Greater Cincinnati: Ohio - Kentucky - Indiana
513-263-8000
or
|
|
Greater Cincinnati: Ohio - Kentucky - Indiana
|
513-263-8000 or |
|
|
Understanding Cyber Threats
The Internet has greatly improved the way we do business. Unfortunately, it has also created a breeding ground for scams, hoaxes, attacks on service, theft by unauthorized intruders, and sabotage via viruses and worms. Vulnerabilities associated with the Internet and networks put businesses, individuals, governments and critical infrastructures, such as power plants and telecommunications facilities, at risk. To understand the problem, consider the following incidents (1, 2):
An attacker obtained 100,000 credit card numbers from the records of a dozen retailers selling their products through Web sites. He used a packet sniffer to capture the numbers as they traversed the Internet. The credit cards had limits between $2,000 and $25,000, putting the potential cost of theft at $1 billion. This type of intruder activity is one form of "identity theft." The attacker was caught when he tried to sell the card numbers to an apparent organized-crime ring that turned out to be the FBI. (1)
In a case of cyber-extortion, an intruder stole 300,000 credit card numbers from an online music retailer. The intruder, who described himself as a 19-year-old from Russia, sent an email to the New York Times bragging he had accessed the company's financial data through a flaw in its software. The intruder later used the card numbers in an attempt to blackmail the retailer into paying $100,000 in exchange for destroying the sensitive files. When the company refused to comply, the intruder released thousands of the credit card numbers onto the Internet in what turned out to be a public relations disaster for the company. Security experts still do not know how the site was compromised or the full extent of how the break-in affected the site's customers. Credit card companies responded by canceling and replacing the stolen card numbers and notifying affected cardholders by email. E-commerce analysts say many similar attacks go unreported. (1)
In 1996, a computer hacker allegedly associated with the White Supremacist movement temporarily disabled a Massachusetts ISP and damaged part of the ISP's record keeping system. The ISP had attempted to stop the hacker from sending out worldwide racist messages under the ISP's name. The hacker signed off with the threat, "you have yet to see true electronic terrorism. This is a promise." (2)
In 1998, ethnic Tamil guerrillas swamped Sri Lankan embassies with 800 e-mails a day over a two-week period. The messages read "We are the Internet Black Tigers and we're doing this to disrupt your communications." Intelligence authorities characterized it as the first known attack by terrorists against a country's computer systems. (2)
These scenarios highlight the need for tight security in order to keep critical information out of the hands of cyber criminals and protect critical infrastructure such as power, water, and telecommunications facilities from Cyberterrorists wishing to cause harm to the United States.
Cyberterrorism
The Regional TEWG is focused on cyberterrorism as well as the physical threats terrorists may pose. "Cyberterrorism is the convergence of terrorism and cyberspace. It is generally understood to mean unlawful attacks and threats of attack against computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives. Further, to qualify as cyberterrorism, an attack should result in violence against persons or property, or at least cause enough harm to generate fear. Attacks that lead to death or bodily injury, explosions, plane crashes, water contamination, or severe economic loss would be examples. Serious attacks against critical infrastructures could be acts of cyberterrorism, depending on their impact. Attacks that disrupt nonessential services or that are mainly a costly nuisance would not." (2)
We know terrorists do use cyberspace to facilitate traditional forms of terrorism such as bombings. They put up web sites to spread their messages and recruit supporters, and they use the Internet to communicate and coordinate plans. Terrorists may use hacking as a way of acquiring intelligence in support of physical violence, even if they do not use it to wreak havoc in cyberspace. However, critical infrastructure / key resource facilities should be prepared for a cyberterrorist attack.
Click here to read more about the National Strategy to Secure Cyberspace. To learn more about how to prepare for potential cyber security incidents click here.
To report cyber infrastructure incidents, please visit the United States Computer Emergency Readiness Team (US-CERT) website at www.us-cert.gov.
OR call
FBI Cincinnati, Joint Terrorism Task Force: 513-421-4310
Identity Theft
Identity theft has been identified as the fastest growing crime in the U.S. Not only does identity theft pose a problem to victims, businesses, and the national economy, it is also a serious national security issue. It is now well know that six of the September 11, 2001 hijackers obtained social security numbers by fraudulent means. Terrorists may use identity theft as a means to finance their activities, enter the U.S. and gain access to facilities!
Methods of exploiting personal and private information are numerous and in most cases quite simple. Technology only enhances the ability to commit identity crimes, while remaining anonymous. Spyware, Trojan horses, viruses, phishing, hacking (cracking), and malicious code are all significant problems in the cyber age, with new methods of exploitation becoming known almost daily.
With identity theft continuing to be a major problem in America, consumers, businesses, organizations, and governments have yet to quell the problem or find means to protect personal information. In fact, the loss of personal and private data by businesses, organizations, and governments has reached critical mass. Click here to read the latest data breaches that put your personal and private information at risk.
Click here to learn how to prevent your personal information from falling into the hands of potential terrorists and identity thieves.
References:
1. Cross, Stephen (2000). "Cyber Threats and the U.S. Economy". Testimony before the Joint Economic Committee of the US Congress.
2. Denning, Dorthy (2000). "Cyberterrorism". Testimony before the Special Oversight Panel on Terrorism of the U.S. House of Representatives.
Home | General Public | Business and Industry | Links | Contact | Downloads | Espaņol | 中文