asymmetric warfare? Are we neck deep in a new, scary era?
It sure looks that way. Consider these recent events:
Starting small ... ever-behind-the-curve Sony was nailed again, as Daily Tech reported on May 25: Sony Loses Yet More Customer Records, 3 More Sites Hacked. Nor did Sony learn anything. From Ars Technica, on June 2nd: Sony hacked yet again, plaintext passwords, e-mails, DOB posted.
Lockheed Martin is one of the biggest aerospace firms. Yahoo News reports on May 29 that: Lockheed Martin hit by cyber attack. LockMart builds F-16, F-22 and F-35 fighter jets, the Aegis naval combat system, and THAAD missile defense, among other rather sensitive items.
It's not only LockMart, of course. Yahoo News also reports on May 31 that: U.S. arms makers said to be bleeding secrets to cyber foes. As in, "The Defense Department, which runs its own worldwide eavesdropping, spying and code-cracking systems, says more than 100 foreign intelligence organizations have been trying to break into U.S. networks."
On June 3rd, from PC Mag, we have Report: Gmail Attacks Replicated on Hotmail, Yahoo. These are spear phishing attacks that Google says are aimed at "reporters, activists, and government officials."
Also on June 3rd, this time from Livescience, the depressing report that Most Major Websites Leak Private Data, Study Finds. Some snippets:
While each website might be leaking only a small portion of your information, the powerful tracking tools that receive it are able to patch all those small tidbits together into a pretty clear picture of who you are and what you are interested in.
That's the finding of a study of more than 100 popular websites used by tens of millions of people that found three-quarters directly leak either private information or users' unique identifiers to third-party tracking sites ...
From the New York Times, on June 11: I.M.F. Reports Cyberattack Led to ‘Very Major Breach.' Yup, the International Monetary Fund. Do you, your pension, or your 401k own any financial securities? Then be very afraid.
"Because the fund has been at the center of economic bailout programs for Portugal, Greece and Ireland — and possesses sensitive data on other countries that may be on the brink of crisis — its database contains potentially market-moving information. It also includes communications with national leaders as they negotiate, often behind the scenes, on the terms of international bailouts. Those agreements are, in the words of one fund official, “political dynamite in many countries.” It was unclear what information the attackers were able to access."
From the Washington Post on June 15: CIA Web site hacked; group LulzSec takes credit. The article also notes that, "In recent weeks, LulzSec has claimed credit for hacking or bringing down Web sites belonging to PBS, Sony, the U.S. Senate and the Atlanta chapter of InfraGard, a public-private partnership between the FBI and the private sector dedicated to sharing information and intelligence to prevent hostile acts against the United States."
How is all this happening? It doesn't help that the "SecurID" tokens on which many large organizations rely for authentication are less secure than once thought. From IEEE (that's the Institute of Electrical and Electronics Engineers), on June 8th, see RSA Tries to Quell Customer Anger by Offering New Security Tokens.
On June 15th, Richard Clarke, security and counter-terrorism adviser for presidents Bush 41, Clinton, and Bush 43, had an op-ed piece in The Wall Street Journal on China's Cyberassault on America. A snippet:
"Senior U.S. officials know well that the government of China is systematically attacking the computer networks of the U.S. government and American corporations. Beijing is successfully stealing research and development, software source code, manufacturing know-how and government plans. In a global competition among knowledge-based economies, Chinese cyberoperations are eroding America's advantage."Just yesterday (June 20), Nextgov reports that LulzSec Hacktivists Declare War on .Gov Websites; Feds Stand Ready. I retained the second clause in that headline out of a sense of completeness, not from any great confidence that the Feds are ready.
Sadly, my list of recent hacking-related problems is much longer. Nor am I the only one noticing. Livescience (this time on June 10th) reports that 2011 Set to Be Worst Year Ever for Security Breaches.
Welcome to the Hackpocalypse.
On a personal -- and far less cosmic -- note, this is my 200th post. Something of a milestone ...