Recent Rhetoric About Cyber War is a Smokescreen to Limit Freedom of Speech on the Internet
China and the U.S.: Sizing Up for Cyber War? (Excerpt)
Senior US officials call cyber attacks 'acts of war', but critics think the tough talk is a smokescreen for censorship.Although there were strong reactions after Google's Gmail accounts were phished, some analysts say that similar occurrences happen all the time, and US government chest-thumping is code for internet censorship.
June 9, 2011
Al Jazeera -...There is nothing new or impressive about recent cyber attacks, even though the international media has focused on them, says Bruce Schneier, a technology expert and author of several books who The Economist magazine describes as a "security guru".
"Millions of these kinds of attacks happen all the time," he says.
To him, recent phishing operations against Google are not even worthy of a blog post, as such events happen so frequently.
Chris Palmer, the technology director with the Electronic Frontier Foundation advocacy group, thinks recent rhetoric about cyber war is a "smokescreen to limit freedom of speech on the internet".
"If I was being cynical, this campaign [about cyber security] is being launched by defence contractors to drum up a threat and get money from it," Palmer told Al Jazeera.
The US state department's tough talk about physical reprisals is not the way to defend American infrastructure from attacks, he says. The solution is much simpler: Taking sensitive data off the internet entirely.
Gaining access to military documents or networks controlling physical infrastructure like water treatment plants and nuclear facilities "should be like Mission Impossible, requiring a physical presence". In the film, Tom Cruise has to sneak into a heavily guarded room to physically access a computer with secret information.
In the 1980s and early 1990s, power plants, for example, ran on private networks where the censors would talk to the controllers, Palmer says.
"Now things that are supposed to be private have become virtually private, going over the same lines as internet traffic."As getting online became cheaper, and operating private networks became more costly and cumbersome compared to using the standard internet, companies began using the regular net.
"Not being on the internet costs more for dollars and opportunity cost," he says. "The design and the reality don't match anymore, but the design was supposed to be private."
And this semi-public link to the broader net leaves vital systems potentially open to attack.
While military contractors propose new products to defend against online threats, commercial cyber crime - where companies seek data on competitors and rivals try to steal industrial secrets - may be a bigger issue than fears of nation to nation conflicts spilling onto the internet.
"The [US] defence department, just like everyone else, is struggling with the rapid rise of cyber threats," says Richard Stiennon, the security analyst. "It is all new. They don't have a basis in international law or jurisdictional avenues from which to build a cyber response"...
Citigroup Says Hackers Accessed Credit Card Data
June 9, 2011Reuters - Citigroup Inc (C.N) said computer hackers breached the bank's network and accessed the data of about 200,000 bank card holders in North America, the latest of a string of cyber attacks on high-profile companies.
Citi said the names of customers, account numbers and contact information, including email addresses, were viewed in the breach, which the Financial Times said was discovered by the bank in early May.
However, Citi said other information such as birth dates, social security numbers, card expiration dates and card security codes CVV.L were not compromised.
"We are contacting customers whose information was impacted. Citi has implemented enhanced procedures to prevent a recurrence of this type of event," Sean Kevelighan, a U.S.-based spokesman, said by email.
"For the security of these customers, we are not disclosing further details."
In the brief email statement, Citi did not say how the breach had occurred.
Another Citi spokesman, James Griffiths in Hong Kong, said the breach had affected 1 percent of North American card customers, which the bank's annual report says total 21 million.
But like Japanese electronics and entertainment group Sony, which has declared several security breaches of its networks this year, Citi could come under fire for not telling customers sooner.
"It may be the bank's business, but it's the consumer's personal information so consumers deserve to be told about security breaches immediately," said Dan Simpson, a spokesman for Australia's Consumer Action Law Centre, an advocacy group.
"It's hard to see any reason why this sort of breach couldn't have been disclosed much sooner."
GROWING CONCERN
Citigroup joins a growing list of companies that have suffered cyber attacks.
Data storage firm EMC Ltd (EMC.N) this week offered to replace millions of electronic keys after hackers used data from its RSA security division to break into the network of arms supplier and information technology provider Lockheed Martin (LMT.N).
Sony has reported several attacks, including one in which hackers accessed the personal information on 77 million PlayStation Network and Qriocity accounts.
Sony was criticised for a delay in telling account holders that their information had been stolen by hackers.
Google Inc (GOOG.O) last week revealed a major attack on its Gmail accounts targeting, among others, senior U.S. government officials that it said appeared to originate in China. Washington has scrambled to assess if security had been compromised by the raid on Google's Gmail system, reflecting increasing concerns among global policymakers about cyber security.
Citi said it had discovered the unauthorized access at Citi Account Online, an online banking service, through routine monitoring.
"It's definitely a serious security breach when that amount of data's been stolen from a bank," said Sydney-based Ty Miller, chief technology officer of Pure Hacking, a network security company.
Citigroup global enterprise payments head Paul Galant, who previously ran the bank's credit card unit, said in April that security breaches are a fact of life for financial institutions.
"Security breaches happen, they're going to continue to happen ... the mission of the banking industry is to keep the customer base safe and customers feeling secure about their financial transactions and payments," he told Reuters in an interview.
Google: Hundreds of Gmail Accounts Hacked, Including Some Senior U.S. Government Officials
The company said it recently detected the security breach and stopped what it described as “a campaign to take users’ passwords and monitor their emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegating settings.”
Google’s email service enables users to forward messages automatically and grant others access to their accounts.
In a blog post, Google said it has notified victims of the attack. It has also notified relevant government authorities, the company said. Other world leaders affected include government officials from South Korea, Google said.
A spokesman declined to comment on who the victims were and how long the hacker had access to their Gmail accounts.
The episode comes amid a flurry of cyber attacks in recent weeks, including one hacker’s access to Sony’s online video game accounts. Rep. Anthony Weiner (D-N.Y.) this week said he was a “victim of a prank,” referring to what he has called a hacker’s access to his Twitter account and a tweet to a woman in Seattle with a picture of a groin.
It didn’t immediately appear that the incidents were connected.
Google said in its post that its affected Gmail users were victims of a “phishing” scheme. That tactic allows hackers to obtain user names and passwords by asking for the information under the guise of providing security for online accounts.
“It’s important to stress that our internal systems have not been affected—these account hijackings were not the result of a security problem with Gmail itself,” Google said in the blog. “But we believe that being open about these security issues helps users better protect their information online.”
No comments:
Post a Comment