Electronic Attackers: Computer Crimes Keep Government and Industry on the Defensive

Article excerpt

[ILLUSTRATION OMITTED]

An onslaught of increasingly sophisticated cyber attacks has prompted the government and private sector to step up efforts to share information and secure networks around the country.

Yet the complexity of new malicious code and the elusive nature of cyber attackers have become significant impediments to detecting or preventing most intrusions.

Computer crimes have quickly increased in recent years and have overtaken the ability of the government and the private sector to fully protect their systems.

"We are constantly in the reactive mode," says Jerry Dixson, director of the national cyber security division at the Department of Homeland Security.

Long gone are the days of young whiz kids hacking into computers to fulfill curiosity or to prove their computer prowess. Today's cyber criminals are as technologically agile, but more perceptive and evasive.

"Software we found through investigations has gotten really sophisticated. It almost requires a PhD," Dixson says.

The Federal Bureau of Investigation identified more than a million computer addresses in June as potential victims of "Bot Net" cyber crime. The FBI defines a Bot Net as a collection of computers that is controlled by a criminal. The attacker gains control of a computer through a piece of malicious software, which infects the system without most owners' knowledge, Dixson explains.

"The majority of victims are not even aware that their computer has been compromised or their personal information exploited," says James Finch, FBI assistant director for the cyber division, in a statement. The crimes were discovered during "Operation Bot Roast," a major initiative created to disrupt intruders and raise public awareness of such attacks, the agency says. The FBI is working with Carnegie Mellon University's computer incident research and development center to notify victimized computer owners.

Malicious codes are one of the most serious threats because of their stealth and the level of financial damage they can inflict, says Ron Ritchey, principal at Booz Allen Hamilton, a technology consulting firm.

"There is a lot of money to be made from making new malicious code. Criminals can make $200,000 a year," Ritchey says.

A movement toward browser-based attacks has also emerged, he says. These entail a person's computer being attacked when logged on to an infected website. Dixson says that browser attacks can occur on seemingly innocuous web pages, like news outlets. Users can be compromised if even one line of code is infected on that site.

The intricacy of these sophisticated attacks has trumped old ways of securing networks.

"Typical perimeter security such as firewalls are becoming increasingly ineffective," Ritchey warns. Companies are moving to individual computer protection like desktop encryption. "Encryption is going to be the law of the land pretty quickly," he says. Behavioral modeling is also used to detect possible intrusions, by monitoring such activity as high bandwidth consumption, which can signal an impending attack.

Tracking patterns of strange behavior is a good way to detect an incursion, but finding the person or group behind the crime is much more difficult. The bad guys can generate attacks faster than they can be detected and traced. "The rate of prosecution is miniscule compared to the rate of attack," Ritchey says. Companies have had some amount of success by making trap doors, such as creating a file with specific corporate data that would attract a criminal, he says.

The government and private sector alike recognize that cyber crime threatens everyone. "We all use the Internet," Dixson says. This thinking has prompted both sides to forge partnerships and increase information sharing.

A DHS-led computer simulation in 2006, called "Cyberstorm," paired government, private sector and international partners to develop recovery and response plans in the event of a major attack. …