Thursday, February 16, 2012

The nature and scope of cyber theft - it's personal

A recent U.S. intelligence report observed that cyber theft by our economic and military competitors pointed out that countries like China and Russia are stealing as much technology as they can as fast as they can from anyone who lets them steal it. America's response is, just like politics as usual, ineffective chaos and paralysis. That report and other sources were mentioned here previously.

The Wall Street reported an instance about the nature and broad scope of hacking at Nortel that began in 2000 and continued for a about decade (Tuesday, Feb. 14, 2012, story at pages A1 and A16; online version). Even the CEO of Nortel was hacked and had no idea it was happening. Nortel was completely compromised - hackers had access to essentially everything. Nortel is a Canadian telecommunications firm and was once a large company. It is in bankruptcy now, presumably because of bad business decisions and not because the Chinese hacked them to death. 

Just how much of this is going on?
That disturbing Nortel story led to the question of just how pervasive is this hacking thing. The intelligence report says it is widespread in U.S. industry and government. How about average Americans with nothing in particular of value to go after? A check of IP addresses that query my home router seemed like a good, obscure, utterly worthless place to look for anything. No one in their right mind would waste any time looking for anything there. What was on my router log was a real surprise. There are endless probes of all ports coming from Chinese and Russian IP addresses. The probes are persistent and repeated. Probes occasionally come from U.S. and other IP address locations, but the majority (probably > 85% come from China and Russia). That's creepy.

I mentioned this to the IT guy at my company. He laughed and wasn't surprised. Hackers use software programs that probe everyone's PC at random. No one was specifically looking for my router or me personally. He said that the Chinese and Russians are well-known in the IT community as the major hyper-aggressive hackers and that they probably have hacked millions or tens of millions of personal computers.  Maybe more, maybe less. Nobody knows. Lots of organizations have been hacked: Homeland Security, U.S. Chamber of Commerce, U.S. military, U.S. banks and retailers, 90% of U.S. companies according to one survey, the $300 billion U.S. Strike Fighter project and so on. The threat is real and now, not theoretical or in the future. The value of what has been stolen to date is incalculable, for obvious reasons.

F-35B Lightening II
Joint strike fighter - Elgin AFB, Florida - January 2012


Why care?
Why should anyone care that millions of U.S. and other PCs are hacked? That's their own damn problem, right? Well, not really. If those hacked machines are used in coordinated cyber attacks, they can cause chaos on the internet and our economy. A coordinated attack can cripple critical civilian and government infrastructure and/or operations. It can shut down our electrical grid, which is a definite bummer. It can cost our economy billions or tens of billions per day. In short, hacked PCs and the folks who own them are a real menace to all of us, including themselves.

How to fix it
Although a fix is probably simple and doable, it isn't going to happen with our current state of political meltdown and paralysis. One fix would be to require, in the name of national security, that everyone to use security software on their PC and keep it updated. That would have to be done automatically because many people are too lazy to do it on their own and/or would outright refuse on whatever grounds struck their fancy at the time, e.g., conservative Republicans and Libertarians refusing to submit to government interference with essentially anything.

Since our perpetually paralyzed U.S. government isn't going to fix anything in my lifetime, here is something easy to do that might help defend America at least a bit. It costs nothing except about 1 or 2 minutes of time.

Quick, easy check for a hacked PC
There is an easy way to check if your computer is hacked. Close all applications and then click the Microsoft icon on the bar at the bottom of your desktop to get the search programs and files box. Then:
1. type "run" and hit enter - a new window opens
2. type "CMD" and hit enter - a new window opens (C:\windows\system32\CMD.exe)
3. type "netstat -ano" (don't omit the "-" before ano or the space after netstat)
4. in the State column, look for the word "ESTABLISHED" - if it is there, your computer is hacked - if you check it with you browser open and connected to the internet you will see the word established because the internet connection via your browser is on, i.e., the connection to the internet is ESTABLISHED
5. if your PC is hacked, get it fixed and keep it fixed - that keeps me safe from you

Its free
Security software doesn't have to cost anything. I use Microsoft Security Essentials (its free) and one off breed free security program. It ought to be free since its Microsoft's own OS that is hackable, which is my definition of a defective consumer product. But that's a different topic. The off breed is there to back Microsoft up in case hackers try and succed in hacking Microsoft's security. Few hackers, if any, goes after off breeds, unlike they do with the big guys like Norton, MacAfee and probably Microsoft itself. The payoff from toasting off breeds is too small.

With any luck, software for individual personal computers will get harder to hack over time and this here & now national security threat will diminish. Businesses and the government will need to figure out on their own how they are going to defend themselves. Congress probably isn't to going be much help in fixing this threat to our economy and security. They are pre-occupied blaming each other, gerrymandering their voting districts for their own benefit and working on reelection, i.e., doing political business as usual.

No comments:

Post a Comment