Hacks And Cyber Attacks

TODAY IS WEDNESDAY, MAY 16, 2012

Wednesday, June 1, 2011 at 10:00 AM EDT

Hacks And Cyber Attacks

The Pentagon says cyber attacks can be an act of war, in the wake of a big attack on Lockheed Martin and a host of hacks. What’s up with cyber security?

In this 2002 file photo, Norwich University senior Jason Glanowsky watches a computer attack on his fellow students at the Norwich University computer security training program in Northfield, Vt. (AP)

It’s “duck and cover” time online.

The Pentagon has concluded that cyber attacks can constitute an act of war. Shut down our power grid, says a U.S. military official, and we may put a missile down your smokestack.

The new strategic calculus comes in a flurry of new cyber attacks, great and small. Sony’s global PlayStation Network — hit and robbed. 77 million accounts exposed. Super high-tech weapons-maker Lockheed Martin, attacked and penetrated online. PBS hit. Fox hit. Probes and worms and spies all over.

This hour On Point: cyber-security, cyber-war.

- Tom Ashbrook

Guests:

Scott Borg, director and chief economist at the U.S. Cyber Consequences Unit.

Alan Paller, research director for the SANS Institute for Computer Security Training.

http://richardsnotes.org Richard

I agree with the idea that a cyber attack is an act of war. People who do these things are terrorists and should be prosecuted as such, both in and outside the US.

However, the US Government needs to get it’s house in order (pun intended), the latest Jane Mayer piece in The New Yorker on the NSA paints a picture of a terribly antiquated agency with computer systems that are terribly outdated and vulnerable.

Pancake

We have contracted Asteroids….send Preparation H.

The whole point of spying and snooping is that it is not war, not subject to other forms of retaliation and disclosure. War over cyberspace is like busting a cap in your brother for flatulence in the shared back seat. The truth is that Bradley manning deserves his own daily hour on Fox.

Cory

This is only slightly on point, I know. But…

I was sitting at work, lamenting the yearly “protection” money I have to ship off to Norton or some other anti-virus operation. I asked aloud who the hell are these people who create these viruses? What motivation is there to do something so unproductive that hurts so many people? A co-worker responded matter-of factly, “That’s easy. They are on the payroll of all these protection rackets. Who else has a greater motivation?” It was such a clever thought that I was left speechless.

http://richardsnotes.org Richard

Two things:

1. there have been investigations since the early ’70s of virus protection companies like Norton planting viruses. No one has ever proved a connection and I doubt there is one.

2. Get a Mac, we don’t get many infections on Mac or I OS, at least not like other OS’ do.

I’ve never run virus protection software on a Mac since 1984 and I’ve never been infected with anything, including the latest malware exploit. No doubt this comment will bring out the anti-Apple zealots but in fact, the point you bring up about viruses Cory is meaningful in that debate.

Cory

I must say that I have no proof at all, but if you use the old axiom about following the money… I was also embarassed that it had never occurred to me.
GJon

Not good advice. Mac/iOS is built on a Linux distribution, though secure is not free from attack/hacks. A great example would be iOS & Cydia — every time a new iOS version is released by Apple, 2 weeks later a hack is distributed for people to unlock their phone. OSX and iOS are just as easily ‘hackable’ than any other operating system of network infrastructure.

The reason you don’t run into ‘infection’ on OSX as you do with Windows, is simple. There simply isn’t a large enough market for exploiters to try.

http://richardsnotes.org Richard

Explain why there isn’t any infection rate in iOS which has the biggest market share of all portable devices. The market share argument is a red herring, but hey, time will tell…

Anonymous

Why would any company that wants to be successful want to do something so dumb. Creating viruses to sell software might work for a year or two but you would be found out and that would be it. You and your company would be toast and most likely in jail. Not the best business model. It’s Microsoft and the bad code they write, that’s it period. They put out browsers that always have security holes in them and then they issue patches. It’s about market share, not security.

