ShareThis Page

Cyber threat facing U.S. 'continuous,' security experts say

| Wednesday, May 29, 2013, 12:07 a.m.

Hackers might learn enough from recent attacks on U.S. banks to prepare for larger, more destructive assaults should they choose to initiate them, the U.S. attorney for Western Pennsylvania and leading computer experts told the Tribune-Review on Tuesday.

The so-called denial-of-service attacks seem designed to test the responses of bank officials, computer experts and law enforcement, said David Hickton, U.S. attorney in Pittsburgh. The threat remains, he said, even though the attackers announced a hiatus.

“This is not the most sophisticated type of cyber attack available,” Hickton said, “and it's really designed to slow — not steal — and delay — not fracture or cripple — and therefore, it's a fair inference to conclude.”

The Tribune-Review reported in its ongoing computer and robot security investigation, Cyber Rattling: The Next Threat, that hackers are seeking to move from annoyance attacks to destructive ones.

PNC Bank computer security officials remain vigilant since the attacks but had “nothing new to report,” spokesman Fred Solomon said.

“Our systems are operating as expected and we continue to be on guard for any unusual activity at our firewall,” he said.

Speaking at a panel discussion on cybersecurity at the Community College of Allegheny County, Hickton described a mismatch between the high cyber threat and a lack of trained security professionals to respond.

He challenged local leaders to get behind a Pittsburgh Cybersecurity Initiative this summer that would help train the next generation of computer educators, researchers and investigators.

Pittsburgh Public Schools and the Allegheny Intermediate Unit have agreed to develop a cyber curriculum, he said. The University of Pittsburgh and Duquesne University will work on a cyber law degree program.

The nation needs more workers who can respond to computer security threats, said Ernest McDuffie, head of the federal National Initiative for Cybersecurity Education.

“Those of you with security clearances,” he told the audience, “know the threat is not only real but it is very scary.”

Dan Holden, director of security research at Arbor Networks, a computer security company in Burlington, Mass., said that there's no reason to believe the computer threat facing banks is over. He predicted that attacks could resume this week or next.

Because of the attacks' size and duration, no activist group could have done it without help from a government or wealthy backer, Holden said. The attacks started in September.

“This is the longest public campaign in history in terms of an Internet attack,” Holden said. “We've never had anything advertised from day one that has gone on for this period of time. The effectiveness, the persistence have been big deals.”

A group calling itself the al-Qassam Cyber Fighters claimed responsibility for the bank attacks. On May 6, the group said it would temporarily suspend the campaign to avoid confusion with activities by the hacker group Anonymous. The Cyber Fighters have said their motive is to get anti-Muslim videos removed from the Internet.

Lawmakers said that Iran was responsible for the bank attacks, but the actual source remains unclear and Hickton declined to talk about intelligence. The hackers claimed to have disrupted Bank of America, CapitalOne, Fifth Third, Comerica and Citizens, as well as Pittsburgh-based PNC Bank.

“The threat is continuous and even if we extinguish the threat in the short term, the vulnerability is still there until we can identify and prosecute people,” Hickton said.

These kinds of attacks — whether targeting banks or other critical infrastructure — are “pretty much the new normal,” Michael Smith, director of the Customer Security Incident Response Team at Akamai Technologies, a Boston-based Internet security company, told the Trib.

Hackers upset about another country's policies learned that they can gain leverage by targeting people and businesses there, Smith said.

“There are other evil-doers out there that will copy the same techniques and it has a really chilling effect,” Smith said. “That is a very troublesome core issue.”

Banks are better prepared than they were six months ago, Holden said, but attackers undoubtedly learned a lot, too, about what works.

He said he believes the attackers are capable of a much more debilitating attack but have been unwilling to carry it out because of fear of reprisal.

“That's why some people refer to these kinds of events almost as a Cold War,” Holden said. “There's a line that even the U.S. doesn't want to cross. … Everyone is willing to walk up to the line — again, regardless of who's behind it — but no one is willing to cross it right now.”

Andrew Conte is a staff writer for Trib Total Media. He can be reached at 412-320-7835 or andrewconte@tribweb.com.

TribLIVE commenting policy

You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.