The Internet's dark side and the growing threat of nefarious attack via the 'Net were the central themes of a pointed cyber security speech by the Federal Bureau of Investigation's Director Robert Mueller yesterday at The Pennsylvania State University.
"If we lose the Internet, we do not simply lose the ability to e-mail or to surf the Web. We lose access to our data. We lose our connectivity. We lose our intellectual property. We lose our security. What happens when the so-called 'Invisible Man' locks us out of our own homes, our offices, and our information?" Mueller said. "The threat is not limited to hackers on the outside. Insiders present a significant problem. Contractors may take the appropriate security measures, but what about those with whom they subcontract and their subs? And what of those who take advantage of open access to research and development facilities on campuses such as this?"
The FBI's chief made a number of dark points:
Terror and the Web: "Take the case of Younis Tsouli, the self-styled "Terrorist 007" who not only served as an al Qaeda webmaster but also hacked into servers to get additional bandwidth, used phishing schemes to steal credit card accounts and buy $3 million worth of terrorist equipment, and created a website "that he hoped would become the YouTube for terrorists" called "You bomb it." Could you fall for a scam or run a server that could end up helping terrorists?"
Estonia: "The Internet is not only the means by which attacks may be planned and executed, it is a target in and of itself. Last April, Estonia suffered what has been called a "cyber blockade." Wave after wave of data requests from computers around the world shut down banks and emergency phone lines, gas stations and grocery stores, newspapers and television stations, even the prime minister's office. Although the source of this attack has not been confirmed, the effect was real, and left all of us aware of the potential risk we face. How long before others around the world begin to employ similar tactics?"
BotNets: "Botnets are networks of computers taken over by hackers-usually without their owners' knowledge. Once under their thumbs, these networks can wreak all kinds of havoc, from shutting down a power grid to flooding an emergency call center with millions of spam messages."
The invisible man: "Hackers are using sophisticated techniques to steal sensitive intelligence, scientific research, and communications data. They are difficult to identify and track because they move in and out of international systems at will, and they do not leave broken glass behind. A member of our cyber team describes it as having an invisible man in the room, standing over your shoulder, seeing and hearing everything you do, watching every word you type. And you may never know he is there...who he represents...or how much damage he has done."
On the brighter side, Mueller said there is a growing army of specialists that can counter the myriad online threats. For example:
Threat defense: "Officers, agents, and IT specialists in our Regional Computer Forensic Labs find and examine digital evidence from e-mail and cell phone data to documents on hard drives. Together, we continue to break new ground in the investigation and prosecution of cyber criminals. But we cannot limit our operations to the United States. Increasingly, cyber threats originate outside of our borders. And as more people around the world gain access to computer technology, new dangers will surface. For this reason, global cooperation is vital. We have 60 Legal Attaché offices around the world. We are working with our partners in Romania, Russia, Poland, Hungary, Italy, and Estonia, among others, to investigate international cyber threats."
Cyber Fusion Center: "Much of our collaboration begins in Pittsburgh-at the FBI's Cyber Fusion Center. Think of the fusion center as a hub, with spokes that range from federal agencies, software companies, and ISPs, to merchants and members of the financial sector. Industry experts from companies such as Cisco, Bank of America, and Target sit side-by-side with the FBI, postal inspectors, the Federal Trade Commission, and many others, sharing information and ideas. Together, we have created a neutral space where cyber experts and competitors, who might not otherwise collaborate, can talk about cyber threats and security breaches."
The FBI's InfraGard program: "A more localized example of our private sector partnerships. Members from a host of industries, from computer security to the chemical sector, share information about threats to their own companies, in their own communities, through a secure computer server. To date, there are nearly 21,000 members of InfraGard, from Fortune 500 companies to small businesses. That amounts to 21,000 partners in our mission to protect America."
Mueller wasn't all dark tales however. "Two weeks ago, in the middle of the World Series, the Colorado Rockies suffered a denial of service attack-just minutes after tickets went on sale for the Rockies' home games against the Red Sox. Thousands of fans were unable to buy tickets-fans who were ultimately spared the spectacle of witnessing a clean sweep.I reference this case because it highlights our dependence on computer technology and the seriousness of the cyber threat. But it also gives me one more excuse to remind everyone that the Red Sox won the World Series...again."