Pancake

No Professor, if you get “found out” you change your name and corporate logo, all for about $1500, a deductible cost of “doin’ bidness.” You can keep the same servers by selling them to your accomplice for a dollar. And then there is the back door, “Evil contractor or rogue employee did it, had no knowledge, we are the victim.”

Kyweathergal_jen

Yep. Now you got that right. Ever since I got introduced to computers there was this niggling suspicion about why is there viruses, etc. out there that attack our computers, why do we “have to” purchase protection with anti-virus ware only to end up getting attacked by viruses, etc anyway and then having to get our machines fixed or worse buy a new computer and software, which then goes the same route, lasts for a little while and then comes the virus attacks, etc. again. Round and round she goes and where she stops nobody knows. Very interesting. Cyber attacks came with the advent of computers and internet. Some of it is outside work, some inside work. Ever wonder what is needed to bring our country to it’s knees? What better way to destroy our nation than to initiate attacks in our most vulnerable places. But who is doing this? Is it really people from outside our country? Or from within? Both I would say. What is worse is the seeming blind way we are led to slaughter so to speak. Placated by our alleged security. What security? Our country is being and has been already hacked into. Been going on for some time. What is happening now is that the ones doing it are putting more force into these hacks in sneak attacks hitting us where it hurts and catching us off-guard and with our pants down.

Yeah I am afraid they could disable our utilities, hack into our banks, medical. government and all sorts of things and effectively shut us down. What good will bombs etc do against that? Heck they might even be able to control those too actually. It’s a pretty scarey thought. Horrors! I think we need to re-evaluate just how secure our country is. I hope it isn’t too late to fight back and keep our country from falling victim to a terrible fate.

Anonymous

Maybe if corporate america had not drunk the PC cool-aid back in the late 80’s and 90’s and run full speed into the arms of Bill Gates, the security of our PC’s, servers and communications infrastructure would be built on a solid foundation rather than the mix of bubblegum, BandaidS and naïveté that filled the hearts and minds of the kids in Redmond and the consumers who gobbled up their marketing. I say this as a computer scientist who has fought the good fight for 30 years against the sub-standards defined and redefined ad nauseam by that undisciplined mob.
�
Now we have bots in our servers, PCs, phones, storage, network devices… they are everywhere. We have screen door security because our society wanted to believe that cheep computing came without a big price! Nothing ever changes: you get what you pay for. Caveat Emptor.
Dave in CT

One and done on mortgage fraud/collusion?

When the government is questioning the government investigations of the Government/Wall St. crony power structure, you know we are deep in the State Capitalism B.S.

“How Mr. Tourre alone came to be the face of mortgage-securities fraud has raised questions among former prosecutors and Congressional officials about how aggressive and thorough the government’s investigations have been into Wall Street’s role in the mortgage crisis.”

http://www.nytimes.com/2011/06/01/business/01prosecute.html

Anonymous

One reason might be the personal attacks that ANY appointee must face before (and IF) the appointment is confirmed by the senate. Those that do not seem to get these attacks are usually hacks, such as ex-Rep. Christopher Cox (R-CA) whom Bush appointed head of the SEC after Donaldson left because Congressional Republicans were opposing his efforts to look into Wall Street misdeeds.

Right now, Obama’s administration has more open posts than ANY administration in history at this point in his term due to the Republican “WAR” on any show of competence from his administration. This goes from the latest filibuster of a judge appointment (Jack Lew), something that Republicans PROMISED they would NEVER do, to appointees to the FED and other departments. You have to really love the country to want to walk that Kangaroo Line.

The Democrats have opposed the appointments of real ideologues (see Bork), but the Republicans oppose competence.

Dave in CT

Well said. I just wish Obama would use his oratory skill and bully pulpit stage to defend the people/ideas/utility of the appointees, if he is indeed sincere in fighting cronyism.

