Return-Path: <sentto-279987-4873-1024774361-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Sat, 22 Jun 2002 12:34:08 -0700 (PDT) Received: (qmail 31367 invoked by uid 510); 22 Jun 2002 19:32:38 -0000 Received: from n7.grp.scd.yahoo.com (66.218.66.91) by all.net with SMTP; 22 Jun 2002 19:32:38 -0000 X-eGroups-Return: sentto-279987-4873-1024774361-fc=all.net@returns.groups.yahoo.com Received: from [66.218.67.198] by n7.grp.scd.yahoo.com with NNFMP; 22 Jun 2002 19:32:41 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_3_2); 22 Jun 2002 19:32:40 -0000 Received: (qmail 31447 invoked from network); 22 Jun 2002 19:32:40 -0000 Received: from unknown (66.218.66.216) by m5.grp.scd.yahoo.com with QMQP; 22 Jun 2002 19:32:40 -0000 Received: from unknown (HELO red.all.net) (12.232.72.152) by mta1.grp.scd.yahoo.com with SMTP; 22 Jun 2002 19:32:40 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g5MJXXF28517 for iwar@onelist.com; Sat, 22 Jun 2002 12:33:33 -0700 Message-Id: <200206221933.g5MJXXF28517@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sat, 22 Jun 2002 12:33:33 -0700 (PDT) Subject: [iwar] [fc:CIA.Warns.of.Cyber.Pearl.Harbor;.The.Internet.Is.My.Neighborhood] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=3.2 required=5.0 tests=RISK_FREE,FREE_MONEY,DIFFERENT_REPLY_TO version=2.20 X-Spam-Level: *** CIA Warns of Cyber Pearl Harbor; The Internet Is My Neighborhood Mortgage Technology, 6/21/02 http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=8377 Imagine this: You show up for work on some future Monday morning to find your chief information officer nervously pacing around your desk. He's talking somberly into his cell phone. Another voice is booming from speakerphone on your desk. Your CIO spots you and holds up one finger indicating that he needs a moment. He thanks his callers and hangs up. It's all gone," he says. "Gone, scrambled, erased, nada. We've been hacked." "What do you mean, 'hacked?'" you ask. "Actually, 'hacked' is the wrong term. We've been demolished." He tells you that sometime over the weekend someone broke into your company's servers and corrupted all data files, payment histories, loan files, customer names, loans in process, everything. The phone rings. It's one of your servicing contractors wanting to know if your server is down, because they can't access data they need to process payments. In your customer-service department borrowers are calling wanting information about the status of their loans. Processing tells you escrow companies are jamming the phone lines asking for payoff figures. You are dead in the water. Your information is all gone. To make matters worse, your CIO suspects the servers are still infected with several unknown viruses, so he can't even begin to tell you when he will be able to reload the files from Friday's backups. And, he can't guarantee that the intruder did not plant a Trojan horse that will pop up later and destroy the backups as well. This is a scenario those in the financial services industry must begin taking seriously. A new, more determined, more dangerous breed of hackers has surfaced. In April the US Central Intelligence Agency revealed that one of the highest priorities of the Chinese military is the development of cyber-attack capabilities. The CIA reported that hundreds of Chinese military cadets are trained each year in the arcane art of hacking into the West's commercial computer networks. Embracing hacking as a weapon is seen by the Chinese military as a way of balancing the military scales. With only a handful of nuclear weapons, CIA analysts believe the Chinese have determined that America's weak underbelly is now our dependence on computers and computer networks. The goal of such an attack would be to throw a major monkey wrench into the West's interdependent commercial networks. Such an attack would cost our economy billions of dollars in lost business. When would it come? Perhaps China would coordinate such a cyber-attack with a move against Taiwan, for instance. A major financial disruption could provide China a dandy (if risky) way to slow US intervention on behalf of Taiwan. Last year, according to the CIA, Chinese hackers may have provided the US a demonstration of their hacking skills. Shortly after a military surveillance plane collided with a Chinese fighter last April, the Chinese allegedly launched a two-week cyber-attack against the US. More than 1,200 attacks were made against US government and commercial websites, and some of these sites were brought to their knees. According to the CIA assessment, China's "nonstate hacking community continues to pose the most immediate threat to U.S. computer networks." The CIA warned that those 'nonstate' hackers in China "appear to be organizing for cyber-attacks again this spring, particularly during student breaks early next month and around the anniversary of the EP-3 (surveillance plane) incident." That anniversary has passed, but the threat remains. China is not the only foreign power to notice this chink in our national armor. Middle Eastern groups have also been busy probing our business networks. The next attack from that part of the world may well be a hacker flying a store- bought Pentium III desktop into CitiBank's servers. Security experts say that the prime target of such attacks will be our financial network infrastructure. A report issued in April by Riptech, Inc., a computer security firm in Alexandria, Va., analyzed data from attacks on its clients. They had logged 128,678 attacks during the last six months of 2001. Riptech's findings should be of concern to the mortgage and banking industries. The Riptech data showed that the hacks were concentrated in a handful of industries. Financial services companies were the top targets of attackers from the Asia