Are we really under cyber attack?
Many of us can discuss the latest sports news with vigor, debate the crazy lifestyles of our favorite celebrities, and argue the fine points of politics and public policy, but we are often blissfully ignorant about how our dependence on the Internet has made us vulnerable to attacks that can close our banks, disrupt our communications, shut down our utilities, and otherwise destroy much of what makes our life possible in the 21st century.
Buried in the news headlines over recent days are stories about how such icons as The Wall Street Journal, New York Times, Washington Post and Twitter have been successfully attacked by hackers. In the recent Wall Street Journal hack attack, according to AFP reporter Rob Lever, “The Wall Street Journal has become the second major US media organization to accuse Chinese hackers of targeting its computers in an apparent effort to spy on journalists covering China. The announcement on Thursday came a day after The New York Times said hackers, possibly connected to China’s military, had infiltrated its computers in response to its expose of the vast wealth amassed by a top leader’s family. The Journal reported that the attacks were “for the apparent purpose of monitoring the newspaper’s China coverage” and suggested that Chinese spying on U.S. media has become a “widespread phenomenon.”
Also on Febr. 1, Washington Post reporters Craig Timberg and Ellen Nakashima wrote, “A sophisticated cyber attack targeted The Washington Post in an operation that resembled intrusions against other major American news organizations and that company officials suspect was the work of Chinese hackers, people familiar with the incident said. Post company officials confirmed the broad outlines of the infiltration, which was discovered in 2011 and first reported by an independent cyber security blog on Friday. But they did not elaborate on the circumstances, the duration of the intrusion or its apparent origin.”
Twitter, a major social media network with over 200 million current users, was also the victim of a cyber attack, according to a Feb. 2 Associated Press story by Terry Collins and Anne D’Innocenzio. In this report, they wrote, “Twitter said in a blog post on Friday (Feb. 1) it detected attempts to gain access to its user data earlier in the week. It shut down one attack moments after it was detected. But Twitter discovered that the attackers may have stolen user names, e-mail addresses and encrypted passwords belonging to 250,000 users they describe as a very small percentage of users. The company reset the pilfered passwords and sent e-mails advising the affected users.”
In the days and few weeks prior to the high profile newspaper and Twitter attacks, there were countless attacks on major banks, financial institutions, power companies and other components of our critical infrastructure. In the recent “Gozi Trojan” case, a small group of eastern European cyber thieves infected over a million computers with the Gozi Trojan Virus. This virus started stealing online banking information in 2007 and remained almost undetectable by most security utilities until 2012, which resulted in millions of dollars in banking losses over a five year period, making it, according to a New York U.S. Attorney, “... one of the most financially destructive computer viruses in history. These cyber criminals employed countless “money mules,” mostly innocent and out-of-work individuals, who were recruited through work-at-home job scams. These money mules helped the cyber thieves launder stolen funds.
In addition to the more traditional cyber crooks, as in the New York Times and Washington Post cases above, cyber espionage is widely used to gather intelligence for political, industrial, and military purposes. In terms of political espionage, the recent attacks on the major newspapers might have been used to intimidate Chinese nationals who want to talk to western media outlets. Mark Clayton, in a Christian Science Monitor article Feb. 1, said, “How large is China’s campaign to control, intimidate? China’s apparent motives in infiltrating major news organizations, experts say, are to anticipate and respond to negative coverage of the country, and, perhaps no less importantly, to deter Chinese citizens from speaking openly with Western news organizations.” In terms of industrial espionage, Richard Clarke, the former cyber security and cyber terrorism advisor for the White House, said in a March 2012 interview in Smithsonian Magazine, that, “China has hacked every major U.S. company.” According to Clarke, every major company in the U.S. is regularly infiltrated by Chinese hackers employed by the Chinese government to steal research and development data, plans and information. According to Clarke, “My greatest fear is that, rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts. Where we lose our competitiveness by having all of our research and development stolen by the Chinese.”
Sadly, this cyber industrial espionage also has strong military and national security implications. According to a story in the Wall Street Journal, “Computer Spies Breach Fighter-Jet Project,” U.S. officials have known at least since 2009 that Chinese cyber spies have “ ... broken into the Pentagon’s $300 billion Joint Strike Fighter project — the Defense Department’s costliest weapons program ever. ... Similar incidents have also breached the Air Force’s air-traffic-control system in recent months, these people say. In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft.” The result of this cyber espionage on our national secrets can be seen in the newly released Chinese and Russian fighter aircraft that were explicitly designed to defeat our latest generations of fighter aircraft. According to an article in Bloomberg, “China’s new stealth fighter likely was designed ‘to counter’ the U.S. F-22 and F-35 jets, according to U.S. Navy intelligence analysts.”
In the same Wall Street Journal story about the Chinese cyber spies stealing fighter aircraft designs is a chilling statement: “The latest intrusions provide new evidence that a battle is heating up between the U.S. and potential adversaries over the data networks that tie the world together. The revelations follow a recent Wall Street Journal report that computers used to control the U.S. electrical-distribution system, as well as other infrastructure, have also been infiltrated by spies abroad.” Other, more recent reports indicate that China is greatly enhancing its cyber attack abilities to launch a devastating cyber attack on an adversary (the United States?) by shutting down its infrastructure using technical “cyber” methods rather than more traditional and violent methods.
Be careful to listen to snippets in the national and global news about such things as cyber attacks on Iranian nuclear facilities, such as happened in the recent past when the Stuxnet computer worm wrecked Siemens centrifuges. Clarke has written about attacks on the electric power grid, trains and the stock exchanges; listen in the news for more stories about this continuing attack. Almost daily, there are news stories about “denial of service” attacks that can effectively shut down the Internet servers used by banks, credit card payment gateways, and the name servers that direct Internet traffic. In an April 2009 story, “Electricity Grid in U.S. Penetrated By Spies,” the Wall Street Journal reported that China and Russia had infiltrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national security officials. Think about this the next time you hear about a major blackout for reasons other than a weather event such as a hurricane.
With the small sample of information and sources referenced above, and greater awareness of the need to listen to contemporary news stories about cyber attacks and other cyber threats, it should be evident that we are indeed now engaged in a cyber war and have been for several years. Do we really have anything to worry about? Sleep well tonight.
For anyone who would like to discuss this content or obtain more information, I will be presenting this information to the February meeting of the Golden Triangle PC Club on Sunday, Feb. 17, at 2:30 p.m. in the Community Room on the second floor of Howell Furniture, 6095 Folsom Road (just west of Dowlen Road) in Beaumont. The event is free and open to the public.