The Hack Attack Worsens

Major Internet hacking cases have been grabbing headlines over the past few months, bringing the issue of computer network security front and center again and raising questions about just how vulnerable our computer networks really are.

By Patricia Vowinkel

Computer crime has been a problem since just after computers were invented, but in the past few months it has reached a new level of public awareness with a barrage of high-profile cases.

Some of this is the ongoing work of organized crime rings, out to get personal data to perpetrate fraud.

The Pillbox Defense (09/15/11)
Welcome to the 'Big Data' Era (09/15/11)
A Surprising Reticence (10/15/11)
Perils and Promises of the Cloud Providers (10/15/11)
Finally Going Mobile (09/01/11)

But many of these attacks are the work of so-called "hacktivist" groups, such as LulzSec and Anonymous, which want to cause embarrassment or misery for organizations or individuals they dislike.

Targets, meanwhile, are no longer just banks and retailers. Recent cyber attacks have included names such as Sony, Sega, Citigroup, Google, Amazon, PBS, the CIA, the International Monetary Fund and even Simon Cowell's new television show, "The X-Factor." In addition to those cases, there have been a multitude of attacks on smaller organizations that never make the news.

Attacks that once took place maybe once a month are now happening every day, even multiple

times a day, said Robert Parisi, a cyber and technology expert at Marsh.

The bombardment is relentless.

Some of the incidents, such as the attack on the CIA, are distributed denial of service cases in which websites are flooded with so much traffic that they have to shut down.

Other attacks, however, have resulted in the loss of personal data.

LulzSec has said it is doing us a favor by not telling us about every hack it perpetrates. "Do you think every hacker announces everything they've hacked? We certainly haven't, and we're damn sure others are playing the silent game." LulzSec said.

The intrusions are alarming. These attacks give the impression that nothing on the Internet is safe and that hackers are roaming freely, with few security obstacles to impede them. Indeed, companies have not realized just how vulnerable they are and have not done enough to secure their networks, said Luis Corrons, technical director of PandaLabs at Panda Security.

Other experts, however, said most organizations have been well aware of the risks and have worked hard to put up strong defenses and educate their employees.

Many of the measures have helped limit the damage. Hackers used to get away with hundreds of millions of records and now get far less, said Robert Richardson, director of the Computer Security Institute (CSI).

The loss of any records, of course, is a serious problem. But companies now also do a better job of segmenting information so that hackers may get an email address, for instance, but not a credit card number or Social Security number.

Advice?

From Corrons: Invest more resources in security. Security audits are a must and even medium-sized companies need a chief security information officer.

From Parisi: Be prepared for a breach. Know what to do if and when it happens.

From Richardson: Try not to anger people. Otherwise be prepared for the backlash of a hacktivist attack. Hacktivism is in the air and it could get worse.

PATRICIA VOWINKEL has worked for national media outlets for more than 20 years.

August 1, 2011

Newsletter Sign-up