Cyber Security Shuffle

By Carl Weiss

If you’re like most people, you probably only react to cyber security matters when your computer is so infected with malware that it refuses to function.   This is what IT professionals refer to as locking the barn door after the horse has bolted.  In today's wired world, what you have to consider is that everything from your PC to your smartphone is subject to attack by hackers who are out to sell your personal information, steal your financial data and do much more than mischief.  What many people don't realize is that this problem is so serious that even governments are having problems dealing with it.  

Two recent articles come to mind.  One which was published in Computerworld.com on August 13, quoted General Keith B. Alexander, the director of the National Security Agency as stating,

“Hackers can and must be part of a collaborative approach with the government and private industry, he said. "You know that we can protect networks and have civil liberties and privacy, and you can help us get there."

The second, which was published today on Wired.com, quotes an unnamed researcher at Russia’s Kaspersky Lab as asking the public for help in cracking an encrypted warhead that gets delivered to infected machines by the Gauss malware toolkit.

“We are asking anyone interested in cryptology, numerology and mathematics to join us in solving the mystery and extracting the hidden payload.”

Now I know what you’re thinking, “I thought that government agencies were supposed to be responsible for cracking down on cyber criminals.  Now they want to hire them?”

Welcome to the wacky world of cybercrime.  The sad fact of the matter is that governments have been notoriously lax when it comes to taking a bite out of cybercrime.  On an international level, Interpol, the United Nations Office on Drugs and Crime and the G-8 have been trying to address the issue of cyber security through international cooperation.   The fact that cyber attacks were a worldwide problem surfaced in 2007, when Estonia faced a series of online attacks so serious that NATO was called in to intervene. 

Of course, the US is hardly immune to this phenomenon.  The NSA’s General Alexander also warned that cyber attacks were causing “the greatest transfer of wealth in history.”  He also cited statistics from leading computer security authorities which touted the losses to American companies at $250 billion per year. (Worldwide losses to business are estimated at $1 trillion.) This figure does not address the loss of income to the American public, where such things as viruses and outright theft of financial data costs billions more per year. 

With these kinds of dire circumstances rearing their ugly heads on almost a daily basis, you would think that  cyber terrorism would merit some kind of direct response from the government. You would be wrong.  Far from creating a response, much less a defense against these attacks, on August 2 senate Republicans blocked a bill intended to boost U.S. computer defenses.  James Lewis, technology program director at the Center for Strategic and International Studies in Washington summed it up best.

‘‘Nobody in Congress denies that we need to do something, but between business pressures and electoral pressures there’s no way they’re going to do anything useful. The game now will be each side blames the other.”

Far from being an isolated case, on an international level, feet dragging appears to be the norm.

 “It can take up to two years to receive evidence using a mutual legal assistance treaty," said Brad Marden, coordinator of cybercrime operations for the Australian Federal Police, at an IBM security event in Sydney on August 14. "Bear in mind that in the Australian legal system, police have just three months to present a brief to a court on someone who has been arrested.”

This kind of interdepartmental foot dragging brings back another familiar case.  If you will recall the brouhaha that occurred when it was revealed how the NSA might have prevented 9/11 if it had been more willing to share its data with other agencies.  Author James Bamford looked into the performance of the NSA in his 2008 book, The Shadow Factory, and found that the agency had been closely monitoring the 9/11 hijackers as they moved freely around the United States and communicated with Osama bin Laden's operations center in Yemen. The NSA had even tapped bin Laden's satellite phone, starting in 1996.  Bamford reported in a PBS documentary entitled The Spy Factory,

"The NSA never alerted any other agency that the terrorists were in the United States and moving across the country towards Washington.”

(View the complete Nova broadcast here.)

As shocking as this item is, what would be worse would be if history were getting ready to repeat itself.  As the arena of warfare moves steadily from the battlefield to cyberspace (like the Israeli designed Flame virus that was designed to slow Iranian nuclear efforts), is society ready for an all-out technological attack that targets major financial institutions, air traffic control, or the nation’s power grid?  When you realize how technology dependent modern society has become, this could be the Western world's real Achille's heel.  If you think having your computer laid up by malware is an inconvenience, imagine how much of a monkey wrench a banking or power grid meltdown would rock your world.

What it boils down to is that when it comes to the government’s lack of a response to this impending menace, are we prepared to face the threat of cyberwar?  Or, is the government and the public at large  going to continue to do its rendition of the cyber security shuffle until it’s too late.

Carl Weiss is president of W Squared Marketing Group and host of Blog Talk Radio’s “Working the Web to Win radio show," that airs every Tuesday at 4pm Eastern.  Join Carl and co-host Hector Cisneros today as they discuss how to secure your online future.  http://workingthewebtowin.com


Researchers Seek Help Cracking Gauss Mystery Payload - Wired.com
NSA Chief Seeks Help From Hackers - Computerworld.com
Top Australian Cybercop Laments Slow Official Evidence Exchange - Cio.com