This is the final post of my three-part series taking a look at technology in today’s world. (Parts one and two are still available for a limited time at no cost!)  Here, we’ll take a quick look at cyberwarfare, hackers, and what the government is doing to protect itself against attacks.

Hacking has gone on since Al Gore invented the Internet, with attacks going back into the 1980’s.  More recent incidents include the theft of data (2004-2009) by the Chinese (NASA, the World Bank, Lockheed Martin’s F-35 super fighter program), a three-man team that compromised more than 130 million credit and debit cards (2006-2009), and the Conficker worm’s mass invasion of worldwide computers in 2009.

During 2010, there was a definite sense that cyber-attacks were increasing in their sophistication.  More attacks were also leveled against the federal government even if the overall number was down.  In other words, the attacks are becoming more dangerous and more focused against government entities.

This past year (2011) saw quite a spate of attacks by different groups of hackers that were reported by the media.  Back in June, LulzSec targeted various companies and government agencies including Sony, NATO and AT&T, mostly compromising user ids, emails, and passwords.  Another unidentified group hacked the Japanese gaming company Sega, doing much the same thing LulzSec did to Sony customers.  Perhaps the most interesting development out of this story was that LulzSec denied responsibility and instead wanted to seek revenge on the Sega hackers in some sort of hacker showdown.  Update: The hacker group Anonymous is even threatening the Mexican drug cartel Los Zetas; talk about stones!

Attacks by others continued: In July, the hacker group Anonymous infiltrated Booz Allen and posted 90,000 email addresses and passwords; AntiSec hackers posted 10 GBs of police data in revenge for the August arrest of Jack “Topiary” Davis, the accused spokesman of LulzSec and Anonymous;  the open-source MySQL database was hacked in September to profligate malware to its visitors (in Russian underground forums, root access to the site was being sold for $3,000); Comodo and DigiNotar (companies that issue security certificates for websites—you know, to let us know they’re safe) were hacked and forged certificates were issued for sites like Yahoo and Google; in September the open-source Linux foundation was hacked and subsequently shut down to repair the damage; and yesterday (10/31), Symantec released a report detailing a 2-month cyber-spying campaign against chemical and defense companies around the world.

I could go on, but I think you see the point.

Reactions to all these attacks have been…illuminating.

Some in the Silicon Valley are betting on new technology to prevent such info-thefts and to turn a profit (never mind that this is the same tech arms race that has existed since the beginning).

In February of 2011, the White House cyber-security coordinator Howard Schmidt said that the use of the term cyberwarfare is an inaccurate metaphor (just after the NASDAQ servers were breached).  While this rhetoric may be more indicative of a turf war over which agency should have control over cyber-security (DHS vs. NSA), he ought to have remembered the Stuxnet worm that infiltrated and caused physical damage to Iran’s nuclear-fuel centrifuges.  A year later, real concerns about a similar attack against US infrastructure abound in the cyber-security field.  Or perhaps the 2008 hacking of the military’s US Central Command network was just forgotten, too—and the 14 months it took to clean up the infection; The US Deputy Secretary of Defense William S. Lynn III called it “the most significant breach of U.S. military computers ever.”  The TechNewsWorld article relates: “Chet Wisniewski, a security adviser with antimalware software maker Sophos, asserted that Lynn’s article paints a bleak picture of computer security in the military.  “It implies that the controls at the Pentagon are bad or worse than the average corporate environment.””

The Pentagon has paid serious attention to cyber-security and cyber-attacks for quite a while, and the infiltration and threat of corruption of the Defense Department networks is designated their number one cyber threat.  Their experts are looking to militarize the cloud (“distributed servers and advanced networking and information database technologies”) so as to minimize human interaction in retrieving data and getting the information where and when its needed.  Of course, spies are using the cloud as well since the ability to remotely access information (even from thousands of miles away) is a key change from the good old days of accessing tapes or hard drives.  And they’re pretty much using the same technology found in your iMachine.  (We haven’t even gone into bots/zombies–yeah, that’s a real thing).

The global state of affairs and nefarious actors already make continuing conflict likely on any number of fields (military, terror, espionage, etc.).  Guy Philippe Goldstein provides an interesting look at how cyber-warfare can also lead to physical conflicts due to the former’s very nature of vagueness and difficulties in identifying the actor(s).  The NSA would even consider pre-emptive cyber-attacks or military strikes against cyber threats if the potential damage was high enough.

So.  There’s lots of information and boogey man/doomsday scenarios over this three-part series on technology. What do we do about it?

A mass conversion to Neo-Luddism is probably out of the question.

It seems to me that we have a few options:

1. Sit back and not worry about it too much (as we’ve been doing). After all, nothing major has happened yet as a result of all these attacks (credit cards can get re-issued, we can check our personal information to make sure no one else is using it, etc.).  Trust the government/military to keep up their vigilance against the threats.

2. Demand stronger security from our government via our Congressional representatives.  (Probably with input from the leading experts in the field).  Couple this with a demand to correlate information and resources across governmental agencies (and tell them to get over themselves and their egos).

3. Reduce our own digital footprint. (Thereby making ourselves less vulnerable to attacks).

4. Improve our own security: be knowledgeable about your computer/malware protection patches and updates; use strong passwords; pay attention to your site’s security certificate; don’t fall for common cyber-tricks (like phishing).

In the end, of course, you’ll have to decide how much technology will be present in your life.  Just be aware–the more you use, the more avenues you have to be exploited if precautions are not taken.

Advertisements