Rim. Power and energy companies are targets of choice for attackers from the Middle East. Other Riptech findings: * Once a company has at least 500 employees they enter the highest-risk category for attack. * Public companies were more likely to be attacked than private companies. * Private companies with a high public profile also become likely targets. Ever since computers first became tools of business, we have known the little buggers can be unreliable and have learned the hard way about backing up important data files. But the new threat you face goes far beyond simple computer crashes and lost files. The offensive weapons in our enemy's cyber-arsenal are as sophisticated as any of their conventional weapon systems. They are strategically designed for stealth, maximum destruction and effective frustration of traditional data-recovery schemes. The Gartner Group addressed these new threats this year by stressing that businesses need to rethink all their security and recovery plans. "Know yourself as you know your enemy,'' the report advised. (Prioritizing Security Efforts: Create Structure from Disorder, Jan. 2002; Gartner/G2, www.GartnerG2.com). Data and source documents should be stored at a site separate from the location of the production systems. Data security experts estimate that each megabyte of your commercial data would cost an average of $50,000 if it had to be reconstructed from scratch. They say it costs $18,000 an hour when the average commercial local area network goes down and a hefty $75,000 an hour for a full-blown Unix networks. The costs of data recovery alternatives must be balanced off against those benchmarks. These may seem like extreme measures, but the price of procrastination may be very high. In fact, you may need to do more. Hardening your Defenses Depending on your IT budget, there are several defensive solutions you can choose from. Maintain a Cold Site: This is the cheapest option. A Cold Site is really nothing more than a room you maintain - at your headquarters or a remote office - that contains enough space, communication lines, power, cables, software and gear you would need in the event some kind of disaster took out your primary working system. Everything is there your IT department needs to build a new working network. This case is a "cold" start, and could take anywhere from a week to two weeks before it is assembled, tested and up and running. But, since it just sits in pieces, it costs very little to maintain. You have to balance immediate cost-savings with the more expensive Hot Site option. The Cold Site option, while it replaces your physical network, still does not address the security of your daily working data files. The Hot Site The Hot Site option is a facility that houses a complete mirror image of your company's physical systems and data. A Hot Site should be able to pick up your operations without missing a beat if your primary system goes down, for whatever reason. A Hot Site should also contain the necessary resources to manage unexpected situations that could cause a business to lose customers, market share - or even its very existence - in the event of a service interruption. A Hot Site can be housed at your main headquarters or a remote location. Which choice you make is a strategic decision. If you believe your company may be a hack target but an unlikely physical target, then having your primary and Hot Site systems in the same building may be more cost effective. Of course a tornado rather than a terrorist may hit your headquarters, so Hot Sites come in two flavors: Internal and Outsourced. An Internal Hot Site is just what it implies: your business uses its own resources to set it up and operate it. The advantage is that you can engineer the site for a more seamless response if your main systems are destroyed or disabled. And the internal site can be tested at will. An outsourced Hot Site is run by an outside contractor off your campus. You lose some control, but it frees up your CIO and other systems personnel to concentrate on your normal daily business. It also means that if your physical location is physically stricken, your Hot Site will be safe. Your data should be backed up to the Hot Site at least once each day. Reciprocal Agreements For those who choose the Cold Site option, data security still needs to be addressed. The most cost-effective solution is a reciprocal agreement with one of your working partners. This solution works best for businesses that have trusted vendor partners with whom they routinely share data anyway. Under these agreements each company agrees to maintain daily backups of the other's files. Of course, the companies must have an excellent working relationship and a mutual interest in data security and recovery. This solution does not provide complete security, though. A hacker might stumble across the backup pathway you maintain with your partner, wiping out both companies files. Tape Vaulting This is the oldest - and most secure - form of data storage. Primitive as it may be, it cannot be hacked because you ship backup tapes to a secure vault environment at the end of each business day. While this is a simple solution, recovery time is slower than with online backups. And the cumbersome process of shipping tapes each day causes some companies to slack, setting backup cycles weekly rather than daily. Who knows, maybe your data security protocols are just fine. Maybe. However, as you slip off to sleep tonight, remember that half a world away a couple of hundred eager Chinese Army cyber-cadets are just beginning their day. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Free $5 Love Reading Risk Free! http://us.click.yahoo.com/3PCXaC/PfREAA/Ey.GAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2003-08-24 02:46:33 PDT