Monday, February 15, 2010
A New Kind of Security Threat
Just about everyone has received one of those bogus E-Mails that appear to come from a friend in trouble in, say, London—please send me $2,000! The clumsy handiwork of petty cyber-swindlers is easy to spot, but more creative cyber-crimes against individuals, businesses and governments are perpetrated every day. And cyber-war is already a threat against which national security experts must plan.
In August 2008, Russia’s invading Soviet vintage tanks were backed by a 21st Century cyber attack on Georgia. Maintaining our security and stability suddenly became more complex than fending off the tanks and fighter jets of our gigantic neighbor. Cyber attacks can be the equivalent of special operations or air strikes against critical infrastructure.
In contrast to the time and money required to train and equip spetsnaz or air forces, high technology and online skills are now available for rent to malevolent governments, organized crime and terrorist organizations. Such skills can be used to destabilize a country’s economy and degrade its critical infrastructure. Operating along the seam between crime and war, cyber-criminals have sparked a debate among experts about whether cyber attacks should be treated as criminal acts or acts of war.
However, these are not the clowns who hijack your friend’s electronic address list to look for someone dumb enough to send them $2,000 or even more intelligent hackers seeking to vandalize your PC or steal money from your bank account. They are sophisticated criminals operating networks that can threaten global security and stability. Moreover, some states not only tolerate them but hire them.
A stark reality emerged from Russia’s August 2008 war on Georgia. After a year of study, the U.S. Cyber Consequences Unit (USCCU), an independent research institute, concluded that cyber attacks were an integral part of Russia’s armed attack on Georgia.
Most of the attacks were of a type called Distributed Denial of Service attacks—DDOS. Cyber criminals take over bits of perhaps thousands of privately owned computers and lash them together into so-called botnets that then blast information at a target, rendering it unable to perform its intended service.