What American doesn’t want to fight cronyism, corruption, collusion? It seems our “leaders” just never take up that obvious and straightforward case, which is consistent with an elite level of government and corporate collusion, where there is not a level “rule of law”, but rather the ultimate good ol’ boy club where rules are made up and selectively enforced, under the premise that since we have the right “one” (Obama) or party, that we need to trust that they use this unaccountable, un-earned, likely unconstitutional “discretion” “for our own good”.

State Capitalism, Corporate Statism whatever.

Dan

The director of the U.S. Cyber Consequences Unit is named Borg?

Resistance is futile.

-dan
Boston, MA

Pancake

Locutis is Obama. I’m voting Drew Carey and Wayne Brady in 2012.

Bill

So we’ll spend billions in tax payer dollars to defend corporations – up to and including attacking other nations – only to hear on April 15 that these same corporations aren’t going to owe a cent in taxes? No, thanks.
ulTRAX

The future is the past? The internet was originally invented to deal with the vulnerability of the Pentagon’s secure landline (and microwave) communication system. Now that we realize the internet has it’s own vulnerabilities, perhaps it’s time to reinvent the past. If the internet is not secure because it’s connected to the world, perhaps we need to go back to secure landline networks for our defense, electrical, and other core industries.

ulTRAX

Thom, PLEASE ask your guests the obvious question… WHY does so so much of our business and defense infrastructre have to be connected to the internet??? Why isn’t there a PHYSICAL division between internal hardwired networks and the internet?

Philip

If a cyber attack is an act of war, wouldn’t we need approval from congress before we engage in one? By this logic, someone (the US, Isreal) committed an act of war against Iran with Stuxnet. We can’t call it an act of war when it is against us but not when we are performing the actions against others. It seems the Pentagon is just opening a can of worms.
Anonymous

Act of war? When are we going to stop this nonsense? We can’t afford to attack every country. We are going broke with the two wars already.
It’s a police action issues, period. As fighting terrorism should be.

http://profiles.yahoo.com/u/3ETFGMQ3B7VD4AAMILBBEVMCWE JasonA

3 wars…

Alan

Is cyber security an oxymoron? Do we have a monoculture in the cyberworld which cyberlocusts will consistently devour?
Freeman

Good Morning Tom;
Maybe someone should go back and REREAD the “Unibomber Manifesto”. Rather plan and simple as to where ALL these supposed “intellectuals” are taking America. Pray for America;there doesn’t seem to be much else left.
Anonymous

Do people remember the last big blackout in 2003. Almost the entire North East was without electricity as well as Ottawa. This was because the grid is antiquated and in dire need of an upgrade. This is just one of many things that we have been asleep at the wheel with.
Scott B, Jamestown NY (WBFO)

Much of it is coming out of China from ultra-nationalist students, and given a wink and a nudge, if not outright support, from the Chinese government and military.

These students make no bones about hiding it, they brag about it on social media.

The Armed Services can’t even stop its own people from downloading classified information onto recordable media labeled “Lady Gaga” through even the most basic physical security procedures used by most businesses.

******

The sad part is the Chinese won’t have to keep hacking to get the information if we keep giving away all our industries. China demands all the tech be brought there to do business. Boeing, Caterpillar, GM, all shooting themselves in the foot.

GJon

Not entirely true. Many attacks also come from Eastern Europe and South America. In fact, Argentina is a major ‘hub’ of cyber attacks.

Scott B, Jamestown NY (WBFO)

I didn’t say “all”, I said “much”.

Pancake

How much comes out of Lady Gaga?

Prodouz3

What isn’t happening PC(s) are being put on network without securing them from potential hacks/attacks. Managers with the attitude of get it done now have placed their assets in a unprotected position. If the assets are secured and updated then Cyber attacks become less of a threat.
http://www.facebook.com/vlpoirier Vernon Poirier

China is doing what Microsoft did in the late 80′s.

GJon

This might be the silliest thing I have ever heard. Your statement has no basis of fact or educated dialog. What supporting statements can you provide for your thesis?

