February 22, 2013
Cyber warfare has dominated the national security dialogue this week after reports that China has been systematically attacking U.S. computer networks--from the Defense Department to The New York Times to JP Morgan Chase. But the greatest threat does not come from a state-sponsored army of hackers; it comes from rogue groups that have no agenda other than to wreak havoc, disrupt lives, or worse.
Think of the virtual conflict currently taking place say, between the U.S and China as a cyber Cold War. China is going to spy on the U.S. in an attempt to gain information. But it’s highly unlikely that their leaders would mount a cyber attack that would provoke a traditional military response. The Chinese are looking to take information, not lives.
The real threats, according to experts, come from cyber terrorists not connected with national militaries. These hackers aren’t concerned with the long-term consequences of their actions. They just want to cause chaos.
“There are probably 100 independent hacker groups out there that are really, really good,” said Kevin Coleman, a cyber terrorism expert at the Technolytics Institute, a firm that teaches cyber defense. “There is little chance they’ll be caught and they have the capability to take sites down.”
Cyber terrorists – or hacktivists, as some call them – are extremely difficult to track down. They use sophisticated techniques to hide their true location, and are experts at falling off the grid when authorities get close. They communicate on Web sites, blogs and in chat rooms that are off-limits to the general public.
Most hackers work in groups, but the size of the groups is hard to determine. Members of Anonymous, one of the most prominent hacker groups in the world, can only be identified by the Guy Fawkes masks they wear in public.
Anonymous, a prominent hacker group, attaches itself to causes. After the suicide of hacktivist Aaron Schwartz, who was under federal investigation for illegally downloading academic articles, the group attacked government computers.
According to Coleman, hackers are branching out into organized crime, affiliating themselves with gangs and creating programs that access bank and other personal information. “Organizations will pay a finder’s fee of $250,000 for zero day vulnerability for smart phones,” he said, referring to a zero day attack, or an attack that a company is completely underprepared for. “That’s why a lot of hackers are moving to organized crime. It’s much more lucrative.”
Tom Kellermann, vice president of cyber security for Trend Micro, said the hub of this activity is Eastern Europe. “Have you seen the movie Lord of War?” Kellermann asked, referring to the film in which Nicolas Cage is a global arms dealer. “That’s what’s going on with cyber right now in Eastern Europe. There are people that we should be worried about because they are sitting back with crews that are offering up a service-based industry of hacking.”
Kellermann said these hackers are selling viruses that don’t require coding expertise. Installing them is simply a matter of loading a program. “Back in the day, you had to know how to code and hack. Now hacks are available through programs that do the work for you,” he said.
According to Ryan Maness, a doctoral candidate at the University of Illinois, Chicago who has written extensively on cyber terrorism, these hackers do not have the capability to penetrate that computer networks that would cause mass destruction and panic, like taking a power grid off line or disrupting mass transit service.
“Most cyber terrorists don’t have the financial resources to compile things like Stuxnet,” Maness said, referring to the attack that briefly took an Iranian nuclear facility off line. “Those need state-backed resources to do so. They don’t have the wherewithal, coordination or finances to attack large scale.”
He said the Wikileaks attack is about as much harm that hackers are capable of inflicting on the United States. “They stole info from government sites,” he said of Wikileaks. They’re not replicating drones.
Kellermann added that terrorist organizations are emerging as cyber threats. In the past, the Eastern European hackers responsible for selling harmful bots had a rule: because of the Beslan school massacre, the 2004 incident in Russia in which Chechen Islamic separatists killed 385 students, they would not sell to terrorists. According to Kellermann, this is no longer the case.
“There is no longer a code against selling to terrorist or jihadists,” he said.
This is especially troublesome for unstable African nations, like Mali, where al Qaeda in the Islamic Maghreb is waging war against a weak government with unsophisticated cyber defenses.
“This is the year where you’re going to see political and social indicators become the primary causes for events that happen in cyberspace,” he warned. “It will be far more disruptive than denial of service.”