TribLIVE

| News


 
Larger text Larger text Smaller text Smaller text | Order Photo Reprints

Cyberspace offers new frontier to exploit weaknesses, initiate attacks

Andrew Russell | Tribune-Review
George Hotz, 23, who at 17 became the first person to hack into an iPhone so owners could choose their cellphone carrier, is a member of the Plaid Parliament of Pwning, Carnegie Mellon University’s “capture the flag” computer-hacking team. He is seen here with computer code projected onto his face with a laptop projector on Tuesday, Jan. 29, 2013, in the Collaborative Innovation Center on the school's Oakland campus.

Related Stories
Saturday, Feb. 9, 2013, 11:30 p.m.
 

Thirty years after a young hacker played by Matthew Broderick nearly triggered a nuclear war in the movie “WarGames,” fears of malicious computer attackers causing real-world destruction are an everyday reality.

Online attacks, such as those recently aimed at U.S. banks and the Federal Reserve, represent a new front in wars fought with computer keystrokes rather than weapons. Costly to the banks, the attacks merely annoyed customers who could not access their accounts online.

Future strikes, top military experts warn, could be destructive — even deadly — targeting nuclear power plants, public water systems, railways, air traffic control and hospitals.

“People have realized that cyberspace — just like land, air and sea — is another domain that they need to defend, control and protect,” said David Brumley, a computer security researcher at Carnegie Mellon University. “Cyber attacks are part of a covert war right now.”

Discovered in 2010, the computer worm Stuxnet went where only science-fiction movies had gone before — leaping out of digital code to destroy Iran's uranium-enrichment centrifuges by making them spin out of control.

Like the A-bomb dropped on Hiroshima, the exploit set off an arms race with unseen consequences: If Iran initiated the bank attacks — as Jim Rohr, CEO of PNC Bank, speculated — the disruptions could signal a desire to wreak havoc and perhaps to seek retribution.

No one has taken responsibility for Stuxnet, but the consensus among computer security experts points to the United States and Israel, said Liam O Murchu, a manager of security response operations at Symantec, a computer software security company in Mountain View, Calif.

Even if the United States started this fight, however, Defense officials warn that the nation has much to lose. With ubiquitous computers, tablets and smartphones and a looser attitude about online information than countries like China that have strict censorship, America looms as a major target.

“An attacker who mounted a concerted campaign against pretty much any physical facility in the United States or elsewhere could probably do pretty substantial damage,” said Ari Juels, director of RSA Laboratories, which conducts data security research for the government and others.

For now, a large-scale infrastructure attack might be theoretically possible but practically difficult for perpetrators who want to make it happen, said Marty Lindner, principal engineer at CERT, a CMU program that works with the military. An adversary must conduct extensive spying, identify vulnerabilities and figure out a way to exploit them.

“There is the potential — just like the lights going out in New York — that all of the ducks could line up in a row and an adversary could cause really bad things to happen,” Lindner said. “What I struggle with is the reality of that.”

Countries with the capability, such as China, have little motive for destroying the American economy. Enemy nations, terrorists and others who might want to mount such an attack cannot pull it off, said Dmitri Alperovitch, co-founding chief technology officer of CrowdStrike, a security technology company in Irvine, Calif.

Over time, ramping up to a destructive attack gets easier, said former CIA Director Michael Hayden. Hackers, terrorists and rogue nations soon will have the computer attack abilities of the most sophisticated nation-states.

“We're a very connected nation,” Hayden said. “That's why many people in American industry are so concerned.”

Andrew Conte is a staff writer for Trib Total Media.He can be reached at 412-320-7835 or andrewconte@tribweb.com.

Add Andrew Conte to your Google+ circles.

 

 

 
 


Show commenting policy

Most-Read Allegheny

  1. U.S. Steel Tower tenants stand to benefit from company’s relocation
  2. Suspect in Route 28 death has long history of ignoring vehicle registration, license laws, records show
  3. Brentwood police chief to get nearly $200K as part of settlement agreement with borough
  4. Lower gas prices entice motorists to drive long distances for Thanksgiving
  5. Surgery for man shot by Pittsburgh officer on hold amid legal limbo
  6. Alcoa judgement helps U.S. Attorney’s Office collect 5 times its budget
  7. La Roche College to accept up to 90 credits from community college students
  8. Thanksgiving closures
  9. Newsmaker: Sister Rita Yeasted
  10. Judges with Pittsburgh ties enter race for Pa. Supreme Court
  11. State leaders give input on budget woes at Pittsburgh meeting
Subscribe today! Click here for our subscription offers.