HACKERS, a movie released in 1995. Fantasy then, reality now?
Only ten years ago, hacking was associated with socially awkward teenagers tucked away in their parents’ basements. Once these tech savvy teenagers figured out how to breach a computer system most of the time they continued doing it simply because they could. The threats and problems these teenagers caused were often limited to annoyance by the hacked. Over the past three years, however, hackers and the industry of cyber crime have come of age. The threats of what this means are just beginning to unfold. Increases in the emergence of Internet propaganda, cyber warfare, and the inability to control and safeguard personal online information worry those involved with cyber security. Efforts to monitor and combat malware that steals and corrupts information and develop best practices for cyber security are, for the most part, being led by interested and concerned individuals who have taken it upon themselves to educate and protect the larger world from this virtual threat that has become very real.
According to the FBI cyber security unit, hackings have increased with the proliferation of the Internet, and this fall, The Worldwide Infrastructure Security Report came to the same conclusion noting that cyber attacks have increased over the past few years and will continue do so. Lance Spitzner, founder of The Honeynet Project, a ten-year-old, non-profit organization that researches cyber crime and potential threats around the world said his experience has been the same.
“We’re going to have the same problems we have in the normal world, only they can grow exponentially,” Spitzner said of cyber crime. “It’s one global neighborhood, and one global problem…They (hackers) can commit crime just as easily in Nigeria, as in Brazil. A global problem, obviously requires global solutions.” Cyber warfare, a recent history in brief
In Jack Devin's article, “Tomorrow’s Spygames" for The World Policy Journal for 2008 he highlights that perhaps one of the more daunting public affairs challenges over the next 25 years will be the emergence of cyber warfare that coincides, or even replaces, physical wars. Over the past two years there have been at least two major occurences of early types of cyber warfare, one between Russian citizens and Estonia's network and another, seemingly more harmless one between Russian citizens and Georgia's servers. Both of these "conflicts" supposedly conducted by private citizens who took it upon themselves to attack servers in foreign borders.
“Though the technology employed did not appear highly advanced, these cyber attacks are only the tip of a rapidly developing iceberg. In the future, cyber attacks that disable an adversary’s communications, weapons, and other systems will have the potential to determine the outcome of wars,” Devine writes.
Web War One: Wired magazine dubbed the Spring 2007 conflict between Russia and Estonia “Web War One” when Russian citizens high jacked Estonia’s servers taking down the websites of banks, newspapers, and government communications. The cyber warfare was very much inspired by real political tensions between Estonia and Russia.
Even in the past six months, there have been three major compromises of cyber security noted in the news. Before the physical war in Georgia over the summer of 2008, Russian citizens hacked the Georgian governments websites; Skype users in China learned that their private communications were not stored on private servers; and someone hacked the e-mail system of the George Mason University president so he or she could then send an e-mail to the entire campus mis-informing them that the 2008 U.S. election day was postponed a day.
The reoccurring theme in confronting cyber security is the need to build on relationships from a variety of security forces and to blend work done by governments and corporations.
“Fighting the bots directly required a more modern defense. It required social networking,” the spring 2007 WIRED article states.
Like real relationships and conflicts, social networking and the importance of close ties play a key role in the virtual relationships formed om the web for users with any intention. It is not surprising, then, that organizations like The Honeynet Project, made up of devoted individuals, interested, and let’s be honest, most of them self-proclaimed computer geeks, have begun to build a social network of concerned and dedicated cyber cops who perform their job on a volunteer basis. CYBER COPS AND THEIR SOCIAL NETWORK: THE HONEYNET PROJECT http://www.honeynet.org/miscfiles//HoneynetWeb.mov
Now there are a multitude of non-profit operations hired by companies and subsidized by governments to set traps for botnets and malware on systems called Honeynets. Ten years ago, however, Spitzner said he was alone in his interest and concern. In 1998, Spitzner, a former tank officer for the US army, began working with a technology company where he was in charge of information technology bust said nobody cared about the perceived threats.
In the army “they teach you to know your enemy,” he said. “I went on to the internet, I wanted to know my enemy, but there was no information on how they operated and why.”
In his spare time, he explored cyber security isses and threats and in 1999 formed The Honeynet Project. Very quickly the group expanded from Lance’s home to form chapters all over the world. Including, Czech Republic, Brazil, and one of the biggest groups emerging in China.
The technology used to trace cyber criminals is called honeypots. Today the technology is widely used and essentially works by setting up an operating system that no one uses. The minute there is activity on the system, cyber cops know they have a hacker.
The US government started subsidizing the Honeynet Project in 2003, Sptizner said. Though the chapters all run independently, the chapters of the Project meet annually to discuss changes in cyber security and develop best practices. They are based on the values of OpenSource information and as such, they provide all their research, knowledge and tools via their website. Spitzner said he has no concerns about rogue hackers joining their Honeynet web because their work is mostly in the realm of research. There are some concerns among law professionals that the current legal standards are binding for the process of cyber security. This debate between privacy and security is at the heart of best practices for research on cyber security. Aaron J. Burstein, a professor at the School of Law at the University of California, Berkley, has written a paper outlining the issues around conducting cyber security research ethically and legally.
In the ten years since Spitzner started the Honeynet Project, a multitude of orgranizations have sprouted up all over the world. Another project similar to the Spitzner's work is Ironcove.net. This organization specifically works with NGO's and non -profits to help them combat cyber security. The recently highlight a piece about cyber security attacks on Tibetan NGO communities.
There is no doubt, however, that cyber security is a two way street where the line between enemy and friend, private and public, attack and error, and the world’s front lines of conflict blur.
http://www.honeynet.org/miscfiles//HoneynetWeb.mov