CYBER-Threats From Abroad

The United States — originator of the Internet — still ranks among the most computerized nations on Earth. These days, however, most cyber-attacks against U.S. government agencies and citizens come from elsewhere on the planet, experts say. Meanwhile, government agencies keep pioneering new ways of using Internet-based tools to fight back against crime in both the physical world and in cyber-space.

Criminals already known for their cyber-exploits hail from countries ranging from the United Kingdom and Germany to Russia, Nigeria, China and the Philippines.

• Over the past couple of months, the Internet has run rampant with “Scob,” a new virus infecting many Web sites. When Web visitors unknowingly land on an affected site, they are redirected to a Russian site that secretly installs “keystroke logging” software. The software then steals credit card numbers and other personal financial information.

• In the United Kingdom, an 18-year-old female who dubs herself “Gigabyte” is about to do several years in jail for creating another virus.

• In Nigeria, a series of cyber-crimes resulted in truly deadly consequences. Three Australians, bilked out of their savings by a cyber-fraud scheme, were kidnapped and murdered in Nigeria when they tried to recoup their losses by meeting with the hoaxsters.

Who are these cyber-criminals from abroad, anyway, and what do they want? Among IS experts, explanations abound. David Perry, global director of education at Trend Micro, an anti-virus software vendor, divides all cyber-attackers, whether domestic or international, into two main categories: “script kiddies” (young pranksters) and “professionals.”

“A lot of this is simply ‘punk kiddism,’” Perry says. “The script kiddies hack for bragging rights. Most rebels have always been teenagers.”

“The script kiddies generally aren’t much of a serious threat,” concurs Jahan Moerha, chief security architect for Sigaba, a security vendor. “The kiddies get easily bored, and then move on. It’s the professionals we have to worry about.”

Most pros are motivated by money, experts say. Hired hackers fall into this category. Yet so, too, do online fraudsters, who spam their victims with get-rich-quick schemes and other con games.

Instead of money, though, some attackers seek inside information. “I’m certain that there are some efforts at espionage,” Perry notes. He also points to pervasive rumors that certain U.S. federal agencies keep some of their computer systems offline, a technique known among IS pros as “air gapping.”

“I’m not personally aware of attempted attacks on U.S. government agencies sponsored by foreign governments. Yet I’m sure that terrorist groups have tried to get into elements of the infrastructure such as air traffic control or mass transit, for instance,” maintains Moerha, who is also senior faculty member at the UCLA Extension School.

“Statistics indicate that many professional (cyber-criminals) are from the Eastern block,” Moerha adds. “One of the reasons, I suppose, is that there hasn’t been very close cooperation between law enforcement agencies in those countries and the United States,” he says.

Perry offers a different theory: “A lot of people from the former Soviet Union, for example, are in bad financial straits. If they have a low chance of making a dollar from spamming, it’s still a chance of making a dollar.”

How can cyber-threats from abroad be curbed? Experts foresee problems and solutions on both the technological and law enforcement sides.

In the enforcement arena, government agencies and businesses should perform background checks on all employees, recommends Venkat Raghaven, product manager for IBM Tivoli Identity Management.

Another big enforcement issue is that laws regarding cyber-threats can vary greatly from one country to the next, despite the fact that an attack can cross national boundaries in an instant.

“In the United States, spamming has peaked, because now there is a possibility you could go to jail for it. Also in the United States, it’s legal to create a virus, due to First Amendment rights. It’s illegal, however, to release a virus here,” Perry says.

“In the Philippines, on the other hand, a guy named Onel DeGuzman admitted that he wrote the ‘I Love You’ virus because he hoped it would get him a job with a software company. His attempt didn’t work, because virus writing isn’t regarded as an advanced skill. Now DeGuzman is going to walk, since you can’t be prosecuted for viruses in the Philippines.”

Notes Ed Amoroso, information security officer, AT&T: “If you are a law enforcement agency, and you want to get information from China Telecom, for example, you’ll find that it’s much more difficult than it would be if you were dealing with an Internet service provider in the United States. There’s a different process, and it’s a lot more complex.”

In the technology arena, organizations should protect themselves all the way from network servers and equipment down to PC desktops. PCs should be outfitted with anti-virus software and personal firewalls. The anti-virus software should be kept up-to-date, according to IBM’s Raghaven.

Raghaven adds that, wherever possible, organizations should purchase products that conform to the latest releases of international security standards such as Common Criteria.

Many emphasize, however, that much of the technology currently available for “authenticating” Web visitors and message senders — or definitively establishing their identities and locations — is not nearly as effective as it should be right now.

“On the Internet, there is no unified authentication system at this point. Authenticated e-mail, on the other hand, has existed for a long time — but it hasn’t been very user-friendly up to now,” Moerha says.

Amoroso agrees that lack of effective authentication is a big deal. He goes further, however, to claim that just about all software available today contains security holes. As a result, AT&T has decided to step into the role of providing “safe connectivity” for businesses and government agencies, he says. Services include network monitoring, alerts and virtual private networks, in which “information flows, but it’s encrypted — or scrambled — from one end to the other.”

Meanwhile, however, government agencies are indeed turning to the latest Internet tools to help fight terrorism and other crime in cyber-space and the physical world.

The State of Mississippi, for example, recently worked with IBM Global Services (IGS) to produce the Mississippi Automated System Project (ASP), an Internet-based mobile network for linking together local police departments and state and national criminal databases.

“All 22 DA (district attorney) districts have been connected together into a single case management system that includes all criminal records, even misdemeanors. If a policeman goes to an address on a domestic violence case, he’s going to know there was a previous arrest the next county over,” says Major Julian Allen, director of the Mississippi project.

“But as far as I know, nobody yet has really taken advantage of local databases on a state-to-state or national basis. All those guys who perpetrated the Sept. 11 attacks, for example, learned to fly in somebody’s local jurisdiction. Somebody at the local level might have wondered, ‘Why are they taking flight training here?’”