Cybercrime 'Much Bigger Than al Qaeda' in the US

Cybercrime 'Much Bigger Than al Qaeda' in the US
Security experts confirm concern outlined by US Department of Homeland Security Secretary in recent speech
By Taylor Armerding
Features Jun 12th 2012

It is unlikely that Americans will ever again see commercial jets crashing into skyscrapers, piloted by terrorists. But Department of Homeland Security (DHS) Secretary Janet Napolitano believes that malicious computer code generated by groups like al Qaeda are just as big a threat to the security and stability of the nation.

Does that mean that we are at war with cyberterrorists? Napolitano doesn't go that far -- she uses the term "cybercrime," as do a number of cybersecurity experts.

Still, the damage worldwide is headed toward a half-trillion dollars a year. Napolitano, in a speech May 30 to business leaders and government officials, said that besides "al Qaeda and al Qaeda-related groups," cybercrime is, "the greatest threat and actual activity that we have seen aimed at the west and at the United States. Unfortunately, it is a growth arena."

"Our cybersecurity as a country is inextricably linked to our economic capability," she said. "The systems we use are interdependent, interconnected and critical to daily life in the United States. Communication, travel, powering our homes, running our banking systems -- these are all interconnected systems."

Napolitano cited a study by Symantec's Norton that estimated the cost of cybercrime worldwide at $388 billion -- more than the global market for heroin, cocaine and marijuana combined, and said, "I think those are conservative numbers, based on the things that come into DHS."

Already in Battle
But the U.S. is not just on the defensive. Napolitano's speech came just two days before The New York Times, citing anonymous sources in the Obama administration, reported that the president had secretly ordered the use of the Stuxnet worm to attack the computers that run Iran's main nuclear enrichment facilities.

The Times reported that this was in collaboration with Israel, and was the continuation of a program code-named Olympic Games, started under President George W. Bush. The attack is estimated to have set back the Iranian nuclear program by as much as two years.

Attacking another nation-state's potential military capability may sound like an act of war to some. Joel Harding, a former military intelligence officer and now a communication and public diplomacy information operations expert and consultant, wrote in a blog post shortly after The Times' story, "It's official. The United States of America was the first to use an atomic bomb against an enemy and now the United States is the first to have acknowledged using a cyber weapon against another country. We are now certified bad guys to the rest of the world."

"To whoever leaked the information from the Obama administration, for whatever purpose, you have now doomed the United States to a terrible legacy forever," he wrote.

David Jeffers, writing for PCWorld, called malware such as Flame "the Internet equivalent of biological warfare."

But Harding told he does not think this means the U.S. has started a cyberwar. "There will never be a pure cyberwar in my opinion," he said. "There will be operations in cyberspace but they will always be in support of other actions. By itself warfare in cyberspace cannot conquer an enemy. The effects will normally be temporary and probably not physical in nature."

Still, he said the admission taints the U.S. in the eyes of the rest of the world. "It is a challenge to maintain a high moral position if we are the first to acknowledge the use of such a weapon," he said.

Source: CSO (US)


Financial services firms struggling with ecommunications

In its sixth annual survey of electronic communications compliance, compliance and ediscovery specialist Smarsh reports that financial services firms are struggling to retain and supervise the growing volume and variety of ecommunications.

Most marketers miss mark with mobile messaging

Consumers are inundated with notifications from all types of mobile messaging services, and though many will engage with businesses that use relevant alerts, most organizations don't capitalize on the opportunity.