Cyberspace offers new frontier to exploit weaknesses, initiate attacks
Thirty years after a young hacker played by Matthew Broderick nearly triggered a nuclear war in the movie “WarGames,” fears of malicious computer attackers causing real-world destruction are an everyday reality.
Online attacks, such as those recently aimed at U.S. banks and the Federal Reserve, represent a new front in wars fought with computer keystrokes rather than weapons. Costly to the banks, the attacks merely annoyed customers who could not access their accounts online.
Future strikes, top military experts warn, could be destructive — even deadly — targeting nuclear power plants, public water systems, railways, air traffic control and hospitals.
“People have realized that cyberspace — just like land, air and sea — is another domain that they need to defend, control and protect,” said David Brumley, a computer security researcher at Carnegie Mellon University. “Cyber attacks are part of a covert war right now.”
Discovered in 2010, the computer worm Stuxnet went where only science-fiction movies had gone before — leaping out of digital code to destroy Iran's uranium-enrichment centrifuges by making them spin out of control.
Like the A-bomb dropped on Hiroshima, the exploit set off an arms race with unseen consequences: If Iran initiated the bank attacks — as Jim Rohr, CEO of PNC Bank, speculated — the disruptions could signal a desire to wreak havoc and perhaps to seek retribution.
No one has taken responsibility for Stuxnet, but the consensus among computer security experts points to the United States and Israel, said Liam O Murchu, a manager of security response operations at Symantec, a computer software security company in Mountain View, Calif.
Even if the United States started this fight, however, Defense officials warn that the nation has much to lose. With ubiquitous computers, tablets and smartphones and a looser attitude about online information than countries like China that have strict censorship, America looms as a major target.
“An attacker who mounted a concerted campaign against pretty much any physical facility in the United States or elsewhere could probably do pretty substantial damage,” said Ari Juels, director of RSA Laboratories, which conducts data security research for the government and others.
For now, a large-scale infrastructure attack might be theoretically possible but practically difficult for perpetrators who want to make it happen, said Marty Lindner, principal engineer at CERT, a CMU program that works with the military. An adversary must conduct extensive spying, identify vulnerabilities and figure out a way to exploit them.
“There is the potential — just like the lights going out in New York — that all of the ducks could line up in a row and an adversary could cause really bad things to happen,” Lindner said. “What I struggle with is the reality of that.”
Countries with the capability, such as China, have little motive for destroying the American economy. Enemy nations, terrorists and others who might want to mount such an attack cannot pull it off, said Dmitri Alperovitch, co-founding chief technology officer of CrowdStrike, a security technology company in Irvine, Calif.
Over time, ramping up to a destructive attack gets easier, said former CIA Director Michael Hayden. Hackers, terrorists and rogue nations soon will have the computer attack abilities of the most sophisticated nation-states.
“We're a very connected nation,” Hayden said. “That's why many people in American industry are so concerned.”
Andrew Conte is a staff writer for Trib Total Media.He can be reached at 412-320-7835 or email@example.com.
Add Andrew Conte to your Google+ circles.
Show commenting policy
TribLive commenting policy
You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.
We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.
While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.
We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers.
We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.
We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.
We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.
We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.
- Bethel Park Police arrest 3 for thefts at Walmart
- Controversial McKeesport building destroyed by fire
- Firefighter hurt in 3-alarm fire at Jefferson Hills restaurant
- Review committee forwards 4 names to Allegheny County Council for appointment
- Firefighters help stranded window washer in Mt. Lebanon
- 2 charged in North Braddock robbery
- Pennsylvania religious freedom law does not extend to for-profits
- None hurt in Duquesne house fire
- Developer of proposed Ross housing subdivision postpones hearing
- Arrivals from Paris soon will avoid extra screening at Pittsburgh International
- Ex-prosecutor concerned with latest Pa. child abuse findings