This is your Brain. This is your Brain, once you’ve been Hacked!
The Imminent Cyber War on Hackers
HLSensory Overload: We’re Everywhere You’re Going To Be
The size, scope, and expense of dealing with cybersecurity issues has exploded. However, the expense and burden of the cyber threat is laden by the defenders (and the victims). In the rare instance a hacker is actually caught and brought down, 100 more rise to replace him. It leads one to wonder about the current state of affairs and the progress made in protecting ourselves against cybercrimes. Contrary to popular belief, not all software is vulnerable. The problem lies in the fact that there is no real risk of being caught and punished. This has to change.
It is becoming increasingly difficult to open any news site today without being bombarded with bulletins concerning cyber invasions, data breaches, and privacy compromises. No sector has gone unscathed. Over the last few months HLSensory Overload has been exploring emerging sensory technologies and their related capabilities, while also sounding the alarm about how these technologies will only exasperate cyber vulnerabilities. Ssssooooooooo, What have we learned?????
Cyber
Identifying how, and under what circumstances, cyberattacks are promulgated is the critical initial step. Step two is then developing methods, tactics, and procedures for denial, mitigation, and counter-attacks that will ensure the protection of vulnerable assets. Steps three is identifying, targeting, and bringing to justice those responsible for originating the attack.
One of the biggest issues to address, as it relates to cyber security, is understanding the messaging. For example, is there a centralized authority responsible for educating the general public on the issue of cybersecurity? Let’s determine what authorities are currently involved…
On September 10, 2015, the Director of National Intelligence James R. Clapper, appearing before the House Permanent Select Committee on Intelligence stated that cyber threats to the U.S. are increasing in frequency, scale, sophistication, and severity of impact. Nearly all information communication technologies and information technology networks and systems are at risk. “These weaknesses,” Director Clapper explained, “provide an array of possibilities for nefarious activity by cyber threat actors.”
The threat actors could be nation-states or non-state actors motivated by financial gain, ideology, or simply pure enjoyment from watching the world burn.
Clapper did not predict a major catastrophic cyber event. “ Rather” he said, “we envision something different. We foresee an ongoing series of low-to-moderate level cyber attacks from a variety of sources over time, which will impose cumulative costs on US economic competitiveness and national security.”
Futher, FBI Director James Comey highlighted successes in cyber investigations with a July 15, 2015 statement regarding a major case. The FBI trumpeted the dismantling of a major international hacking network that was a one-stop, high-volume shopping venue for some of the world’s most prolific cyber criminals. Called “Darkode”, this underground, password-protected, online forum was a meeting place for those interested in buying, selling, and trading malware, botnets, stolen personally identifiable information, credit card information, hacked server credentials, and other pieces of data and software that facilitated complex cyber crimes all over the globe. However, SecurityWeek.com reported that Darkode was able to relaunch in two weeks with tighter security guards than ever.
Privacy
Your privacy has disappeared before your eyes. As we seek immediate and speedy connectivity in information and infotainment, we do so at a price, as a wide swath of devices — now known as the Internet of Things (IoT) — are readable, recognizable, locatable and controllable by Internet protocols. And… this Internet of Things has provided another springboard for criminal hacking as the number of hacking activities has been increasing with the increasing number of IoT devices.
An article released on September 23, 2015 in the Federal Times refers to a “cyber onslaught” and spells out just how pervasive cyber intrusions have become in the federal system. The Energy Department (DoE) reported on cybersecurity incidents over a 48-month period between fiscal year 2010 and fiscal year 2014. During this timeframe, there were a total of 1,131 major cyber incidents documented. They took many forms. For example, attacks included intrusion assaults into DoE networks and user accounts, malicious code installation, unauthorized access to the network, and denial of service attacks and defacement of the agency’s website. The frequency of the attacks exceeds one per day.
The report classified the attacks by type. 76% were attempts at malicious code insertion. The network was actually breached 159 times. Of those, roughly one third were root account compromises which can give the attacker the same access to the system as an administrator, so files can be copied or altered and software .can be easily inserted.
And while the hacking phenomenon is not new, the breadth and volume of the attacks is unprecedented. Federal agencies reported 5,503 cyber incidents to the U.S. Computer Emergency Readiness Team in 2006. In 2014, that number had dramatically increased to 67,168 — a 1220% increase
U.S. Intelligence officials are warning that federal cyber breaches intended to manipulate or destroy data are coming soon, if they are not already happening under the radar.
After the 2012–13 distributed denial of service (DDOS) attacks on the US financial sector, JP Morgan Chase (JPMorgan) announced plans for annual cyber security expenditures of $250 million by the end of 2014. After the company suffered a hacking intrusion in 2014, JP Morgan’s CEO said he would probably double JPMorgan’s annual computer security budget within the next five years.
The 2014 data breach at Home Depot exposed information from 56 million credit/debit cards and 53 million customer email addresses. Home Depot estimated the cost of the breach to be $62 million.
In August 2014, Community Health Systems informed the Securities and Exchange Commission that it believed hackers “originating from China” had stolen personally identifiable information on 4.5 million individuals. As media reports have documented, cyber criminals continue to successfully compromise the networks of retail businesses and financial institutions in order to collect financial information, biographical data, home addresses, email addresses, and medical records that serve as the building blocks to criminal operations that facilitate identity theft and healthcare fraud.
There is no universally accepted and enforceable norm of behavior in cyberspace. It is the Wild West electronic frontier. Cyber intrusions are now common and stolen personally identifiable information is immediately converted for huge profits. Most victims are unsure how to respond to an attack and law enforcement struggles with attribution and prosecution due to geographical boundaries and the complexity of an attack being routed through multiple servers and routers. A lax response from victims and law enforcement helps to foster that permissive environment.
A New Horizon
Attitudes must change about the cyber security and those perpetuating these crimes. Creating awareness and making available technologies to combat cyber attacks should receive high priority.
A news release dated September 21, 2015 from the Department of Homeland Security announced an award Making Continuous Diagnostic and Mitigation (CDM) tools and services available to 97% of the federal civilian government. The release should have been titled “Better Late than Never.”
The CDM program is part of the DHS’s approach to provide a common baseline of cybersecurity across the Federal civilian government. Each Federal department or agency is responsible for its own cybersecurity or lack thereof. DHS has the operational responsibility for protecting federal civilian systems from cyber threats, helping agencies better defend themselves, and providing response teams to assist agencies during significant incidents.
Most cybersecurity incidents are caused by common, recognizable, and fixable issues. These include vulnerabilities or improper configurations in computers or software — one of the focuses of this CDM award. By continuously monitoring for these vulnerabilities, Federal agencies can implement necessary fixes before damaging incidents occur. However, effectively identifying and mitigating such risks requires that agencies are able to monitor their entire network, view identified issues in a prioritized and actionable manner, and receive guidance on the most significant risks.
The federal government is very good about laying out the problem, but very scant on supplying solutions other than a blame-the-victim mentality for not securing systems better, using weak passwords and the like. Leaving your front door unlocked is NOT an invitation or permission for thieves to enter your home, and they are fair game if caught. When legislators get serious and start to punish cyber trespassing like the crime it is, things will begin to improve.