The Leader in Network Knowledge
Bad Facts make for Bad Bureaucrats
Rockies ticket sales suffer from denial of service attack. Well, NO. It was simply poor planning - guess what scalpers ( sorry ticket agents ) run bots and those bots all hit the server looking for the HOT ticket at the same time...voila, overload.
So before this is ends up being as an excuse for more controls, lets get the facts right.
Come on this is the head of FBI - kind of think he would have checked the facts first.
Come on, this is the head of the FBI....
We're the FBI. We don't need no steenkin' facts!
Now, if you'll just follow us, sir...
BAD FACTS DUDE
You must be one of those scalpers. Well Why do you think that scalping is against the law in some states. Honest People trying to get tickets the way the Big Leagues intended and people like you use bots and stop real people from getting the tickets. I still call that denial of service, no matter how you look at it.
Eliminate Microsoft Virus/Trojans/Worms/Bots/Malware/Exploits!
And, the first step, is to rid the world of the million Microsoft virus/Trojans/Worms/bots/malwares/exploits.
Grab a FREE image of the Vixta liveCDrom and run it!
Put http://ipcop.org on an old Pentium box, as your free firewall!
Join the 165+ national governments (Including China, India,Peru, South Africa!) in switching to Open Source OSes, such as Vixta.org, Mepis.org, Knoppix, PCLinuxOS, PC-BSD.org, or any of the 315 LiveCd distros that are FREE, at http://livecdlist.com
Microsoft Executives, in sworn testimony at Federal Courts, and in SEC Quarterly filings, under penalty of perjury, have stated that the Open Source OSes operate at least 21% of of all computers, growing at a rate of almost 3% per year. It's a great relief to know that the Bot Net territory is shrinking.
Even the FBI, CIA, NSA, NASA, DOT, FAA, and DOD all switched to the Free Open Source Systems, since 1997.
Microsoft.com, MSN.com, run behind 15,000 leased Akamai Linux Servers, simply to distribute the DDOS (Distributed Denial Of Service) attacks from Botnets.
The fact that Linux and BSD are immune to the million Microsoft virus/Trojans/Worms/bots/malware/exploits
is certainly part of a good, FREE, defense strategy.
You can probably see that I am a strong advocate of personal responsibility.
Bill Gates, Steve Ballmer, and the entire multiple convicted pirate crew, are responsible for the abject failure of Microsoft to combat the million Microsoft virus/Trojans/Worms/bots/malware/exploits.
Time for the FBI and the media to take a stand for truth in reporting, reject the false promises, the FUD, and the exploitive power of the incompetent Microsoft Corporation.
Without Microsoft, there are no Botnets, no DDOS, no BOSDs, and none of the million Microsoft virus/Trojans/Worms/bots/malware/exploits.
Let's eliminate the real pirate, the base of all Botnets, Microsoft Corporation. Exercise your personal responsibility, and run a Linux or BSD OS on your hardware! It is also GREEN!
Get "your" facts straight...
I don't know who lied to you but I happen to work for DoD and we DO NOT use open source anything. It's against the law and DoD Directive to use unsecure open source programs because it represents a security violation to our network. I'm pretty sure it's the same for the rest of those folks you mentioned to.
To the response about DOS used by scalpers, that's still against the law whether one person used it to get the tickets or whether entire neighborhood did it and shut down their server. DOS is not only defined as a "bad guy" purposely flooding a server to force it down. Using bots to find tickets is still using a bot for the wrong reason. I could careless if it was just an "innocent" scalper. If there is such a thing.
Just my two cents.
-NavyAICS.
According to netcraft
According to netcraft http://toolbar.netcraft.com/site_report?url=http://www.dod.gov
DoD is using Linux Sun-ONE-Web-Server/6.1
Last time I checked Linux was Open Source.
You may as well check this site http://www.nsa.gov/selinux/index.cfm
Yes, because as soon as all
Yes, because as soon as all Microsoft machines are removed from the Internet, hackers will sigh, pack up their tools, turn off their computers, go outside, and help track down lost puppies.
Not Quite
DDOS attacks work by overwhelming the target, a server or device - the OS doesn't matter. The rest of this is a bit of a head-in-the-sand mentality. There are so many exploits of Windows because it is the dominant operating system - as soon as some other OS becomes dominant exploits will appear for it as well.