Line dividing hacker cyber crime, state-sponsored terror attacks murky
NEW YORK — The lines between online thefts and all-out cyber warfare continue to blur as hackers become more effective at attacks that threaten to cause serious economic damage, computer security and legal experts said here Thursday.
“It’s not a clear, bright red line,” Mitchell Silber, executive managing director of K2 Intelligence, a cyber security company based here, said at a daylong cyber warfare conference. “It really is more murky, the difference between where a cyber criminal hack ends and where some type of state or state-sponsored event begins.”
The Department of Homeland Security last week issued a bulletin to cyber security insiders reporting that a destructive malware program known as “BlackEnergy” has been placed in key U.S. infrastructure systems that control everything from telecommunications and power transmission grids to water, oil and natural gas distribution systems and some nuclear plants.
The bulletin — issued through DHS’ Industrial Control Systems Cyber Emergency Response Team — said several utility companies recently discovered the Trojan horse malware, which was first detected in the United States in 2011. There has been no attempt to “damage, modify or otherwise disrupt” these critical infrastructure systems by unleashing the malware, the bulletin said.
The Tribune-Review has reported in its ongoing series, “Cyber Rattling: The Next Threat,” that hackers likely associated with or directly controlled by foreign states someday may try to initiate cyber warfare attacks on the nation’s public utilities that would impact millions by cutting critical power, water and communication services.
The DHS bulletin said a group of Russian cyber spies known as “Sandworm” inserted or attempted to insert the same “BlackEnergy” malware this year in systems belonging to NATO and several European energy and telecommunication firms.
Those attending the cyber warfare conference warned that hackers have gone from big targets and corporate victims like those named in recent criminal indictments filed in Pittsburgh to smaller companies, which make up the core of the economy.
About 100 top officials from the military, banks, law firms and universities attended the conference, which was sponsored by the Journal of Law & Cyber Warfare, a peer-reviewed legal publication. Organizers allowed the Trib to attend the invitation-only event, which was held at the John Jay College of Criminal Justice.
Throughout the day, participants often mentioned the potential impact of federal charges filed in Pittsburgh against Chinese military hackers this year.
U.S. Attorney David Hickton in Western Pennsylvania brought indictments in May against five members of China’s People’s Liberation Army, saying they had stolen documents and internal communications from companies such as U.S. Steel, Alcoa and Westinghouse as well as the United Steelworkers of America.
A federal judge last week put the case on hold, saying it’s unlikely the United States will be able to bring the defendants to trial.
That was never the point, said Cedric Leighton, a retired Air Force colonel and former deputy training director at the National Security Agency who works as a computer security consultant in Alexandria, Va.
The Justice Department “wanted to send a message to the Chinese that these kinds of activities are not acceptable to the United States government,” Leighton said.
He acknowledged, however, that no one really knows whether the indictments will deter hackers from China or anywhere else from stealing more corporate secrets.
As bad as cyberattacks have been — with enormous credit card thefts at top retailers and the loss of intellectual property from top manufacturers and law firms — cyber problems will keep getting worse, said James Christiansen, vice president of information security at Accuvant, a leading computer security company based in Denver.
Hackers can trigger attacks inexpensively and from anywhere in the world — whether they are directly backed by a foreign nation or not, he said.
“I believe we are at a cyber war, but I don’t see my adversary as just someone who’s being paid by a government,” Christiansen said. “My adversary is the cyber criminalist; he’s the hacktivist; he’s Anonymous. There are all of these elements out there that are attacking the country I live in.”
The United States has its own reasons for keeping the lines blurred around cyber warfare, said Daniel Garrie, founding editor of the Journal of Law & Cyber Warfare. American companies think of cyber attacks defensively, he said, but “the United States is the best cyber attack organization in the world.”
Andrew Conte is a staff writer for Trib Total Media. Contact him at 412-320-7835 or [email protected].