The recent attack by Lulz Security on the CIA's networks and other breaches of major organizations have brought hacking and hacktivism to the public's attention, but these violations are only a small part of the larger landscape. Different assaults damaged networks worldwide earlier this year, and experts predict that what could happen in the future is even more frightening.
Charles Dodd, a security consultant who advises government leaders about cyberthreats, says cybercriminals are "coming out of the woodwork because there's no threat of retaliation." Yet Dodd believes the damage these groups have done so far is relatively minimal compared to what could happen if authorities fail to find proper procedures. "What if they go after the command and control systems of [an unmanned aerial vehicle]?" Dodd asks. Even more pressing is the possibility that these organizations penetrating networks at will could align with terrorist groups or enemy nation-states to bring down emergency systems or take other actions that jeopardize lives and safety. "If we don't start seeing this as a serious threat, we're going to be in trouble," Dodd states.
Though the public and private sectors have good capabilities in certain areas of cyberoperations, they are scattered and often focused on response. "Most people are looking at cyber from the defensive," Dodd explains. "If you play chess in all defensive moves, the best you can do is prolong [the time until] death." Most cybersecurity work puts priority on defending against and catching criminals. "Well, if you catch Godzilla, what do you do with him?" Dodd encourages security experts to figure out.
Getting in the way of effective countermeasures is the very nature of cyberoperations. Cyberwarfare is one of the most classified aspects of the U.S. government, which Dodd believes prevents necessary legislation and resources from being enacted. And, in the intelligence world, much of the information about cybersecurity is stovepiped. "If we're going to have a national security posture, it needs to be a united national security posture," he asserts, and it must include the private sector, which owns most of the infrastructure and will be the true first responders during an attack.
Though hacktivists have been busy during recent weeks, other hazards affect people daily. In its McAfee Threats Report: First Quarter 2011, McAfee Labs reveals that malware had its busiest quarter in history and is the most prevalent threat to computers. "It's really easy to be a cybercriminal today," says Dave Marcus, the organization's director of security research and communications. Searching Google yields many toolkits for creating malware, he adds. Another major conclusion from the report is that mobile operating systems are encountering more attacks than ever.
On a positive note, the report finds that spam has dropped to its lowest level since 2007 in part because some major botnets have been taken offline. However, the decrease also comes because younger people use email less than previous generations, depending more on Twitter and other social networks. "Bad guys are very clever at picking up on trends," Marcus says. The report does not differentiate between the public and private sectors, but Marcus explains that public-facing Internet sites all encounter the same problems.
Targeted attacks are about the organization itself rather than its networks. Groups like Lulz Security and Anonymous, for example, are mainly antigovernment organizations and are seeking publicity. Often, such groups claim that attacks require little in the way of hacking skills, but Marcus points out that skill is not important if actions are effective. "They're about the message, not the method," he explains. While general-purpose strikes continue, Marcus says today's attacks have a high level of specificity while the times of a kid messing around in the basement are long gone. "It's for profit," he states.To help mitigate future threats, consumers and information technology leaders can use the McAfee report to familiarize themselves with existing problems. Enterprise executives can refer to it when making decisions to protect their organizations, while cybersecurity professionals can investigate problems and help customers deploy technologies more efficiently. The cyber community also must pay attention to threats at different times, because one quarter's statistics can look very different from another's, Marcus says. Even now, before quarter two has ended, it is shaping up to mark a sharp divergence from the past, he adds.