Terrorists, criminals, hostile governments and disgruntled insiders pose threats to information systems
On the eve of Laylat al-Qadr in August 2012, a computer virus named Shamoon attacked Saudi Aramco, the world’s largest crude
oil supplier. Only weeks later, Qatar’s RasGas, one of the major players in producing natural gas, became the second Middle Eastern company to fall prey to a cyber attack. In the weeks following, Aramco reverted to communicating with the world via telex and fax, essentially as it had 20 years earlier.
Such attacks shed light on serious cyber threats against vital infrastructure. As terrorists join criminal adversaries in cyberspace, the threat of digital assaults on economies, infrastructure and national security is higher than ever before. Military installations, security and government agencies, electricity grids, communications, and transportation systems are all within the scope of such attacks.
Nefarious groups have grown bold with their cyber threats. In the past, hackers may have acted with the goal of stealing money from banks and credit card companies; however, today many players have emerged, all with different agendas and goals, such as identity theft, stealing intellectual property from businesses or illegally extracting government information.
Hacker tactics
The victims of these attacks are precisely selected. Although the classic technique of scanning the Internet for any open port or blank password is still practiced by low-level hackers, the biggest threat comes from direct attacks fueled by detailed information about the target network, allowing for penetration of security parameters to achieve specific objectives. This type of attack is preceded by investigations that can include spying on the physical facilities and collecting information about employees, hours of operations, and mail delivery patterns, among other details.
This is followed by deploying “social engineers” to collect information about the firm by making friends with employees. For instance, a seemingly friendly couple walk into a café and sit next to the targeted employee. They introduce themselves and start a conversation to grab the employee’s interest. One person handles the conversation and the second person takes notes on a phone, acting as if he or she is texting. In Great Britain, a group of hackers dressed like tech firm employees entered a bank pretending to do maintenance; instead, they installed serial ports that could be controlled from outside the bank. Another tactic was demonstrated during a hacker gathering in 2012 when Shane MacDougall, a known hacker, outlined how to get information from corporations. He calls retail stores and introduces himself to the manager as a senior manager calling from the corporate headquarters. He then delivers exciting (but fake) news about the company winning a huge government contract and how he needs the local manager to lead the contract. In a mere 10 minutes, MacDougall was able to gather critical information including the type of computers used, version of Microsoft Windows, the firewall type, the anti-virus software of the store and the work schedule of the managers.
six categories of cyber threats:
Terrorists: Terrorists target government and military networks to steal information or disrupt services. However, terrorists are operating throughout cyberspace. Terrorists collect information from banks, communications systems, and transportation and energy companies. Their primary goal is to destroy networks, damage infrastructure and maximize casualties. In a document found in a terrorist hideout, the group was collecting electronic data about power plants and oil refineries in the Middle East. Hacking into military networks will give the terrorists access to secret information about weapons, routes, plans and personal information about key figures. They are also interested in obtaining information about accessing restricted sites. For example, a car bomb passed through a security checkpoint in Baghdad because the terrorists were able to forge a security badge.
Governments: Countries with malicious intent can easily gain access to highly skilled hackers. Knowledge is pooled and used to cause great damage to vital infrastructure in other countries. Each government must seriously consider the possibility of such an attack. For example, there are many reports of Chinese espionage attacks against American companies — one of the most recent was an attack by a Chinese national against Boeing and Lockheed Martin to steal fighter jet technology.
Hackers: Hackers break into computer systems for socio-economic reasons. Hackers can recruit insiders to help in the attack. The hackers usually attack banks or individuals for blackmail or ransom, yet sometimes they attack large corporations to make a point or gain fame. In general, hackers use spam emails to inject malware in personal computers. When the hackers are notified that a victim has taken the bait, the second stage of assault begins, perhaps locking files for ransom or stealing financial information. Hackers sometimes scan Internet traffic with a device called a “sniffer” that lets them read all information that passes through a compromised switch.
Criminal organizations: Organized crime has grown sophisticated. Criminals use the Internet to attack corporations and institutions. They are well-organized and more threatening than individual hackers. They work on an international scale and can coordinate big attacks from across the world to overrun firewalls and other security parameters to gain access to the target network. One such tactic is a distributed denial of service, an attack that makes the network unavailable to its users. Criminal organizations also steal valuable information to blackmail a company or individual, or to sell the data to competitors. They specialize in targeting financial institutions and wiring large funds to foreign banks. A good example is the Russian criminal group known as Gameover Zeus, which infected more than 500,000 computers around the world with a Trojan virus to steal financial information, including usernames and passwords. The group also used another virus called CryptoLocker to encrypt and lock important files in the victims’ computers and demanded ransoms to release the files. CryptoLocker locked 234,000 computers and made $27 million for the group.
Competitors: Hackers sometimes are hired to steal data or destroy a rival company’s information systems. This is a form of industrial espionage. In some cases, a company hires a hacker to seed malware inside the victim company’s network and collect information. Such illegal practices can give the offending company a competitive advantage. A good example of such a case is the “blue-chip hacking scandal” in which the FBI discovered that eight U.S. firms hired a United Kingdom-based hacker firm to steal sensitive information from competitors.
Internal threats: This is potentially the most dangerous type of hacking, because it operates behind the lines of defense such as firewalls and Intrusion Detection Systems (IDS). Knowledgeable employees can exploit sensitive data with fewer obstacles. Insider threats are hard to detect because they begin as legitimate network users. Motives for insider hacking include unhappy employees, blackmail and financial gain.
Organizations must protect their networks and assets from criminals and terrorists. The “what ifs” can cause anxiety: A terrorist gaining access to a chemical or energy facility can release toxic chemicals or shut down power. Shutting down a refinery could cause a global economic hiccup. Any breach of an air traffic control system could lead to catastrophe. Military command and control could be compromised.
Cyber defense is everybody’s duty. Organizations must train all their members. Educating people about Internet threats, email viruses and phishing techniques is beneficial. Most important, educating organizations about social engineer threats is vital, because many breaches are initiated that way. Organizations must issue alerts about emerging threats to spread awareness. Obtaining world-class firewalls and IDS are a must to protect data. However, equipment cannot do the trick without a skillful team to operate it.
The attacks on Aramco and RasGas are just two examples of how terrorists are positioned in cyberspace to harm vital resources. Such assaults are evidence that we must team up to defend our nations and their assets. It will be too late to act when terrorists overrun security parameters. The damage will already be done.
Comments are closed.