Share This Page

Line dividing hacker cyber crime, state-sponsored terror attacks murky

| Thursday, Nov. 6, 2014, 11:03 p.m.
Andrew Conte | Tribune-Review
Daniel Garrie, founding editor of the Journal of Law & Cyber Warfare, (left) and Mitchell Silber, executive managing director of K2 Intelligence, talk about the blurred lines between cyber crime and warfare, during a one-day symposium at John Jay College of Criminal Justice in New York City, on Thursday, Nov. 11, 2014.

NEW YORK — The lines between online thefts and all-out cyber warfare continue to blur as hackers become more effective at attacks that threaten to cause serious economic damage, computer security and legal experts said here Thursday.

“It's not a clear, bright red line,” Mitchell Silber, executive managing director of K2 Intelligence, a cyber security company based here, said at a daylong cyber warfare conference. “It really is more murky, the difference between where a cyber criminal hack ends and where some type of state or state-sponsored event begins.”

The Department of Homeland Security last week issued a bulletin to cyber security insiders reporting that a destructive malware program known as “BlackEnergy” has been placed in key U.S. infrastructure systems that control everything from telecommunications and power transmission grids to water, oil and natural gas distribution systems and some nuclear plants.

The bulletin — issued through DHS' Industrial Control Systems Cyber Emergency Response Team — said several utility companies recently discovered the Trojan horse malware, which was first detected in the United States in 2011. There has been no attempt to “damage, modify or otherwise disrupt” these critical infrastructure systems by unleashing the malware, the bulletin said.

The Tribune-Review has reported in its ongoing series, “Cyber Rattling: The Next Threat,” that hackers likely associated with or directly controlled by foreign states someday may try to initiate cyber warfare attacks on the nation's public utilities that would impact millions by cutting critical power, water and communication services.

The DHS bulletin said a group of Russian cyber spies known as “Sandworm” inserted or attempted to insert the same “BlackEnergy” malware this year in systems belonging to NATO and several European energy and telecommunication firms.

Those attending the cyber warfare conference warned that hackers have gone from big targets and corporate victims like those named in recent criminal indictments filed in Pittsburgh to smaller companies, which make up the core of the economy.

About 100 top officials from the military, banks, law firms and universities attended the conference, which was sponsored by the Journal of Law & Cyber Warfare, a peer-reviewed legal publication. Organizers allowed the Trib to attend the invitation-only event, which was held at the John Jay College of Criminal Justice.

Throughout the day, participants often mentioned the potential impact of federal charges filed in Pittsburgh against Chinese military hackers this year.

U.S. Attorney David Hickton in Western Pennsylvania brought indictments in May against five members of China's People's Liberation Army, saying they had stolen documents and internal communications from companies such as U.S. Steel, Alcoa and Westinghouse as well as the United Steelworkers of America.

A federal judge last week put the case on hold, saying it's unlikely the United States will be able to bring the defendants to trial.

That was never the point, said Cedric Leighton, a retired Air Force colonel and former deputy training director at the National Security Agency who works as a computer security consultant in Alexandria, Va.

The Justice Department “wanted to send a message to the Chinese that these kinds of activities are not acceptable to the United States government,” Leighton said.

He acknowledged, however, that no one really knows whether the indictments will deter hackers from China or anywhere else from stealing more corporate secrets.

As bad as cyberattacks have been — with enormous credit card thefts at top retailers and the loss of intellectual property from top manufacturers and law firms — cyber problems will keep getting worse, said James Christiansen, vice president of information security at Accuvant, a leading computer security company based in Denver.

Hackers can trigger attacks inexpensively and from anywhere in the world — whether they are directly backed by a foreign nation or not, he said.

“I believe we are at a cyber war, but I don't see my adversary as just someone who's being paid by a government,” Christiansen said. “My adversary is the cyber criminalist; he's the hacktivist; he's Anonymous. There are all of these elements out there that are attacking the country I live in.”

The United States has its own reasons for keeping the lines blurred around cyber warfare, said Daniel Garrie, founding editor of the Journal of Law & Cyber Warfare. American companies think of cyber attacks defensively, he said, but “the United States is the best cyber attack organization in the world.”

Andrew Conte is a staff writer for Trib Total Media. Contact him at 412-320-7835 or andrewconte@tribweb.com.

TribLIVE commenting policy

You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.