From: Asia Pacific FutureGov
By Sri Narayanan
Barely three months into 2013 and the world is roiling from the escapades of hackers attacking government and private sector interests with impunity. The trail may point to the Chinese as likely culprits but there’s no denying hackers everywhere are increasingly foiling even the best defenses.
The concern is not that the Chinese (or whoever the alleged perpetrators are) will launch a sudden catastrophic cyber attack that will destabilize the US government. It’s really about fending off multiple intrusions at once from dozens of countries who have well-funded and resourced cyber-armies. From the Far East, the Middle East and Eastern Europe, the perpetrators range from rogue government intelligence units to organised crime rings and bored teenage hackers.
And their methods are as varied as their countries. The East European hacker gangs prefer what is known as a drive-by download. They corrupt popular websites to infect visitors and often include software for recording keystrokes as visitors input financial information on the sites.
Then there are the self-styled vigilantes loosely known as Anonymous. They prefer denial-of-service (DoS) attacks that temporarily block access to websites by overloading url requests to the site. They then unleash automated searches for common vulnerabilities to gain access to corporate information.
The Chinese prefer the low-tech phony email to lure their victims. Often the email appears to be from a trusted colleague but is loaded with malware, viruses, keyloggers, and other malicious software that are activated once the email is opened.
Any way you look at it, the sheer breadth and depth of the attacks and the number of sponsors behind them, point to a vicious cyber Cold War that is dangerously overheating. I don’t ever remember a time when so many corporations and governments have been so vulnerable or so ill prepared.
Can we do anything about this? Many security consultants I speak to tell me they are overwhelmed. Every new security perimeter you put up will be breached. It’s almost a mathematical certainty. Yet there is this niggling feeling that we’ve invested in the wrong defenses.
In the aftermath of the Mandiant report, experts are suggesting that governments look at more sophisticated analytical tools that watch for unusual network behavior. Some security companies want a return to basics such as limiting user privileges and allowing only trusted programs to run. Yet others belief walled-off, virtual machines will keep their data safe.
Ultimately, the best defense might lie in being open about the attacks in the first place. Recently, US President Obama issued an executive order requesting companies to participate voluntarily in an information-sharing effort so the government can help them stop the attacks.
Many observers decried his order as lame but I think with a few tweaks and some political backbone, he might be on to something.
The biggest threat to defending public and private data online is the lack of transparency about the attacks themselves. Many agencies and companies fear spooking stakeholders by disclosing attacks so the incidents go unreported.
But mandated disclosure via legislation (rather than voluntary sharing) could provide governments with the kind of visibility they need to confront the hackers head-on.
If agencies and companies alike are assured the political machinery is eager to help and protect their interests, I think we could see an exciting new front in the battle against cyber hackers. At the very least, it should send chills down the spine of attackers if the government is prepared to fight back.