Just a few months ago, the news was full of reports of WikiLeaks supporters, hackers from “anonymous,” shutting down MasterCard’s website. Fang Binxing, the architect of China’s cyber-censorship system—the “Great Firewall of China”—was driven off his mini-blog by thousands of Internet users. Does that tell you that cyber attacks are powerful forces?
The “Stuxnet” worm that damaged Iran’s nuclear installations was a carefully crafted piece of espionage via a cyber attack by unknown perpetrators. Even Stieg Larssen’s wildly popular Swedish book series about “The Girl”…”with the Dragon Tattoo,”… “who Played with Fire”…, and …”who Kicked over the Hornets Nest,” features “the girl” as an expert hacker. Cyber threats seem to be everywhere.
That’s because they are! This past Christmas season’s largest retail growth area was online shopping. A BIGresearch survey showed that over 20 percent of shoppers used their smart phones for price checks while shopping this Christmas. I’ll bet the next year’s number is much higher.
In fact, you can barely read the news today without encountering Cyber-something. The growth of cloud computing either makes the Cyber-risks and exposure better or worse. Experts differ on this conclusion. Aren’t you wondering, “What is the real, honest truth about this CYBER-stuff?” Will somebody lay out the simple truth about it?
Feb. 17, 2011— Computerworld: About eight out of every 10 Web browsers run by consumers are vulnerable to attack by exploits of already-patched bugs, a security expert said today. The poor state of browser patching stunned Wolfgang Kandek, CTO of security risk and compliance management provider Qualys, which presented data from the company's free BrowserCheck service Wednesday at the RSA Conference in San Francisco. "I really thought it would be lower," said Kandek of the nearly 80% of browsers that lacked one or more patches.
I started studying this area 10 years ago and that research led to my recent novel, The Chinese Conspiracy.Since I’ve spent a lot of study time on this area, I’m going to level with you—in mostly layman’s terms—about how bad and how serious it is now, and might become in the future.
1. Cyber-threats ARE A BIG DEAL. Cyber as a term means related to computers or computer networks, especially used for communications and data processing, transmission or storage. As global shipments of smart phones head toward 300+ million in 2011, the size and reach of these networks grow and grow. Add 200 million mobile PCs shipped in 2010, virtually all WiFi equipped, and the count of “new devices” reaches half a billion.
If those figures are true, then the number of devices in operation is certainly over a billion and heading toward 2 billion. That means anything that messes with, threatens or disrupts that immense number of computer-like devices is a HUGE threat and must be taken very seriously.
2. Cyber-threats are “everywhere.” Because those one billion vulnerable electronic devices are “everywhere.” Computer ownership and usage may be higher in richer, more developed countries, but cell phone usage in emerging countries like China surpasses every forecast. No one has a good handle on how many cell phones (most of them “smart phones”) exist in Asia. A lot!
3. What is the technical definition of a Cyber-threat, a Cyber-theft, or a Cyber-invasion? It’s pretty simple. Any time someone other than the owner and authorized user of an electronic device accesses it, uses it or gains the use of it (even if at some later time) there has been a Cyber-invasion.
Depending on who did what, it might be a “hacker” doing it for mischief; it might be a “cyber-thief” doing it to steal credit card information, access bank records, or steal the user’s identity. An e-mail address book stolen and used for spam is a common example. A hijacked website, even if only used mischievously is another (If that website was there for commercial use, it is a form of theft). A massive DDoS (Distributed Denial of Service) attack was the one WikiLeaks supporters used on MasterCard to shut down its website.
4. Are Cyber-threats dangerous or risky? Absolutely! All of them aren’t equally dangerous, but it’s hard to tell which are and which aren’t. To be safer:
- Keep anti-virus software updated often (even if it costs money).
- Keep your computer’s firewall on (for large system users, get good IPS & IDS (I = Invasion, P = Protection, D = Detection, and S = System).
- Do not accept “cookies” from third party sites (choose in your browser’s preferences).
- Change passwords regularly (and mix them up—alpha characters, upper and lowercase, numbers, symbols).
- Choose the appropriate level of protection your Internet or Email provider offers.
- Trash spam and empty the trash—get it out of your computer.
- DO NOT open attachments that are suspicious or unfamiliar—it’s just not worth the risk.
5. No one knows with certainty how to stop Cyber-invasions. Some are identifiable and can be caught on the way in an/or prevented. The Internet service providers who run the major “gateways” need to do this. It’s hard to track down who the invaders were, and even if you can, retaliation is difficult or impossible. By then, “they are gone!”
6. No one is immune to cyber-invasions; so don’t think you are. When you see something suspicious, even from a familiar e-mail address or website, check it before opening. Phishing expeditions use e-mails that look identical to what real banks or credit card companies would use IF they used e-mails to ask for sensitive info—they don’t.
Also, do not send any private info unless you have verified that you have the true site. Thieves make them look identical. When shopping on line, watch for the https:// that denotes a secure shopping site. The protection may not be perfect, but it’s the best-known technology.
The technology exists to shut down large parts of any country, including the U. S. Expert hacking countries such as China, Russia and the Ukraine are capable of such an attack, which, if combined with some older military “jamming” technology can wreak havoc. The damage done can be immense, and depending on the systems attacked, loss of life might be great (e.g., attacks on GPS or Air Traffic Control).
There you have it - all in one place - the truth about Cyber-threats. I warned that I would be brutally honest. There is only one true protection – vigilance - followed by informed and decisive action. Forewarned is forearmed. Use those great phones and computers - but be very careful!