Log In | Register
Earlier this morning, June 24, Oregon University became the unwilling host for a rather unflattering message from Iranian hackers to the President of the United States. For about an hour and a half, a message that began by addressing President Obama "Hey Stupid Fly Catcher Obama!" demanded that Obama cease talking about the Iranian presidential election and that he mind his own business as well as declaring that there was no fraud in the contest that put Mahmoud Ahmadinejad back into office for another term as Iran's president.
The pro-Ahmadinejad hackers had impeccable timing as they struck on the same day that the Obama administration unveiled the U.S. government's first integrated effort to protect military and civilian computers. Dubbed CyberCommand, the unit will fall under U.S. Strategic Command on the military's organizational structure. Strategic Command oversees both nuclear and computer warfare for the United States' national security community. Likely to be chosen to head the new command is Lieutenant General Keith B. Alexander who is currently the head of the National Security Agency. Alexander is expected to keep his spot at the NSA as well as receive a fourth star as a reward for guiding both organizations. Secretary of Defense Bob Gates has decreed that CyberCommand be up and running by October of this year and that it be fully-functional a year after its debut.
The government is spending $7.4 billion this year alone in attempts to secure all government computers from intrusions by curious hackers and hostile actors alike. Boeing created a division called Cyber Solutions in anticipation of a government expansion of computer security. Lockheed-Martin had its Information Systems division established already. Yet another defense contractor, Raytheon, has a longer-established electronic division dedicated to protecting essential computer networks called Information Security Solutions. Raytheon's ISS division, looking forward to new and larger government contracted for network security, acquired three computer security companies (Oakley Networks, SI Government Solutions and Telemus Solutions Inc.) and is planning to increase its stable of certified security engineers by 50% this year to improve their capabilities. L3 Communications and SAIC (Science Applications International Corporation) Inc., both defense contractors for the government as well, have thrown in together to create a unit that does computer network security too. Boeing, Lockheed-Martin, Raytheon and L3-SAIC already face one barrier to entering the computer security industry: old hands McAfee Inc. and Symantec Corp., the latter the creator of the ubiquitous Norton Antivirus, have been at computer security for decades. Whatever the case may be, CyberCommand will not be hurting for potential partners to hire for assistance with its goal.
An oft-overlooked part of each story about anti-American groups putting out propaganda and threats, however, is where the messages appear: an American university's computer network. Ever since the invasion of Afghanistan in the aftermath of 9-11, the incidence of attacks against computer networks has gone up. FY 2007 saw 37,000 breaches of private computer networks reported to the Computer Emergency Response Team. FY 2008: 72,000. Close to a 100% increase. Groups hostile to the United States have found that there are large, powerful and useful computer networks in America's colleges and universities that are not protected very well. They have been exploiting this weakness for nearly eight years now.
The NSA originally discovered in 2002 that al Qaeda was using vulnerable computer networks in America to host its websites and recruiting videos, unbeknownst to anyone involved with the computer networks. The practice was going strong in the second half of 2003 when the U.S. military discovered that there had been cross pollination of ideas between al Qaeda operatives in the Middle East and Iraqi insurgents. Wherever there were exploitable flaws and a few hundred free megabytes of storage, video files insurgents filmed of roadside bombs exploding on American patrols, the vile execution of foreign hostages or American POWs and other such media were appearing. The real kick in the pants was that it was usually the U.S. government paying for the computer that was hosting the video and the broadband connection that was uploading it to the aspiring young Islamist searching for propaganda footage.
The mission of increasing the security of educational institutions' computer networks is daunting. The most basic reason is because an educational institution's core mission is to be open and share information. This creates a large number of portals for which security is needed and, more importantly, that invaders can enter through. Another problem is that the patrons of educational institutions, primarily students, are young with less wisdom of judgment which makes them perfect targets on social networking sites like Facebook for phishing (tricking users into giving up their usernames and passwords). These students' accounts can then be used to set up hosting for a hacker's website or as a stepping stone for more privileges on the target network and more opportunities to hack deeper into the system. A third problem is that 32% of the 498 reported security breaches since 2000 are attributed to educational networks, just 3% behind the leader which are businesses. This paints a bleak picture for educational networks because while there are just thousands of them, there are 14 million businesses which makes educational institutions exponentially bigger risks for being broken into. So risky, in fact, that they are considered among the most dangerous to engage in transactions with because of the chance that sensitive data will be pilfered and abused. Some financial institutions have even declined to deal with educational institutions because of security concerns.
In the last year or two of its existence, the Bush administration belatedly made attempts to increase computer network security without a great deal of success. Now the Obama administration has embarked on its attempt to improve computer security in America and, hopefully, that attempt will meet with more success than previous tries.
Start Tracking
Stop Tracking