Pancake

ACER
HCW

How ’bout Sun Microsystems… http://news.cnet.com/2100-1001-251401.html
Check it out GJon
Vlpoirier

Six weeks after the fact/post, just in case you may ever get this post, I don’t remember today why I said that, but, if that is the silliest thing you have ever heard, you need to get out more!

Kirk

Tom,
you should be also interviewing Richard A. Clarke, he wrote a book last year that discusses all of this and the policy issues / implications, the book is Cyber war: the next threat to national security and what to do about it. He traces this issue across several administrations: Clinton, Bush, Bush again, Obama. Scary stuff – hardware such as Cisco routers, and the MS Windows operating system are manufactured and most likely compromised at the point of manufacture in China. Even the populace should consider switching to something like FreeBSD or Linux where at least the source code is open source and available for inspection / improvement.
Randyrinaldo

I am a shade-tree mechanic. It has also come to my attention that INFORMATION has been deemed by the powers that be a way to EXPLOIT the masses. I was told by a shop foreman @ my local Doge dealer that he could not give me the schematics to the transmission I was rebuilding in “MY” truck. It is shameful that the “ENGINEERING” of obstacles have been instrumental in taking down small business as a gate way of secretive inventions that do not give credence to the common welfare of our nation but to give PRIVILEGES to the corporations that have taken us hostage by installing these built in ‘REMARKABLE” enigmas that make it next to imposable for “FOLKS” to work their own vehicles. I use this analogy as just one way that our government has used INFORMATION of censorship of information to exploit the masses. Even as I speak our children are being dumb down to assume their positions as human resources for the elitist classes to dominate through the barriers of technology and language etc. Has anyone ever suggested the censored information to the general public how our “system” works? I am talking about the “Tax Exempt Foundations” and or the United States House Select Committee to Investigate Tax-Exempt Foundations and Comparable Organizations http://en.wikipedia.org/wiki/United_States_House_Select_Committee_to_Investigate_Tax-Exempt_Foundations_and_Comparable_Organizations
Bill

Is this something the military and our tax dollars should be involved in – or is it just another way for corporations to externalize costs they should be paying themselves?
TomK in Boston

Sure cyberwar is war. The possibilities are staggering. Imagine getting control of another nation’s powerplants, satellites, banks, etc. Imagine the guy in a trailer in AZ telling a drone to fire a missile and nothing happens, or the missile attacks our own soldiers. Why not?

As I ride the T and see half the passengers staring at their phones, I realize that the next stage is the direct neural cyberinterface. I’m sure it’s coming. Then we’ll come up with constructs to visualize the data, which is what William Gibson called “the matrix” in Neuromancer, and a whole new corps of cyberwarriors.
Corby Wilson

I’m often astounded at how little our policy makers understand current technology. Currently, politicians try to control technology through regulation (eG8 where Sarkozy got nailed for bad policy, Australia with it’s web porn wall that is being exploited by the recording industry, etc.).
When will politicians realize that technology evolves constantly, by the time an law is enacted, technology has changed so much that the law can’t control it.
The best way to secure sensitive systems is to SECURE THE SENSITIVE SYSTEM. Instead they try to regulate the transport system (i.e. Internet) which is an uninformed, knee-jerk reaction to something they don’t understand and will have wide reaching impact on businesses as well as individual users.
Corby Wilson

The program never got deeper into the ‘cloud’ model.
The speaker mentioned that a more secure model would be to centralize the data and systems into the ‘cloud’ where security can be controlled better. This is not necessarily true.
Centralizing all the data will just expose more information to theft since if a cracker compromises the security of the cloud, all information is now vulnerable.
Additionally, governments have exerted great pressure on ‘cloud like’ technologies like Twitter, Facebook and, most recently, Dropbox, where thy are forced to hand over user information and data with out a warrant.

Facebook even provides an interface for law-enforcement where they can scan anyone’s Facebook page to look for evidence of criminal activity.

What does that say about the security of the ‘cloud’ systems. In this case the government takes on the role of the hacker.
Murray

No. Cyberattacks are sabotage, therefore falling under the purview of espionage. But NOT AN ACT OF WAR!! So bombing is a disproportional response.

