Fighting 21st Century Cyber-Threats

In the post-9/11 world, 21st century cyber-threats thwart 20th century defenses.

In the 10 years since hijackers flew two passenger jets into the World Trade Center in New York City and a third one into the Pentagon, federal, state and local governments have struggled to secure transportation systems and physical infrastructure from terrorist attacks.

However, the damage was done. The attacks ended-probably forever-Americans' belief that we were immune from the terrorist attacks that had plagued the Middle East, Europe and the Asia-Pacific regions for years.

Since then, Americans and technology-savvy people around the world have had to deal with another source of unease: insecurity about whether the computer systems people and institutions rely on are safe from theft, corruption and destruction by advanced cyber-threats.

In 2001, the closest thing we had to social media was, and cyber-threats mostly involved stalling Website operations, compromising PC performance and occasionally destroying database files.

However, in the past 10 years, cyber-threats have evolved into sophisticated attacks that can cripple large enterprises, steal credit card numbers and personal identities, empty bank accounts, and probe the depths of enterprise and government networks before draining databases full of sensitive documents or trade secrets.

Ten years ago, viruses were still primarily the work of amateurs, said Mikko Hypponen, chief research officer at F-Secure. "People weren't writing keyloggers and viruses to make money," he added. The most common way of getting infected was via a malicious executable file attached to an email message. That kind of attack would no longer work, as those emails would now be blocked.

It was easy to tell when a user was infected back then, as malware would produce an effect, such as crashing the computer. Now, sophisticated malware lurks silently on infected systems and harvests data. It's nearly impossible to tell if a user has been infected, Hypponen said. Cyber-threats now come from criminals intent on stealing money, extremists out to make a point and nation-states engaged in espionage.

Shortly after the United States Navy SEAL operation killed Osama bin Laden in his compound in Pakistan, there was an increase in probing attacks on defense systems in an attempt to access information about the operation, Charles Dodd, a government consultant for cyber-defense, told eWEEK. Intruders were after classified information on whom the United States talked to and worked with, as well as the information collected, he said.

Criminals are increasingly relying on the latest technologies to plan and execute attacks on the Internet-including the use of social networking to push out scams-and they are focusing on developing mobile malware. In fact, Canadian and United States law enforcement organizations have complained about criminals relying on BlackBerry's encrypted communications to hide their activities.