When computers attack--the threat and the response

Every technology is designed to accomplish results, but those that are designed for good can be used as a form of crime. The Internet is no exception. In January 2010, a Chinese cyberattack hacked into several Gmail accounts; the sophistication of the attack revealed that cybercrime has a more profound effect on the digital world than once believed. Mobs of programmers and hackers have successfully hacked into websites created by companies, banks, and even the U.S. government, and the same type of code used in the Google attack is only one means of creating and launching attacks.

Long before the days of WarGames (1983), the Internet has proven to be surprisingly vulnerable and open—a gateway to the hacking of computers and possibly to the destruction of the Internet itself. Today, extortion and fraud target personal consumers and political targets alike. As a result, computer programmers have taken a stand, and the battle against cybercrime on all fronts has come to light.

Cybercrime fighter Barrett Lyon explains that today's security measures aren't enough to fend off hundreds of thousands of computers programmed to accomplish the same thing all at once. Most of today's computers have common weaknesses, which make them susceptible to software that identifies them. If enough computers attack a site at the same time, then they can successfully tank a website. This is the basis behind an attack in which hackers crash websites via massive traffic overload. All of the bots—the computers which are simultaneously under the hackers' control—overwhelm the website by logging in or visiting it at the same time. This helps denial-of-service attacks, extortion, and theft succeed.

But Lyon's work has helped companies and law enforcement combat cyberattacks. His experience as a professional cybercrime fighter comes from his self-taught computer experience and his own history of hacking; as a teenager, he hacked into AOL and deleted the domain name, which took the site offline for three days and got the attention of the news and the FBI. As he understood more of the weaknesses of computers, he used his skills to divert and fight attacks.

At the start of his career, he saw signatures in a series of intense attacks; this helped him find the source of the attacks, and he even went undercover into the cybermafia as a Russian hacker to learn more. He gained the confidence of a Russian hacker, who went by the nickname "exe" (which stood for "extremist" instead of the file format "executable file"); Lyon posted the nickname on large public chat rooms, which revealed the false domain name the hacker was hiding behind. In the end, the domain name revealed the hacker's curriculum vitae in the registration records.

Joseph Menn, author of Fatal System Error, listed "exe" as one of his more memorable cybercriminals. "exe" was like Lyon—self-taught computer wiz at a young age. "exe," whose real name was Ivan, began writing code that acted like a virus—spreading from one bot to many others. Menn has shown the increase of serious cyberattacks across the world. Denial-of-service attacks have long existed, but in recent days these attacks have targeted government and media organizations. In Estonia and the former Soviet republic of Georgia, these attacks have been used to shut down government and media websites. In the United States, stolen military secrets are among the greatest scares. Attacks like these still happen because one out of every seven computers could be bots, and most people don't realize it or know how to prevent it.

Menn adds that the technology behind the threat isn't the only thing that keeps cybercriminals from being prosecuted. The struggle is not in the streets or in the drug market, but in the world theater. In Russia and China, hackers are an asset that the governments and their Mafias can use, especially if they know how to coordinate thousands of computers to launch major attacks in the United States. The Google attacks in January 2010 are directly correlated to the Chinese government, but this isn't all. Hackers have managed to retrieve our military secrets and have the potential to hack into our power grids, and all through a technology that was designed to accomplish good.

With terrorists gaining interest in computer hackers and nations trading military secrets and draining our economy, is there hope? Menn and Lyon don't see much of it. Menn reminds us that the hacking leads to a trillion-dollar drain on the economy, especially in online commerce. Lyon sees an increasing paranoia in the security industry; it's an erosion of trust, one which decreases the effectiveness of fighting any kind of crime. Unlike weapons with specific purposes, people can do anything they want with software. Until greater and more effective security measures are created, the technology reminds us that the greatest of technology can lead to the greatest of crime.