I mean, if China can steal our industrial secrets on-line, then it’s OUR FAULT for availing our industrial secrets FUCKING ON-LINE!!!!!

I swear, the people who pose this cyberattack/act of war bullshit should be busted, drafted, and after six weeks of basic training, sent into the line of fire as a PFC. Maybe then they won’t be so glib about bombing yet ANOTHER country for what amounts to our own cyber-security INCOMPETENCE!!!!!
HCW

But remember- technology will save us!..
Old James

This is an old problem, no matter how good a lock you make, a determined burglar can always get in.
Deterrence is the answer.
I think that the unexplained deaths of a number of hackers across the world would bring the reality of what these fools are doing home to the worldwide hacker environment.

If these people think they are the new soldier, they need to be reminded that soldiers die in combat.

Seal team 6 has a lot more missions
Pingback: what would you say you can do on linux, that you can't on windows or mac? - Page 10
Romanstoad

didn’t we design the stux net virus to attack Iran, and isn’t that cyber warfare?
Eric14850

GNU/Linux and other Unix like operating systems are inherently secure to a degree Windows operating systems cannot be secured. One of your guests was very misleading about this. Please cover the issue of security potential and choice of operating system.

Another area not adequately addressed is the impact of computer programming language on robustness and security of software application.
�
Increased centralization of systems and increased vunerability are directly related. When we centralize information distribution, and electrical generation and distribution, we increase our vulnerability to physical and cyber attacks. Corporations want to increase control through centralization and monopoly control which enables them to maximize profits. Decentralized production and distribution creates greater robustness, security and resilience to natural and man made threats. US national security interests and the interests of giant corporations are at odds. The corporations will win unless we educate ourselves and insist our elected representatives represent us rather than giant corporations.

Randy Rinaldo

And speaking of corporations and the constant barrage of fear mongering to sell the public their monopolizing authority; why is it that “we the people” are in chronic fear of one of these too big to fail giants going under? Like all of our nations security / eggs have been put in one basket that gives these giants too much responsibility and no accountability for the enigma of information that has been leaked out to other nations what THEY say patents have been infringed upon. “we” pay to have all of our children to be educated and then the corporations take their ideas and sell them to the lowest bidder; is this not a scam and a lie that their systems have been hacked what is in reality further exploitation of the American people?

There are patent right infringement that can be exercised after the fact and our government could actually screen the bins of product to make sure that some things comply. With all of that said: “we the people” have been hoodwinked by a few corporations who now hold our future in their hands and a government who has been negligent or has CONTRIVED to be of special service to the giants of manufacturing and commerce. Is it not the Constitutional law in the areas of making sure that the common welfare of the people is guarded through the exercise of regulation of our economic infrastructures that we are PROTECTED from such internal threats?

Before our last great depression there were hundreds of automobile manufactures in this great nation and there were tens of thousands of new and wonderful ideas being put in the pages of the patent office. “we” have been let down by the commerce and trade divisions of our government that are suppose to protect the SOVEREIGN rights of not only the people but to also make sure that we are guaranteed a DIVERSE and PROSPEROUS atmosphere in which to work and have the security of that which guarantees that all of our eggs / JOBS are NOT in one basket like too big to fail and their giant labor pools who have so much control and who have broke this nation by the wall street sell off many of our jobs and is not wall street ONE BIG MONOPOLIZING SCAM in of itself?

Those big corporations are not worried about patent rights as it relates to the jobs of the American working classes but THEY are only worried about the profitability of those few of wall street and the monopolizing agents that have put this nation on its knees. There were suppose to be guarantees carried out through laws and regulations that keep these things from happening but do you think that the powers that be (our bought and paid for rules and regulations the lobby monopoly) are going to admit to kowtowing to the giants of industry? Of course not and is it any wonder that we (speaking of monopolization) that our public schools SYSTEM has also been infiltrated by the same authoritarian RULES that turn out cookie cutter children who all know the same things and are all cut from the same cloth so these monopolizing giants from hell have their human resources delivered on a silver platter knowing no more and no less than THEY have been sub-scripted to know; not being “over qualified” as an INDUSTRY STANDARD.

