January 2010 | Volume 13 / Number 1
Cyber Assaults: The New Organized Crime
By: Erin E. Harrison
New business models based on Web 2.0 and cloud computing have brought with them unprecedented challenges by externalizing business processes and moving them to cyberspace where there is less control of private data, and the traditional enterprise perimeter can no longer provide a sufficient defense.
With all certainty, outages across various government agencies in the summer of 2009 were a shot across the bow for the U.S. to step up its security efforts. In the U.S., the Treasury Department, Secret Service, Federal Trade Commission and Transportation Department Web sites all were paralyzed at numerous points over the July 4, 2009, holiday weekend and into the following weeks.
Following the domestic attacks, seven sites – one belonging to the South Korean government and the others to private entities – were attacked in the third round of cyber assaults, Ku Kyo-young, an official from the state-run Korea Communications Commission, told the Associated Press. U.S. and South Korean officials have said they believe North Korea is behind the cyber attacks, while security experts in the industry maintain they were not state-sponsored. In either case, in an interview with TMC, James Lewis, director and senior fellow at the Center for Strategic and International studies in Washington, D.C., says the outages were a “wake-up call” to the U.S. to focus its efforts on maximizing cyber security across all government agencies.
“This was the most primitive kind of attack, and it was less of an attack and more of a demonstration,” Lewis says. “The fact that our response was uneven and disorganized should worry us. The fact that some of the [U.S. government sites] did crash makes you wonder how well prepared we are to respond to a more sophisticated attack, if one were to occur.”
According to an Alcatel-Lucent white paper, “Creating the Trusted, Dynamic Enterprise,” early in 2009 industry experts presenting to the U.S. Senate committee hearing on improving cyber security estimated profits from the cybercrime economy totaled close to $1 trillion – more than the cash generated by drug crime. A report issued by Symantec in April 2009 noted there was a 265 percent increase in malicious code threats in 2008 compared to 2007.
Rodney Joffe, senior vice president and senior technologist with Neustar, is part of a federal task force trying to deal with the affects of confickers – worms targeting Microsoft Windows operating systems. He has testified publicly in front of the Committee on Energy and Commerce Subcommittee on Communications, Technology and the Internet, and has briefed a number of Senate and House committee members and their staffs, including those from the Senate Committee on Commerce, Science, and Transportation;, the House Committee on Homeland Security; the Senate Select Committee on Intelligence. He also has briefed members of The White House.
“At any given time, we’re facing 200 or 300 [cyber crime] groups, and it’s all about financial crime,” says Joffe. The most rampant cyber assaults against enterprises are financial fraud targeting corporate banking accounts, specifically botnets Zeus/JabberZeus, Clampi and Torpig.
As Joffe explains, carriers ultimately become collateral damage, because it is their networks that are navigated by the malicious packets, which creates a domino-effect scenario with the customers of those providers.
“The carriers are the ones that bear the brunt of the attack. … In the middle of any kind of cyber event, (whether as part of a DDoS or targeting attacks like in the one above) the pathways taken by malicious packets traverse the carriers. So, in many cases, the retaliation is aimed at taking down the carriers, who appear to be the sources of the attacks. Of course, they are not, but the criminals and miscreants don’t think about that, or care about it,” he says. “With DDoS [attacks] the attackers have learned to actually exhaust and overrun the resources of the target. In many cases this means the exhaustion of the resources of the target ISPs and providers. As a result, all of the other customers of the providers are victimized because their access is overrun.”
Another technique used by cyber-criminals involves applications advertised on social networking sites. They appear legitimate; however, some of these applications install malicious code or rogue anti-virus software, according to the Internet Complaint Center, a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center. Other malicious software gives fraudsters access to users’ profile and personal information. These programs will automatically send messages to “friends” lists, instructing them to download the new application too.
A report issued by the Internet Complaint Center states that complaints of online crime hit a record high in 2008. IC3 received a total of 275,284 complaints, a 33.1 percent increase over the previous year. The total dollar loss linked to online fraud was $265 million. Joffe’s estimate was $275 million, $100 million of which is linked to phishing scams.
Looking ahead at the next 12 months, Joffe believes the U.S. is somewhat better prepared to deal with cyber assaults given the lessons learned in 2009, but there is a lot that still needs to be done, and he says enterprises are better prepared than the public sector.
“I think there is much better realization in government that the private sector is vital to the security and stability of the country. Attacks against the private sector affect the country. And in many cases, the private sector is much better prepared to identify and react to cyber attacks,” says Joffe. “So the administration is making significant attempts to involve the private sector in the cyber security process, including using successes in the private sector (such as the Conficker Working group) as models. In the private sector, we’re recognizing the strength in collaboration and real information sharing.”
According to a Neustar white paper released in November 2009, small and medium-sized commercial, educational, and state and local government organizations in the U.S. are losing, on average, $100,000 to $200,000 per day to criminals who steal using various forms of malware designed to leverage weaknesses in both the wire transfer and ACH (Automated Clearing House) process – “the rather mundane mechanism that lets banks and other financial institutions process checks and other forms of payments on a daily basis.”
But Joffe says organizations can prepare themselves to sustain cyber attacks by reaching out to other companies in their field as well as unrelated domains, and establish collaborative relationships to provide resources, share data and exercise response to attacks.
“To this end, I am seeing industry collaboratives being established, and joint cyber exercises with competitors,” he says.
According to experts at Alcatel-Lucent, the rapid development in communications technology has been accompanied by a similarly swift increase in security threats, cybercrime and the introduction of correlated security regulations.
“We believe our philosophy around security is to really help our customers focus on leveraging new collaborative business models such as the cloud and Web 2.0, and it’s really about managing risks, controlling data and controlling costs, and understanding how to use security as a positive business enabler…rather than a detractor,” says Cliff Grossner of security solutions marketing at Alcatel-Lucent.
However, there is no silver bullet to the cyber assault problem.
“There is no such thing as immunity to cyber-attacks. Even sophisticated organizations with heavy investments into defensive security measures can be hit with these and other advanced and persistent attacks,” says Amit Yoran, CEO of NetWitness, an IT risk management firm. “This is yet another example of why organizations need to be adaptive and able to respond to, analyze and address new attack methods as they unfold. We need to take a more sophisticated approach to our protective measures – moving beyond the current generation of technologies – because the threats we are facing have evolved beyond the ability of many technologies to address them…and all indications are that they will continue to do so.” IT
Today @ TMC
ITEXPO West 2012
October 2- 5, 2012
The Austin Convention Center
The World's Premier Managed Services and Cloud Computing Event
Click for Dates and Locations
Mobility Tech Conference & Expo
October 3- 5, 2012
The Austin Convention Center
Cloud Communications Summit
October 3- 5, 2012
The Austin Convention Center
Jive Communications by LogMeIn has Signed on as a Platinum Sponsor for 2019 Collocated Events, ITEXPO and MSP Expo