Experts at AAAS Briefing Detail the Growing Threat of Cyber-Terrorism
Cyberspace has become one of the most lucrative areas of criminal activity
in the world, with organized crime, terrorist organizations and rogue
nations all actively hacking into under-protected American financial and
credit networks, three experts said at a briefing for journalists on Nov.
Virtually any device with access to the Internet—from messaging
cell phones, to home laptops, to wireless battlefield computers—can
become a hacking entry port, the three said at a panel on cyber-terrorism
sponsored by the Center for Media and Security and by the AAAS
Center for Science, Technology and Security Policy.
Hacking to steal personal identifying information and to defraud money
from financial accounts “has become the cocaine of the new millennium,”
said Tom Kellermann, co-founder of Cybrinth
LLC, a computer security firm. Kellermann said that the FBI calls
identity theft the number one growth crime in the nation and says the
U.S. losses linked to all types of e-crimes exceeded $400 billion in 2004.
Another study found that one out of every three computers is compromised,
that is, already infected with an electronic virus or other intrusion,
and, he added, commonly used protection software picks up only about 45
percent of viruses. Kellermann said that about 95 percent of the successful
attacks result in installation of remote control viruses that enable hackers
to use the victims’ own computer to further penetrate the network
and attack other computers.
The international hacking community is so active and sophisticated, said
Kellermann, that exploits for discovered software vulnerabilities are
created in a matter of days.
“If you don’t update your (anti-virus protection) quickly,
you are potentially vulnerable,” he said. “Viruses are coming
out at the rate of a couple dozen per month.”
Who’s behind the hack attacks? Both organized crime and foreign
nations. Criminal gangs have realized that theft of information through
the Internet is more profitable than drug trafficking, said Kellermann.
Some organized crime groups are working with foreign nations to pilfer
financial property, financial data and credit information. Kellermann
said North Korea has founded a university specifically to train people
to invade computer networks and acquire or manipulate information.
Terrorists can find hackers easily. Any group can go to internet sites
and hire hackers who will do specific jobs for a fee, Kellermann said.
“Tremendous operational, systemic and reputational risk accompanied
the Internet revolution,” Kellermann said after the briefing. “Senior
management of most organizations perceive the Internet to be pacific when
in reality, it emulates the characteristics of the Wild West. While connectivity
and convenience are pivotal in our technologically advanced world, the
need to protect our cyber assets becomes critical with an understanding
of the transformation of modern day crime and terrorism.”
Army Col. Carl
W. Hunt, director of technology for the U.S. Strategic Command Joint
Task Force — Global Network Operations, Computer Network Operations,
said some nations are making a concerted effort to develop offensive computer
systems that can be directed against the cyberspace of other countries.
Hunt said there are other nations “that want to have as much information
about us as possible, maybe not to attack, but to compete economically
But much of the hacking is aimed directly at getting information or
identities that can be used to defraud or steal assets.
“A World Bank study in 2003 estimated that identity theft cost
the world economy $222 billion a year,” said Kellermann. “The
reality is that identity theft has become more lucrative than cocaine
trafficking.” A 2003 United Nations report said that cocaine trafficking
is a $221-billion-a-year business — a billion dollars a year less
than identity theft.
Kellermann, Col. Hunt and a third speaker, Tony
Rutkowski, a vice president of VeriSign Inc., a computer security
firm in Dulles, Va., said that data systems operators should take more
individual responsibility in protecting cyberspace from illegal intrusion.
This can be done with more aggressive efforts to frequently update barriers
that guard data banks and control access, they said.
Benn H. Tannenbaum, senior program associate for the AAAS Center for
Science, Technology and Security Policy, said the cyber-security panel
was the second in a series of luncheons organized with the Center
for Media and Security “to raise awareness on serious technical
issues that have important policy implications. By connecting journalists
with these scientists, we hope to foster communications to improve the
public dialogue on these issues.”
22 November 2005