CybersecurityCriminals, spies dominate cyber world, with little to deter them

Published 5 August 2010

White House cyber security coordinator Howard Schmidt says the U.S. economy essentially rests on safe Internet facilities; last year saw $10 trillion in online business, a figure forecast to hit $24 trillion in another decade, he noted; yet, incredibly, the business world has yet to grasp the threat that online thieves and vandals pose; almost half of small businesses don’t use antivirus software and even fewer use it properly, Schmidt warned

Here is a cybersecurity joke: Finally the world has a hacker-proof communications device. The bad news? It is a brick in a glass case. The joke, told to a cyber conference Tuesday in New York, illustrates what top U.S. experts describe as the dire state of online security.

Threats today are basically not preventable,” said Amit Yoran, a leading IT security consultant and CEO of NetWitness Corporation. “There’s basically no way to defend any large-scale environment today” (see “Experts: securing U.S. critical infrastructure against cyberattack not feasible,” 12 July 2010 HSNW).

The spoof brick really exists — right in the lobby of the secretive U.S. National Security Agency (NSA), Yoran said, and it is there to remind America’s top cyber spooks how limited their powers really are.

Yoran described a world in which hackers operate mostly with impunity, since they are rarely caught — or extradited when found — and at great profit.

 

Nor are they all lone teenage computer geniuses playing for kicks. Organized gangs and government-sponsored spies are the real threat, making cyber crime a bigger sector even than drug trafficking, Yoran said. “It’s a very complex set-up.”

AFP reports that the gloomy diagnosis from the FBI-sponsored conference at New York’s Fordham University comes when the Internet and society are becoming more integrated by the minute. Everything from countries’ military maneuvers to ordinary citizens’ grocery shopping is increasingly organized online.

In fact, the entire U.S. economy, White House cyber security coordinator Howard Schmidt told the conference, essentially rests on safe Internet facilities. Last year saw $10 trillion in online business, a figure forecast to hit $24 trillion in another decade, he noted.

Yet, incredibly, the business world has yet to grasp the threat that online thieves and vandals pose. Almost half of small businesses don’t use antivirus software and even fewer use it properly, Schmidt warned.

There has been enough exfiltration of personal property in this country in the past years to fill the Library of Congress over and over again. So we must do more.”

Chasing cyber criminals is a task that can exasperate the most powerful sleuth. “Cyber criminals are not constrained by geographic borders,” said Michael DuBose, head of the computer crime section at the Department of Justice. “A Romanian hacker sitting at his kitchen table can penetrate a U.S. network within seconds and exit just as quickly.”

The hackers’ “world has become a lot smaller,” he added, but “they prey on what is essentially a global victim pool.”

Another hurdle, according to the FBI’s cyber division deputy assistant director, Jeffrey Troy, is outdated legislation, combined with the usual complications of cross-border probes.

“We need to be operating like one global law enforcement agency,” he said. Instead “a lot of countries don’t have laws that fit the crime… We’re using laws that were written when no one even had thought of the crime.”

 

Experts at the conference also lamented what they said was the failure of private software companies to come up with adequate defenses.

In the end, they said, all that can be done is to mitigate the problem and make the hacking business — ranging from theft of bank details and spam advertising to espionage and terrorist sabotage — less easy.

Gary Gagnon, from the IT security firm MITRE, joked the biggest problem was people — “users who just can’t help clicking” on infected files. He said, though, that no one should ever feel smug about security levels. “If (hackers) are determined to get in our network, they’ll get in. The odds are stacked in their favor.”