Skip to content
Link copied to clipboard

Hackers finding the holes in Net safety

No security in cyber world. Major hacking stories in the personal, political, and industrial worlds have shown recently how widespread cyber attacks - from the silly to the vicious - really are.

No security in cyber world.

Major hacking stories in the personal, political, and industrial worlds have shown recently how widespread cyber attacks - from the silly to the vicious - really are.

"They're happening every nanosecond - that's how you have to think," says Ray O'Hara, 2011 president of ASIS International, a security organization. "You just can't go to sleep at night, thinking you're secure."

Consider:

In April, hackers attacked Sony's PlayStation Network online, getting into 100 million customer accounts. They reportedly got in via Amazon's Elastic Compute Cloud service. Many experts believe it was the first time a "cloud" - in which customers put many or all of their computer uses online - was used as a gateway for hackers. The FBI is investigating.

Last weekend, Lockheed Martin Corp. announced it had fought off a May 21 "significant and tenacious attack" on its information systems network. The company said no customer, program, or personal data had been compromised. Later Lockheed said it was a "frequent target of adversaries around the world" - a chilling statement that so far has gone unexplained. Few doubt that Lockheed, a major technology supplier to the U.S. government, is constantly fighting off cyber spies.

On Saturday, the Public Broadcasting System website was breached by attackers who released names and passwords for website users and administrators, as well as log-in information and passwords for PBS affiliates. As a final insult, the attackers posted a fake news story that rapper Tupac Shakur, killed in 1996, was alive in New Zealand. A group called LulzSec or the Lulz Boat claimed responsibility, calling it revenge for a PBS show on Bradley Manning, accused of collaborating in the WikiLeaks scandal.

Against this is a background of constant international cyber jockeying. A December 2009 cyber attack on Google was traced to China. The Stuxnet computer worm temporarily hobbled the Iranian nuclear effort in 2010; there has been speculation that Israel and/or the United States were sources. And Tuesday, the Pentagon said it had finished drafting an official "computer sabotage strategy," in which online cyber attacks from another country can constitute an act of war, justifying a military response.

Brian Schaeffer, chief information officer at Liberty Bell Bank in Marlton, is also president of InfraGard, a public-private organization comprising FBI professionals and officers of businesses throughout the Philadelphia area. He says, "For big companies like Lockheed, especially companies with intellectual property or national security-related material, security is a never-ending job."

Hackers, Schaeffer says, are "always ahead of the game, because attack techniques multiply faster than defenses can keep up. It used to be it was a bunch of pale-faced guys in a little room, but now it's so sophisticated. They can write a script targeting one particular block of information, and now you have an automated attack, probing the defenses, looking for a backdoor in."

Cyber spies and hackers look for people inside the company to "flip" and allow password access. "That's the easiest, softest way in," Schaeffer says. He says that "chemical companies, drug companies, and universities are coming to our meetings to talk about these challenges."

O'Hara says, "If Forbes 100 companies, which have the best defenses in the world, have these problems, what of midsize companies, which have plenty of valuable user-identity information?"

One last instance comes almost as comic relief. On Friday, an image of a man's underwear - with the man inside - was tweeted from the Twitter account of Rep. Anthony Weiner (D., N.Y.) to that of Gennette Cordova, a student at Whatcom Community College in Bellingham, Wash. The image was first reported on BigGovernment.com by conservative webmeister Andrew Breitbart.

Weiner and Cordova say their accounts were hacked; Weiner has retained a lawyer to investigate. In the hours following the news, Cordova's various accounts were flooded with bad-intentioned traffic; she has since taken down her Facebook and Twitter accounts. While some folks fanned scandal flames, Cordova issued a very articulate denial, and Weiner spokespeople called the image a prank.

Cordova's letter speaks for everyone who's on the Web and feeling beleaguered: "This is the reality of sharing information online in the 21st century. Things that I never imagined people would care about are now being plastered all over blog sites, including pictures of me from when I was 17 and tweets that have been taken completely out of context. . . . I . . . do not have a clear understanding as to how or why exactly I am involved in this fiasco. I do know that my life has been seriously impacted by speculation and faulty allegations. My reputation has been called into question by those who lack the character to report the facts."