Cyber Attacks on the Rise

So far 2011 has been a record-breaking year for cyber attacks. Recently I’ve reported on data breaches at Sony, a company that seems to get hacked once or twice a week lately. Also I’ve reported on attacks against Lockheed Martin, a major U.S. defense contractor, and PBS. The group that claimed responsibility for hacking PBS says they attacked the broadcaster in retaliation for what they considered to be negative coverage of Wikileaks. The Lockheed attack has been traced back to a data breach at the RSA Security Division of the EMC Corporation which provides Lockheed with security tokens.

This week attacks originating in China targeted specific Google users including high-ranking US government officials, and Chinese dissidents. Many of the recent attacks utilize a technique called spear phishing that uses very convincing email messages to trick individuals into going to Web sites and entering passwords or other private data. Another popular attack is called “code injection” which utilizes a company’s Web form to “submit” computer code to the server to access the database. The hacker group that stole customer data from Sony claims that it was able to access data stored in the company’s database, including unencrypted user passwords, with a single command submitted through a Web form.

With each successful attack, increasing amounts of hackers are emboldened to launch more attacks. Criminal hackers either want to make a social statement, ruin a company’s reputation in vengeance, make off with private data to sell on the black market, or some combination of all three. Lately the Internet resembles the Wild, Wild West, with businesses and governments scrambling to find a brave and talented Sheriff. Last week at a global Internet security conference, participants proposed a global nonproliferation treaty to control the creation and use of cyber attacks between countries. A senior official in the White House recently stated that Cyber security is now a diplomatic priority for the United States. Washington is building relationships to “tackle information theft and reduce the risk of conflict.”

Will global cooperation really help protect our data and national infrastructure? How does one “police” the global Internet when attacks are easily camouflaged through a chain of remote computers located in multiple countries? And how can you tell the difference between a government-sponsored attack and one launched by private parties with national interests?

With all the hacking stories making headline news, and with our increasing dependence on the Internet and cloud computing, there is a sense that hackers of all kinds are beginning to go too far. Governments, businesses, and the public are beginning to understand exactly what is at stake when networks and databases are compromised. I predict that payback in terms of tough laws and law enforcement crackdowns are soon to follow, and many of the boasting hacking groups will soon feel the sting. If you are looking for a career with maximum job security, information and computer security is the way to go.

Leave a Reply

Your email address will not be published. Required fields are marked *