*This rising tide of mayhem isn't gonna be news to anybody who's been reading the jeremiads on this blog for the past X years.
*Every year it's fewer daffy teens and hippies, and more and more crooks and spooks. Darkside hacking has finally hit the top of the food chain: presidents, moguls, Google, diplomats, political advisors, nobody's safe any more. china china china hack hack hack
Life in cyberspace can be nasty, brutish, and short. So says a new report (PDF) on international cybersecurity, which argues that the Internet is a Hobbesian "state of nature" where anything goes, where even government attacks maintain "plausible deniability," and where 80 percent of industrial control software is hooked into an IP network.
It's also a world where the US is both a model and a bully. When 600 senior IT security managers were asked which state actor was most likely to engage in cyberattacks, the top response was the US (36 percent), even among traditional US allies. On the other hand, US security practices were some of the world's most admired.
Hack attacks
The report was funded by security vendor McAfee, but it was conducted by a respected DC think tank, the Center for Strategic and International Studies. It paints a stark picture of the security problems faced by major enterprises and infrastructure groups, and some of the statistics are downright shocking.
54 percent of surveyed executives experienced "large-scale denial of service attacks by [a] high level adversary like organized crime, terrorists, or nation-state"
57 percent said they had suffered DNS poisoning, in half the cases multiple times per month
70 percent had dealt with network vandalism, insider theft, phishing, or loss of sensitive data
20 percent had been victims of Internet extortion schemes
If the overall news on Internet security is grim, the news from specific sectors and countries can be downright horrific. For instance, take that last stat on extortion schemes. Hackers infiltrate a network, then threaten a company with chaos, a data leak, or the disruption of operations unless they are paid. It happens more than you might think, despite corporate unwillingness to publicize such attempts.
According to a separate CSIS document (PDF) that outlines major hack attacks over the last few years, "a CIA official said the agency knew of four incidents overseas where hackers were able to disrupt, or threaten to disrupt, the power supply for four foreign cities" back in 2008. CSIS notes that there are unconfirmed reports that Brazilian power outages in 2005 and 2007 were actually caused by hackers, likely acting on an extortion attempt.
But such events are rare in the US; only 12 percent of US executives said that extortion had been a problem. Move to India, however, and the number skyrockets to 40 percent....
