The Internet is a growing hub of national security threats to the U.S., as hackers are finding more ways to infiltrate heavily protected computers to access sensitive information. According to an investigation by BusinessWeek,
hackers are breaching networks through emails that look like legitimate correspondences between the U.S. government and defense contracting companies.
The attacks target specific individuals who are known defense contractors with access to extremely sensitive data such as international weapons sales. They obtain the personal information, such as job title and responsibilities, through public information on company websites or through infected computers.
With that knowledge, they send an email posing as a legitimate partner with the victim—the U.S. military, for example—and trick him/her into opening an email. Once opened, the email unleashes a new kind of malware known as RAT (remote administration tool).
RAT enables the attacker to control the host computer in a variety of ways, including taking screen shots and browsing files, and then relaying that information back to the attacker.
U.S. officials say that many of these attacks are government-sponsored, citing a Web site linked with several recent security breaches. The website is registered in China, and though the Chinese government denies the allegations, U.S. officials say the government’s strict control of the internet makes that unlikely.
“The new breed of threat that has evolved is nation-state-sponsored stuff,” says Amit Yoran, a former director of Homeland Security’s National Cyber Security Division.
Sophistication makes detecting the viruses more and more difficult. Of 34 anti-virus software programs, only 11 detected a recent attack titled Poison Ivy when a test on behalf of BusinessWeek was conducted.
Cyber security threats are rising (up 55% in military networks compared to last year), and without proper protection identity theft might be a small worry when it comes to lost data.
By Danny Scuderi
For comments on this article,
email us at firstname.lastname@example.org