This Is No Time
To Skimp on Security
One fundamental
change is that
the motives for
security breaches
have multiplied.
HAVE YOU BEEN PAYING ATTENTION? Security threats around the world have changed over the past few years. One of the fundamental differences is that the motives for security breaches have multiplied. Where once they were almost entirely a criminal means of
Scot Finnie is
Computer world’s
editor in chief.
You can contact
him at sfinnie@
computer world.com
and follow him on
Twitter (@ScotFinnie).
monetary gain, today they are also driven by international tensions, ideological vigilantism and the
desire to embarrass organizations and governments
— with individuals, groups and even countries
using electronic means as a form of aggression.
Who knows what groups like Anonymous,
AntiSec and LulzSec will target next? Who knows
what other countries or nationally focused groups
might target U.S. interests — public or private
— using cyber sabotage and warfare techniques,
such as those reportedly set in motion by Stuxnet.
Recent examples of companies, organizations
and websites that have been hacked include Booz
Allen Hamilton, the CIA, Citigroup, Epsilon,
Google, Honda, the IMF, Lockheed Martin,
NASA’s Jet Propulsion Laboratory, NASDAQ, PBS,
the Pentagon, RIM’s BlackBerry blog, RSA, Sony
and the U.S. Senate.
On Aug. 2, security vendor McAfee released
a white paper in which threat researcher Dmitri
Alperovitch chronicled a hacking campaign
dubbed Operation Shady RAT that penetrated 72
organizations in 14 countries over the past five
years. Alperovitch wrote: “I am convinced that
every company in every conceivable industry with
significant size and valuable intellectual property
and trade secrets has been compromised (or will
be shortly), with the great majority of the victims
rarely discovering the intrusion or its impact.”
McAfee competitors Kaspersky and Symantec
criticized the report for implying that the Shady
RAT hackers had done something sophisticated and
out of the ordinary. While that suggests that secu-
rity vendors are more concerned with outdoing one
another than with showing how their systems can
protect enterprises, no one is disputing that long-
term hacking not only exists but is commonplace.