I am sickened by the way we have all been hoodwinked into believing that we live in a so-called free society with free trade when in reality all of our minds therefore our labors are being predisposed to the public school systems of the COLLECTIVE corporate forces that have indoctrinated us all to be servants to such a fascist state.

In reality “IT” is all about information and or the censoring of information and that the masses have all been dumb down by the same giants that have control over over the industry that we serve. Free trade is a myth; to wit

We want one class to have a liberal
education. We want another class, a very much larger class of necessity,
to forgo the privilege of a liberal education and fit themselves to
perform specific difficult manual tasks.

snip from>http://www.johntaylorgatto.com/chapters/2b.htm

By 1917, the major administrative jobs in
American schooling were under the control of a group referred to in the
press of that day as “the Education Trust.” The first meeting of this
trust included representatives of Rockefeller, Carnegie, Harvard,
Stanford, the University of Chicago, and the National Education
Association. The chief end, wrote Benjamin Kidd, the British
evolutionist, in 1918, was to “impose on the young the ideal of
subordination.”

At first, the primary target was the
tradition of independent livelihoods in America. Unless Yankee
entrepreneurialism could be extinguished, at least among the common
population, the immense capital investments that mass production
industry required for equipment weren’t conceivably justifiable.
Students were to learn to think of themselves as employees competing for the favor of management. Not as Franklin or Edison had once regarded themselves, as self-determined, free agents.>end snip

http://pulse.yahoo.com/_4W2FN3W4ZQLQTZRFPWOVHHFOFI S

How can anyone listen to this program and have any trust in our elections where the vote counting is done in secret on electronic voting machines? From malware to cyber security, how can we have any trust in election integrity using machines that have very little security. How many times are the experts going to show how easy it is to manipulate/hack the electronic voting machines before the citizens wake up to this very real threat. What is it going to take to get the media to honestly and factually report this? Sad that there isn’t a _Network_ moment concerning electronic voting machines and sad that these easily manipulated machines continue to give us the vote count.
Excellent program…
Peace,
Sark
Pingback: Cybersecurity Tipping Point? | Insecure About Security
Pingback: Cybersecurity Tipping Point? « Enterprise Strategy Group
Pingback: Cybersecurity Tipping Point? | Cisco Routers Prices
Pingback: Douglas R. Beam Legal News and Blawg - Hacks And Cyber Attacks
Pingback: Cupcakes for Al Qaeda :: Blogs :: PostStar.com
http://www.prlog.org/11289974-phone-number-lookup-verizon-phone-number-reverse-lookup-to-get-information-you-need-quickly.html John

Looks like there is quite a lot of work to do in this arena as far as security goes.
http://www.reversephonelookupsearch.com/ reverse phone lookup

I think this is among the most vital info for me. And i’m satisfied studying your article. However should commentary on few normal things, The website taste is ideal, the articles is in reality excellent . Excellent activity, cheers.
http://www.cellphonelookuped.com/ cell phone directory

some cheap softwares does not offer good online technical support so i would caution about using them,
http://reversecellphonelookup.me/ reverse cell phone lookup

It arduous to look for knowledgeable people on this topic, then again you sound something like you recognize what you are talking about! Thanks
http://www.prlog.org/11261550-phone-number-lookup-catch-cheater-quickly.html phone number lookup

Youre so cool! I dont suppose Ive read anything similar to this preceding to. So nice to look for somebody with a whole lot of original thoughts on this subject. realy we appreciate you starting this up. this site is something that is certainly required via internet, someone with a minor originality. helpful question for bringing something totally new towards that the web!
http://www.ourmidland.com/voices/community/article_3abc5302-931f-11e1-ac26-8f9c10b62f96.html cell phone lookup

This will be a great site, might you be involved in doing an interview regarding just how you designed it If so e-mail me!