What the Hack is going on lately?

The concussion from the bombardment of computer code is silent, though the havoc wreaked is deafening.  Cyber-attacks have escalated in scope and frequency in the last five months affecting finance, creditability, and confidence in the private and public sector.

What is going on and why?

There are several fronts in this battle.  From the left flank, there is Lulz Security (Twitter: @lulzsec).  This brash band of rapscallions unleashed a fifty-day torrent of hacking terror upon government agencies, gaming and broadcasting companies.  It began in March with a successful attack of RSA (the security group within EMC) who owns SecurID’s two-factor authentication products used by large organizations to provide security for corporate networks.  Once they had these keys, the group breached dozens of corporations.  Suspected of breaking into the Sony PlayStation network, LulzSec potentially stole millions of customer’s accounts.  They also rendered the peer-to-peer network, which allows worldwide gamers to play each other interactively, in shambles for weeks.  Before they reigned in their troops, they performed several distributed denial of service (DDoS) attacks on various agencies including the CIA, FBI, and Senate.  Simultaneously tweeting while attacking, the rationale for their acts were twofold; amusement and their disdain for organizations that leave known security vulnerabilities unpatched.

From the right flank are purported foreign countries that pursue U.S. national intelligence.  It is difficult to determine if these attacks are coming from the foreign states or individual groups within those countries.  The highest threat is derived from China and Russia.  According to The New York Times, a foreign intelligence service hacked into a corporate contractor and obtained 24,000 Pentagon files in March.  Disclosed just days ago, this is one of the worst attacks in US history.

Lastly, from the rear are News Corp. and the Rupert Murdock scandal.  Journalists “hacked” into nearly 4,000 phones and listened to voicemails.  Phone hacking (Phreaking) has a long history going back to the 1950’s.  Early “phreakers” made free pay phone calls by tapping the phone circuit fast enough to mimic the rotary sound, allowing dialing for free.  Currently the News Corp. scandal exploits some telecoms rather weak security.  One security flaw is that fully one third of users still have their cell phone issued password to access voicemail.  A simple Internet search will yield the three primary default passwords.  By trial and error, the journalist at News Corp. used these default passwords to gain access.  The other dominant weakness is the host of tools available to anyone in the wicked ways of accessing networks illegally for data or financial gain.  Those utilizing preexisting tools to exploit networks are script kiddies.

Combatting these fronts the U.S. Federal Government has unveiled a new cyber security strategy.  In the plan, the Pentagon declared that cyber-attacks on its networks could be considered an act of war.  They also outlined potential threats and some tools available to counter cyber-attacks.  It is clear that the Government is taking the previous and the recent uptick in attacks very seriously.  With the increased reliance of the Internet, there is little doubt that our leadership considers future battles to be fought via servers and the interconnected pipes of the web and they are preparing vigilantly.

Advertisements
About Joseph Raczynski (87 Articles)
Joseph Raczynski Legal Technologist/Futurist Joseph is an innovator and early adopter of all things computer related.  His primary bent is around the future of law and legal technology. He also focuses on several fields including machine learning, mobile, security, cryptocurrency, and robotics (drone technology). Joseph founded wapUcom, LLP, consulting with companies in web and wireless development.  As a side project DC WiFi was created to help create a web of open wireless WiFi access points across cities and educate people about wireless security. Currently he is with Thomson Reuters Legal managing a team of Technical Client Managers for both the Large Law and Government divisions.  Joseph serves the top law firms in the world consulting on legal trends and customizing Thomson Reuters legal technology solutions for enhanced workflows. He graduated from Providence College with a BA in Economics and Sociology and holds a Masters in eCommerce and MBA from the University of Maryland, University College. You can connect with Joseph at JoeTechnologist.com or JosephRaczynski.com or @joerazz

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: