Cyber defense

In recent weeks there has been a spate of hacking attacks on US companies, including Google Mail, Lockheed Martin and Citigroup as well as on US-based institutions, including the International Monetary Fund (IMF) and the US Senate. Booz Allen Hamilton is the latest victim. The company is a defense contractor of the US pentagon which specializes in developing weapons systems and defense equipment.

Anonymous, an "antisec," or anti-security, cyber body has recently claimed responsibility for the latest "attack," claiming to have stolen over 90,000 email addresses and other information.

In a message on the file-sharing website, The Pirate Bay, Anonymous writes that it not only "plundered some booty" but also swiped four gigabites of source code from the company’s system. Anonymous also boasts that it was able to gain valuable access to other "government agencies, federal contractors and shady whitehat companies." After hacking into Booz Allen Hamilton, Anonymous writes it uncovered "all sorts of other shady practices by the company, including potentially illegal surveillance systems, corruption between company and government officials, warrantless wiretapping, and several other questionable surveillance projects."

Anonymous became more widely known after hacking into companies that were against the publication of Wilikeaks. It also hacked credit card companies that were withholding donations to the whistleblowing website.

Defense issue

Just days after the announcement, US Deputy Defense Secretary William Lynn said that nearly 25,000 sensitive defense department files had been stolen in March by hackers. The attack, believed to have been carried out by a foreign intelligence service, points to the vulnerability of US government networks. With over 15,000 computer networks and seven million computers at hundreds of installations around the world, Defense Department employees are faced with millions of attempted attacks a day. As Reuters reports, illegal network penetrations have compromised huge amounts of data thus far. With the borderless nature of the web, security experts say a coordinated global response to such attacks is needed.

In a speech at the National Defense University Lynn also unveiled the new US DoD (Department of Defense) Cyber Defense Strategy, which will move away from a passive defense toward treating cyberspace as an "operational domain" in which trained forces defend against attacks, Reuters reported. Lynn said the Pentagon wanted to avoid militarizing cyberspace but at the same time secure strategic networks, both by threat of retaliation and by mounting an effective defense. He said the new strategy will be aimed at "denying the benefit of an attack," adding: "If an attack does not have its intended effect, those who wish us harm will have less reason to target us through cyberspace in the first place."

Hacks increasing

Matthias Gärtner of Germany’s Federal Office for Information Security says both the number and quality of hacks is rising around the world. The type of attack varies from money-making schemes, sabotage, activism (attacking government sources for political reasons), cyber espionage, as well as corporate and industrial espionage. And for as many motives there are even more ways. Gärtner sees cyber security as a problem that is likely to grow with the increasing use of IT infrastructures and also the increasing use and dependence on the internet. He says any company with a network is, generally speaking, vulnerable to attacks, as cyber crimes continue to replace traditional forms of criminal activity.

The Online Defense and Acquisition Journal DodBuzz, said cyber attacks might become tantamount to an act of war. Though it is extremely difficult to pinpoint the source of the attacks from a technical standpoint, according to Gärtner, US authorities believe that many of the attacks on US companies and institutions come from China. An attack on Google email accounts belonging to US officials and Chinese activists in the beginning of June, 2011, is also thought to have originated in China. Chinese Foreign Ministry spokesman Hong Lei　denied the claims, calling it unacceptable to blame China as "hacking is an international problem…Accusations that China supports or encourages such activity are not based on facts."

Part of politics

American political scientist and former US Secretary of State, Henry Kissinger, and Jon Huntsman, former US ambassador to China, recently called at a Thomson Reuters event for a cyber détente, emphasizing the need for China and the US to come to an agreement to restrict cyber attacks and designate off-limit areas.

Johannes B. Ullrich of the SANS Internet Storm Center, a volunteer organization that monitors and reports cyber threats, says cyber attacks have increased mainly because tools allowing such attacks have evolved and become more user-friendly, and not necessarily because the hackers themselves have become smarter. He says at the moment just about everyone is susceptible to an attack as most of the tools take advantage of loopholes in existing (old) software, which is still widely used.

Ullrich doubts whether an agreement between the US and China will be effective: "I don’t think any kind of arms treaty would work in this case, particularly because it is so easy" to acquire tools for hacking. Ullrich also finds it difficult to imagine politics without such attacks: "I just see it as a new way of spying. Everybody’s spying on everybody else. In some way, I think it is used for political gain. Particularly with China, you have a lot of these attacks that happen to take place before big trade negotiations…I think it is really just part of politics and part of spying that countries do on each other anyway. I don’t see it as such a huge threat that it should be outlawed in any way. "

Author: Sarah Berning
Editor: Grahame Lucas