Friday, May 29, 2009

Cyber Wars

On 24 July 2008, Spam King Eddie Davidson [pictured at right] killed himself, his girl friend, and a child after walking away from a federal prison where he was serving a 21-month sentence for charges related to spamming activities.

Today, President Obama announced the creation of a new post, which he called Cyber Czar. This new position would have responsibilty for protecting world computer networks from attacks that cost the economy billions of dollars every years. The only surprising thing about his announcement is how long it took the government to take action.

Imagine if there were gangs of criminals roving the interstate highways, putting up phony signs that divert traffic from its intended course, stopping trucks and carrying off their cargo, and causing delays and traffic jams on a daily basis. Wouldn't the public be enraged? Wouldn't government be forced to step in?

That's exactly what is happening to our "information superhighway." But even though most Americans use computers or rely on their performance in their daily lives, few understand how they work or what dangers lurk there.

The internet began as ARPAnet, a U. S. Deparment of Defense project back in the 1960s. Although security must have been a prime concern at that time, by the 1980s something had gone terribly wrong. Hacking, or breaking into a computer network surreptitiously, was considered by many to be an innocent pastime. The movie "War Games(1983)" showed how a teenager might hack into a top secret military computer. Although the story was somewhat fanciful, still there were many computer users who amused themselves by trying to gain access to various computer networks.

As the Internet exploded, both the opportunities for hacking and the danger from abuse escalated dramatically. Today, there are thousands of hackers, some of them amateurs, but many others professionals employed by governments, who are busily at work trying to defeat the plans that have been laid to protect our data, our websites, and ultimately, our lives. Since computers intrude into every aspect of our lives, they control information that could be used to fire weapons, or prescribe medications, to direct traffic on busy highways, or suck funds out of bank accounts.

Internet Enemy Number One: Spam.
Much of the president's attention is focused on "cyber attacks", where networks are invaded, usually to obtain information, but sometimes to disrupt operations. The most expensive kind of attack, however, is the most common, one which every computer use encounters every day. It's called spam. The propagation of spam, unsolicited email messages, is as sophisticated as any network breakin. In fact, they use the same tools and have developed similar tactics to evade detection.

What does the sending of spam involve? In the first place, the spammer must have some method of gathering millions of email addresses. This may be accomplished by software programs called "spiders" that enter every website on the internet and harvest email addresses, which are later used for spam or sold to spammers. These programs are sold openly on the internet. Greedy and unscrupulous people have sold books and articles about email "marketing" in which they explain how to send spam and make money doing it.
Advanced spamming also uses viruses, trojan horses, and malware. Trojan horses take over your computer and use it to send spam. Malware installs itself on your computer and steals all your email addresses. When a hacker manager to install malware on large computers like government or university databases, it can steal thousands or even millions of email addresses at the same time. This same ability to steal email addresses and take over computers can also be used to steal data, like bank records, social security records, and medical records.

Cyber Wars

During the Cold War, computer programmers employed by governments on both sides of the iron curtain invented programs to disrupt or disable computer networks of the other side. Bulgaria was particularly active in this area, which was related to "cracking", a way of making commercial software available to users who had not purchased a legal copy. So a programmer could make a "cracked" copy of Microsoft Word, for example, and hundreds of people could use the pirated copy without paying royalties to Microsoft. Other programs were also placed on these disks, viruses and trojan horses, which could use the installer as an entry point into a computer.

Since the end of the cold war, programmers trained by their governments in hacking techniques have gone rogue, so to speak, continuing to practice their trade, either for monetary gain or for recognizable sociopathic reasons, which is to say that they want to destroy something because they enjoy doing it. One famous example of this was a Bulgarian called Dark Avenger, who used his programs to attack anti-virus researcher, Sarah Gordon.

Computer hacking lends itself to asymmetrical conflict, where small, relatively weak organizations attack large, powerful ones. Computers are small, relatively cheap, and easily connected to sophisticated systems through the internet or wireless networks. This use of hacking techniques increases the danger associated with cyber crime, much as the use of plastic explosives and hijacked airliners increases the deadliness of guerilla war. The sophisticated weapons systems of technological warfare as practiced by the American army are far more vulnerable to attack by one or two sophisticated hackers than the tanks and bombs of previous wars. America must perforce become better at repelling cyber attacks in order to maintain its military superiority.

Which brings us full circle, because the techniques used to subvert weapons systems (or any other highly integrated system on which lives rely) are the same--viruses, trojan horses, malware--as have been used by less malign hackers since the 1980s. We need our government to begin combatting these threats without delay.

No comments: