TribLIVE

| USWorld

 
Larger text Larger text Smaller text Smaller text | Order Photo Reprints

Rewards may far outweigh risks for savvy hackers

Email Newsletters

Click here to sign up for one of our email newsletters.
Related Stories

Daily Photo Galleries

'American Coyotes' Series

Traveling by Jeep, boat and foot, Tribune-Review investigative reporter Carl Prine and photojournalist Justin Merriman covered nearly 2,000 miles over two months along the border with Mexico to report on coyotes — the human traffickers who bring illegal immigrants into the United States. Most are Americans working for money and/or drugs. This series reports how their operations have a major impact on life for residents and the environment along the border — and beyond.

Monday, Feb. 11, 2013, 12:01 a.m.
 

A malicious computer hacker has to find just one way in.

Like soldiers defending a fort, however, anyone trying to protect a website or online business must try to close every potential breach. A single coding mistake, in the wrong hands, could be an opening to be exploited.

When a computer attack begins, it can be hard to detect — harder still to identify the perpetrators, locate them and bring criminal charges.

“It's the right place to set up shop if you're an ambitious criminal,” said Ari Juels, director of RSA Laboratories, a Cambridge, Mass., data security research company.

Potential rewards versus the risk are great, too. Someone with a computer and know-how might be able to steal corporate secrets for an airplane design or information on newly discovered oil and gas fields.

The haul could be worth millions, if not billions.

“It's simply too easy to orchestrate these types of intrusions,” said Dmitri Alperovitch, co-founding chief technology officer of CrowdStrike, a security technology company based in Irvine, Calif.

“It's cost-free, even if you get caught,” he said. “If there's a nation-state sponsor, nothing is going to happen to you. No one is going to arrest you. You're operating freely from the confines of your own country, supported by your own government.”

Adversaries of the United States are arming themselves for computer espionage as well as potential attempts to cause disruption or destruction, the Government Accountability Office reports.

In 2010, the Department of Defense developed a Cyber Command to oversee computer security, primarily for the Defense Department. The move occurred around the time Stuxnet, a computer worm that struck Iran's nuclear program, was discovered.

No one has taken credit for the attack, but some suspect the United States and Israel.

Iran responded to the attack by announcing plans last year to create a “cyber army,” and an Iranian group in September took credit for hacking into 370 Israeli websites.

Army Gen. Keith Alexander, the head of CyberCom, has warned the Defense Department cannot protect itself. The Defense Department announced plans to hire 4,000 people for computer security, but the military has 15,000 computer networks at 4,000 locations worldwide.

“The number of potential vulnerabilities, therefore, is staggering,” the department reported in 2010.

Since Stuxnet, unknown hackers introduced other malware — shorthand for malicious software — to collect information that could be useful for an attack, said Liam O Murchu, a manager of security response operations at Symantec, a computer software security company in Mountain View, Calif. Those viruses mainly targeted Middle Eastern companies involved in pipelines and industrial control systems, he said.

“We did think it was science fiction until we saw Stuxnet, and we saw that a virus could interact in a very sophisticated way with specific equipment that made it work in a very predetermined manner,” O Murchu said. “It's definitely possible that another attack could be mounted.”

More malware recently targeting Middle Eastern marks included a virus aimed at Saudi Arabia's state-owned oil company in August that wiped out more than 30,000 computers, replacing system files with an image of a burning U.S. flag. A similar attack hit a natural gas producer in Qatar. Defense Secretary Leon Panetta called the malware the most destructive computer attack ever on the private sector.

Taking down a gigantic infrastructure network in the United States would require a sophisticated attack by an advanced nation-state, Alperovitch said. China, for example, might trigger a computer virus attack only during a hot war with the United States.

Individual researchers, however, could proliferate that technology.

“Is there a danger that they may decide to rent their services out to a rogue nation-state or to a terrorist group?” Alperovitch said. “People worry about that sort of thing … and that's certainly a valid concern.”

The world's largest companies fall into two groups, according to security technology company McAfee : “Those that know they've been compromised and those that don't yet know.”

Those that are safe don't have anything valuable or interesting that hackers consider to be worth stealing.

“When it happens, we may not hear about it,” said Ting-Fang Yen, principal research scientist at RSA Laboratories. “You don't want to admit you're being attacked, most of the time. Or people don't know that they are attacked.”

Andrew Conte is a staff writer for Trib Total Media. He can be reached at 412-320-7835 or andrewconte@tribweb.com.

Add Andrew Conte to your Google+ circles.

Subscribe today! Click here for our subscription offers.

 

 

 


Show commenting policy

Most-Read Nation

  1. Firefighters make progress against Western U.S. wildfires
  2. Medicare patients’ outcomes improve