The Internet's dark side and the growing threat of nefarious attack via the 'Net were the central themes of a pointed cyber security speech by the Federal Bureau of Investigation's Director Robert Mueller yesterday at The Pennsylvania State University.
"If we lose the Internet, we do not simply lose the ability to e-mail or to surf the Web. We lose access to our data. We lose our connectivity. We lose our intellectual property. We lose our security. What happens when the so-called 'Invisible Man' locks us out of our own homes, our offices, and our information?" Mueller said. "The threat is not limited to hackers on the outside. Insiders present a significant problem. Contractors may take the appropriate security measures, but what about those with whom they subcontract and their subs? And what of those who take advantage of open access to research and development facilities on campuses such as this?"
The FBI's chief made a number of dark points:
Terror and the Web: "Take the case of Younis Tsouli, the self-styled "Terrorist 007" who not only served as an al Qaeda webmaster but also hacked into servers to get additional bandwidth, used phishing schemes to steal credit card accounts and buy $3 million worth of terrorist equipment, and created a website "that he hoped would become the YouTube for terrorists" called "You bomb it." Could you fall for a scam or run a server that could end up helping terrorists?"
Estonia: "The Internet is not only the means by which attacks may be planned and executed, it is a target in and of itself. Last April, Estonia suffered what has been called a "cyber blockade." Wave after wave of data requests from computers around the world shut down banks and emergency phone lines, gas stations and grocery stores, newspapers and television stations, even the prime minister's office. Although the source of this attack has not been confirmed, the effect was real, and left all of us aware of the potential risk we face. How long before others around the world begin to employ similar tactics?"
BotNets: "Botnets are networks of computers taken over by hackers-usually without their owners' knowledge. Once under their thumbs, these networks can wreak all kinds of havoc, from shutting down a power grid to flooding an emergency call center with millions of spam messages."
The invisible man: "Hackers are using sophisticated techniques to steal sensitive intelligence, scientific research, and communications data. They are difficult to identify and track because they move in and out of international systems at will, and they do not leave broken glass behind. A member of our cyber team describes it as having an invisible man in the room, standing over your shoulder, seeing and hearing everything you do, watching every word you type. And you may never know he is there...who he represents...or how much damage he has done."
On the brighter side, Mueller said there is a growing army of specialists that can counter the myriad online threats. For example:
Threat defense: "Officers, agents, and IT specialists in our Regional Computer Forensic Labs find and examine digital evidence from e-mail and cell phone data to documents on hard drives. Together, we continue to break new ground in the investigation and prosecution of cyber criminals. But we cannot limit our operations to the United States. Increasingly, cyber threats originate outside of our borders. And as more people around the world gain access to computer technology, new dangers will surface. For this reason, global cooperation is vital. We have 60 Legal Attaché offices around the world. We are working with our partners in Romania, Russia, Poland, Hungary, Italy, and Estonia, among others, to investigate international cyber threats."
Cyber Fusion Center: "Much of our collaboration begins in Pittsburgh-at the FBI's Cyber Fusion Center. Think of the fusion center as a hub, with spokes that range from federal agencies, software companies, and ISPs, to merchants and members of the financial sector. Industry experts from companies such as Cisco, Bank of America, and Target sit side-by-side with the FBI, postal inspectors, the Federal Trade Commission, and many others, sharing information and ideas. Together, we have created a neutral space where cyber experts and competitors, who might not otherwise collaborate, can talk about cyber threats and security breaches."
The FBI's InfraGard program: "A more localized example of our private sector partnerships. Members from a host of industries, from computer security to the chemical sector, share information about threats to their own companies, in their own communities, through a secure computer server. To date, there are nearly 21,000 members of InfraGard, from Fortune 500 companies to small businesses. That amounts to 21,000 partners in our mission to protect America."
Mueller wasn't all dark tales however. "Two weeks ago, in the middle of the World Series, the Colorado Rockies suffered a denial of service attack-just minutes after tickets went on sale for the Rockies' home games against the Red Sox. Thousands of fans were unable to buy tickets-fans who were ultimately spared the spectacle of witnessing a clean sweep.I reference this case because it highlights our dependence on computer technology and the seriousness of the cyber threat. But it also gives me one more excuse to remind everyone that the Red Sox won the World Series...again."