One of the first major battles of cyberterrorism is taking place between Israeli, Iranian, and Saudi Arabian hackers who are dumping credit card data belonging to innocent bystanders by the tens of thousands.
The impact of the attacks on each nation’s financial infrastructure spurred Israel to announce on Jan. 7 that the cyberattacks would be treated the same as terrorism. Not long after, terrorist group Hamas announced that hacking is the “new field of resistance,” in an e-mail sent to reporters in the Gaza Strip, The Jerusalem Post reported.
The U.S. government is now bracing itself as terrorist threats move from physical attacks to computers—connecting every home, government office, and military network in the world.
The threat has been warned of for years—by military and hackers alike—but now the time has arrived, and the world is unprepared.
“We foresee a cyber environment in which emerging technologies are developed and implemented before security responses can be put in place,” Director of National Intelligence James Clapper said.
The threat goes beyond just state actors, among which Clapper said China and Russia stealing U.S. data is a main concern, and stretches into a growing segment of small groups. Clapper said the Web gives “easy access to potentially disruptive and even lethal technology and know-how by such groups.”
FBI director Robert Mueller voiced similar concerns. He said “down the road, the cyber threat, which cuts across all programs, will be the number one threat to the country.”
The FBI is preparing for this. Mueller said there are three main points the agency is focusing on: changing their organizational structure, recruiting and hiring cybersecurity experts, and understanding their role to investigate and prevent intrusions.
Securing a Nation
The digital infrastructure is incredibly insecure, and hacker groups, including Anonymous Operations and TeamPoison, have made a show of this—with attacks taking place nearly every day against police, government networks, or major corporations.
But the concern of cyberterrorism stretches much deeper than this. The real threat are the hackers who do not announce their attacks, and maintain access to steal data and harm systems for as long as they can.
LulzSec is known for attacks on websites, including PBS, Sony, the FBI, CIA, and others. The hacker group that was launching attacks against high profile targets almost daily in 2011 summed up the threat, in an ominous June 27 statement.
It stated, “What if we just hadn’t released anything? What if we were silent? That would mean we would be secretly inside FBI affiliates right now, inside PBS, inside Sony ... watching ... abusing … This is what you should be fearful of, not us releasing things publicly, but the fact that someone hasn’t released something publicly.”
It was recently revealed that VeriSign, one of the leading Internet infrastructure companies, was hacked several times in 2010, and hackers stole undisclosed information. Digital security company Avast stated on Feb. 8 that “This has potentially devastating consequences since fundamental Internet security structures could be impacted,” potentially altering the Internet we know.
Other high profile systems were breached in recent memory, including the RSA and weapons developer Lockheed-Martin.
Yet industrial systems remain one of the key concerns. Most of them use the SCADA system—a control system that coordinates industrial, infrastructure, and facility processes, including the electric grids, water systems, and even personal health devices.
Two researchers decided it would be interesting to look at SCADA systems and find 100 bugs in 100 days. They found more than 1,000.
Their findings were presented at the Kaspersky Security Analyst Summit on Feb. 3. Among them was Terry McCorkle, an industry researcher. They problem, he stated, is that many of the Industrial Control Systems (ICS) were not designed to be connected to the Internet and have systems that make them easily accessible, eWeek reported.
“Ultimately, what we found is the state of ICS security is kind of laughable,” McCorkle said.