Cyberattacks: America’s Achilles’ Heel
When it comes to technology and cyberspace, I’m not the sharpest tool in the shed. While I can pay bills and manage bank accounts online, play with my iPad, and buy everything from neckties to vitamins to motorbike fenders with the flick of a finger, I know very little about what’s going on behind my screens, in the wires and motherboards, on the servers and networks.
There’s a good chance you’re as illiterate as me in this area. And while they say ignorance is bliss, in this instance it also makes us terribly vulnerable. That’s because there are countless extraordinarily smart people in this world who understand the intricacies we don’t—enough to burglarize our online worlds—and many of them lack the moral compass to prevent them from doing so.
But the danger posed by cyber-criminals goes way beyond some amoral nerd hacking the computer and stealing the banking credentials of ordinary folks, frustrating and debilitating as that would be. These people threaten to inflict chaos and destruction on society in general—on our federal and state governments, our banking and telecommunication systems, our private companies, even our military. In our world, the majority of professional communication, intelligence gathering and analysis, research and development, military strategy planning, and banking and finance occurs online or on a network of connected computers.
You and I mightn’t have the foggiest idea how to infiltrate the computers and networks of the local government, or weapons manufacturer, or a giant multinational—but plenty of people do, and they’re doing it!
Just this week Global Payments Inc., an Atlanta-based credit card processing company, announced that its network had been breached and that data from 1.5 million credit card accounts had been exposed. This happens regularly. Last year, a cyberattack on one of Sony Corp’s online gaming systems breached the personal information of nearly 25 million customers and comprised the data of more than 100 million accounts.
We learned late last year that hackers had also broken into the network of Stratfor, a U.S.-based intelligence agency. Before Stratfor got the situation under control, terrific damage was inflicted. The hackers didn’t simply steal credentials, including credit card numbers, of Stratfor subscribers; they also obtained private e-mails between company employees and correspondence that included private details about clients. It was a nightmare situation, and highly embarrassing (and costly) for a company specializing in intelligence gathering and analysis.
But Stratfor and Sony aren’t anomalies. Other cyberattack victims include Citibank, Lockheed, Booz Allen, Google, Boeing, EMC and Nasdaq. If it can happen to these giants, it can happen to anyone.
In an interview with the Wall Street Journal last week, Shawn Henry, the executive assistant director at the fbi, gave a sobering glimpse at computer hacking in America. “We’re not winning,” he stated, and the approach America is currently taking to the problem is “unsustainable.”
Citing Mr. Henry, the Journal reported that “too many companies, from major multinationals to small start-ups, fail to recognize the financial and legal risks they are taking—or the costs they may have already suffered unknowingly—by operating vulnerable networks.” The number of hacking cases the fbi handled swelled from nearly 1,500 in 2002 to more than 2,500 in 2010.
That’s just the number of major intrusions identified and that the fbi is actually investigating.
Quantifying the number of illegal electronic incursions into U.S. companies, government departments and public institutions is virtually impossible. First, many companies fail to report electronic breaches for fear of damaging their reputation. Second, many organizations simply don’t know they’ve been infiltrated. In testimony before Congress last week, Richard Bejtlich, chief security officer at Mandiant, a computer-security company, testified that 94 percent of clients that had been targeted by Chinese hackers had no idea they had been attacked.
According to Henry, fbi agents are regularly coming across data from companies whose executives had no idea their system had been penetrated. “We have found their data in the middle of other investigations,” he stated. “They are shocked and, in many cases, they’ve been breached for many months, in some cases years, which means that an adversary had full visibility into everything occurring on that network, potentially.”
Imagine if a criminal was watching everything you did, taking note of your account numbers, your private correspondence, your every conversation. That’s exactly what’s happening; the only difference is that these silent, unseen intruders—many of whom are foreigners—are watching and stealing the financial details, intellectual property and planning strategies of a host U.S. companies and institutions and government departments, including weapons and military manufacturers.
Henry recalled a recent case in which hackers broke into the network of a large company and stole 10 years and $1 billion worth of research and development. In another instance, Chinese hackers penetrated the electronic defenses of the U.S. Chamber of Commerce and accessed everything stored on its system, including information about its 3 million members. Foreign hackers are constantly attempting to break into U.S. companies and steal strategically significant and expensive, if not priceless, intelligence. Gen. Keith B. Alexander, the Commander of the U.S. Cyber Command, called cybertheft “the greatest transfer of wealth in history.”
According to James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies, Shawn Henry’s warning about America’s vulnerability in cyberspace is too bright. Lewis says that America has already “lost the opening battle” with hackers, and he doesn’t believe, according to the Journal, there is a “single secure, unclassified computer network in the U.S.”
In his book Cyber War, Richard Clarke, a former counterterrorism expert for three U.S. presidents, laments that while the U.S. has developed offensive cyberwar capability, it has neglected developing the defensive capabilities to ward off cyberattacks, which are growing in number and complexity. America is brilliant at attacking others in cyberspace, he says, but incapable of defending itself from similar attacks. In a statement that will keep ceo’s from sleeping at night, Mr. Clarke warned that “every major company in the United States has already been penetrated” by Chinese hackers operating under the direction of the Chinese government.
In his book, Clarke discusses the threat posed by foreign hackers to America’s electronic infrastructure, its power grids, nuclear power plants, government banking and telecommunication networks, even its military command system. He writes that “economically and militarily … what we’ve lost in the new millennium’s cyber battles is tantamount to the Soviet and Chinese theft of our nuclear bomb secrets in the 1940s and 1950s. The possibilities of what we stand to lose in an all-out cyber war—our individual and national security among them—are just as chilling.”
Imagine it: With the flick of their fingers, foreign states could shut down our power stations, crash our banking system and paralyze our telecommunication networks!
According to experts, many of America’s leaders, both in government and private industry, are too much like you and me about technology and cyberspace: woefully unaware of how it works and the ease with which it can be penetrated and exploited. James Lewis says there’s a “kind of willful desire not to admit how bad things are, both in government and certainly in the private sector ….”
How long before this “willful desire” to ignore the problem results in a crushing cyber-blow from our enemies?
The Trumpet has been warning about America’s vulnerability to cyberattack since 1995. In our January 1995 edition, editor in chief Gerald Flurry recalled the story of Achilles, the Greek hero of the Trojan war who was struck in his heel by an enemy spear. “America is the greatest superpower this world has ever known. But we have a very vulnerable point in our military—our own Achilles heel,” he wrote. “Exploiting this vulnerable point may trigger the greatest shock in the history of warfare! … Computer dependence is the Western world’s Achilles heel, and within a few years this weakness could be tested to the full.”
Seventeen years later, it’s safe to say this weakness is now being tested to the full.