issues continue to make headlines throughout the US and abroad as retailers, financial organizations, utilities and many other organizations face continued and emerging risks to their data. Just the other day, the exploits of a cybercriminal ring came to light as malicious software called “ChewBacca
” was disclosed by a cyber security research firm. Before the attack was shut down, over 24 million transactions at retailers all over the world were accessed. Initial reports indicate that 49,000 credit card numbers were stolen in this incident.
Beyond financial crimes perpetrated to steal unaware user’s Personally Identifiable Information (PII), cyber security has been thrust ahead of terrorism and weapons of mass destruction to the forefront of the US Intelligence Community’s (IC) global concerns. The Director of National Intelligence, James R. Clapper Jr. briefed the Senate Intelligence Committee on January 29th
2014. According to the DNI’s statement, the IC assesses that “computer network exploitation and disruption activities such as denial-of-service attacks will continue. Furthermore, we (IC) assess that the likelihood of a destructive attack that deletes information or renders systems inoperable will increase as malware and attack tradecraft proliferate.”
State actors, including China, Russia, Syria, and Iran, are all in when it comes to developing their cyber warfare capabilities. Both of these countries are seeking changes to international systems for Internet governance. These changes, if successfully passed, may adversely impact the ability of the US to monitor web traffic as well as the broader goal of continuing to ensure free and open access. Aside from this common thread, it appears that each country is working towards its own priorities.
According to the report, Russia will be focusing on establishment of its own cyber command and increasingly targeting US forces and allies that have access to sensitive computer network information. Meanwhile China, which already has significant cyber and industrial espionage program established, will work feverishly to improve upon their capabilities. Additionally, the regime will continue to control the internet within the country allowing access for economic development while closely monitoring behaviors that might threaten the social order.
Non-State actors continue to show interest in developing capabilities to attack the networks of US companies and governmental entities. From the attacker’s perspective, network exploitation and denial-of-service are very low risk activities to perpetrate. Non-State actors including anonymous and more traditional terrorist organizations regularly express interest in developing capabilities to attack financial control systems, Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems to develop funding streams and cause disruptions of service.
More frequently, news outlets and technology blogs are discussing the “internet of things”. Utilities, HVAC, garage doors, automobiles are all increasingly being controlled by or integrated through the net. Today’s youth are growing up in this ever more interconnected world which will continue to contribute to the knowledge and capabilities of potential threat elements. Radicalization of these individuals, regardless if it is based on religious, economic or political affiliation can have profound negative effects over the next several years. Terrorist and criminal organizations are increasingly targeting talented, tech-savvy, individuals and the potential exists that they will find fertile ground in the 18 – 25 year age range given the current global unemployment crisis amongst millennials. To learn more:
(Image Credit: insidecounsel.com)