So far 2011 has been a record-breaking year for cyber attacks. Recently I’ve reported on data breaches at Sony, a company that seems to get hacked once or twice a week lately. Also I’ve reported on attacks against Lockheed Martin, a major U.S. defense contractor, and PBS. The group that claimed responsibility for hacking PBS says they attacked the broadcaster in retaliation for what they considered to be negative coverage of Wikileaks. The Lockheed attack has been traced back to a data breach at the RSA Security Division of the EMC Corporation which provides Lockheed with security tokens.
This week attacks originating in China targeted specific Google users including high-ranking US government officials, and Chinese dissidents. Many of the recent attacks utilize a technique called spear phishing that uses very convincing email messages to trick individuals into going to Web sites and entering passwords or other private data. Another popular attack is called “code injection” which utilizes a company’s Web form to “submit” computer code to the server to access the database. The hacker group that stole customer data from Sony claims that it was able to access data stored in the company’s database, including unencrypted user passwords, with a single command submitted through a Web form.
With each successful attack, increasing amounts of hackers are emboldened to launch more attacks. Criminal hackers either want to make a social statement, ruin a company’s reputation in vengeance, make off with private data to sell on the black market, or some combination of all three. Lately the Internet resembles the Wild, Wild West, with businesses and governments scrambling to find a brave and talented Sheriff. Last week at a global Internet security conference, participants proposed a global nonproliferation treaty to control the creation and use of cyber attacks between countries. A senior official in the White House recently stated that Cyber security is now a diplomatic priority for the United States. Washington is building relationships to “tackle information theft and reduce the risk of conflict.”
Will global cooperation really help protect our data and national infrastructure? How does one “police” the global Internet when attacks are easily camouflaged through a chain of remote computers located in multiple countries? And how can you tell the difference between a government-sponsored attack and one launched by private parties with national interests?
With all the hacking stories making headline news, and with our increasing dependence on the Internet and cloud computing, there is a sense that hackers of all kinds are beginning to go too far. Governments, businesses, and the public are beginning to understand exactly what is at stake when networks and databases are compromised. I predict that payback in terms of tough laws and law enforcement crackdowns are soon to follow, and many of the boasting hacking groups will soon feel the sting. If you are looking for a career with maximum job security, information and computer security is the way to go.
- Lockheed Attack Highlights Rise in Cyber Espionage [NewsFactor]
- Stolen Data Is Tracked to Hacking at Lockheed [NYTimes]
- Web Hackings Rattle Media Companies [NYTimes]
- Google Says Hackers in China Stole Gmail Passwords [NYTimes]
- China Calls Gmail Phishing Charges a ‘Fabrication’ [NewsFactor]
- Cyberattacks on Gmail, Hotmail, Yahoo Show Data Threat [NewsFactor]
- Washington weighs security after “serious” Google allegation [Reuters]
- Hacking of White House E-Mail Affected Diverse Departments [NYTimes]
- Web Summit Considers Cyber-Nonproliferation Pact [NewsFactor]
- Cybersecurity becoming U.S. diplomatic priority [Reuters]
- U.S. says worried by cyber-attacks; committed to Asia [Reuters]
- E-Mail Fraud Hides Behind Friendly Face [NYTimes]
- Hackers attack another Sony network and post data [Reuters]
- Hacked Again: User Data Stolen from Sony Pictures [NewsFactor]