans are only as secure as the weakest link in the information chain. These days, those links are being tested as never before.
The attackers' goals fall into three categories:
• Information theft. Stealing data from a target personal device, system or network is the most common threat. For example, a disgruntled Boeing employee was charged last year with lifting more than 320,000 sensitive company files by using a thumb drive to tap the corporate system. Boeing estimated that the stolen documents would have cost it between $5 billion and $15 billion in lost revenue had they been given to competitors.
• Information disruption. Hackers who sneak into government systems and alter crucial operating data are a growing concern. In 2006, a disgruntled Navy contractor inserted malicious code into five computers at the Navy's European Planning and Operations Command in Naples, Italy. Two computers were rendered inoperable when the program was executed. Had the other three computers been knocked offline, the network that tracks U.S. and NATO ships in the Mediterranean Sea and helps prevent military and commercial vessels from colliding would have been shut down.
• Information denial. Cases in which private or government computer systems are shut down by floods of automated hits are also on the rise. In April 2007, Russian nationalists used such a ''distributed denial of service'' attack to block access to the networks of the Estonian parliament, the president's office and many of that country's banks, news organizations and Internet service providers.
The ''What Ifs'' are an even greater concern. Could an adversary insert erroneous data that would cause weapons, early warning systems and other elements of national security to fail at critical times? What if financial or medical records were altered, or rail or air traffic control systems were corrupted? What if malicious code were secretly installed during the manufacture or shipping of computer equipment, to be activated at some future date? How would we even know what threats we face?
Safeguarding our cyber borders
By Melissa Hathaway – Op-Ed – McClatchy-Tribune News Service
London shoppers who bought groceries with bankcards over the last two years paid a higher price than they bargained for.
Cyber thieves had implanted unauthorized circuitry in keypads sold to supermarkets in the Barking and Dagenham area of the British capital. The corrupted keypads were then used to capture account information and Personal Identification Numbers (PINs). The data were siphoned off and used to skim from or in some cases empty shoppers' bank accounts.
The thieves covered their tracks by encrypting the numbers they stole, then storing them on a computer server abroad. It took more than a year for the authorities to catch on.
Stories such as that aren't only sobering news for consumers. For folks charged with securing and protecting the nation's defense and intelligence infrastructure, however, increasingly sophisticated cyber assaults are a chilling -- and increasingly familiar -- challenge.
The same devices that thieves use to sneak into bank accounts, the same techniques that hackers use to disrupt Internet service or alter a digital profile, are being used by foreign military and spy services to besiege information systems that are vital to our nation's defense.
Because defense and other national security contractors share data and systems with their government partners, an attack on one can be an attack on many. Plans are only as secure as the weakest link in the information chain. These days, those links are being tested as never before.
The attackers' goals fall into three categories:
• Information theft. Stealing data from a target personal device, system or network is the most common threat. For example, a disgruntled Boeing employee was charged last year with lifting more than 320,000 sensitive company files by using a thumb drive to tap the corporate system. Boeing estimated that the stolen documents would have cost it between $5 billion and $15 billion in lost revenue had they been given to competitors.
• Information disruption. Hackers who sneak into government systems and alter crucial operating data are a growing concern. In 2006, a disgruntled Navy contractor inserted malicious code into five computers at the Navy's European Planning and Operations Command in Naples, Italy. Two computers were rendered inoperable when the program was executed. Had the other three computers been knocked offline, the network that tracks U.S. and NATO ships in the Mediterranean Sea and helps prevent military and commercial vessels from colliding would have been shut down.
• Information denial. Cases in which private or government computer systems are shut down by floods of automated hits are also on the rise. In April 2007, Russian nationalists used such a ''distributed denial of service'' attack to block access to the networks of the Estonian parliament, the president's office and many of that country's banks, news organizations and Internet service providers.
The ''What Ifs'' are an even greater concern. Could an adversary insert erroneous data that would cause weapons, early warning systems and other elements of national security to fail at critical times? What if financial or medical records were altered, or rail or air traffic control systems were corrupted? What if malicious code were secretly installed during the manufacture or shipping of computer equipment, to be activated at some future date? How would we even know what threats we face?
More: Download
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Cyber WMD
By Gerald: Internet Anthropologist Think Tank
Oct. 14,08
The Director of National Intelligence office misses the biggest threat, a cyber WMD.
They are ignoring the best and cutting edge technologys, technologys that are being used by the Russian Business Net,and the Chinese civilian hacker forces.
First the WMD.
An attack that takes out ALL Internet nodes, the RBN has the technology and the Chinese have the hackers and bots,add to that a few crucial Internet cable cuts in the high seas, and you have a net, the WWW DOWN.
And the worlds finanical systems knocked to the levels of 1940's, no Internet, no cell phones, no ATMs.
And if you can bring the WWW backup all the bots are still on line and running to take it back down. The technology is available to take out bot attacks world wide, if USA prepares ahead of time and is willing to think not only outside the box but outside the room.
The Military needs its own WWW NOT connected to the civilian WWW.
But who would do this kind of suicide attack, someone who understands and uses suicide attacks, terrorists.
Or a nation that believes the in coming of the 13th Imman, driven by the apoplectic vision of world destruction and the final Imman, Iran.
Once again a military force is preparing
to fight the last cyber war, not readying for the New WMD
Cyber paradigm.
to fight the last cyber war, not readying for the New WMD
Cyber paradigm.
Gerald
Tactical Internet Systems analyst
.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=042c377c-7e29-4472-9906-ea6d2a3c2b02)
Labels: CYBER, Denial-of-service attack, Director of National Intelligence, Director. of. National Intelligence, threat
posted by gerald at
10/14/2008 02:43:00 PM
0 Comments
READ MORE
READ OR SUBSCRIBE, Our WAR OSINT on Twitter
Tweet
