IMAGINE a platoon of expert computer criminals using the Internet to operate networks of hijacked computers. This army of computers, known as botnets (robot networks), unleashes a barrage of malicious computer code targeting a specific nation. Within minutes, that nation’s military, financial, and commercial Web sites crash. ATMs and phone networks fail. Airplanes are grounded, and computer and safety systems at a nuclear power plant are disrupted. How would people react? What would they do? What would you do?
Perhaps the above scenario seems far-fetched. But according to Richard A. Clarke, the former U.S. National Coordinator for Security, Infrastructure Protection, and Counterterrorism, something similar could happen in real life. In fact, there have already been cyberattacks.* Perhaps you have even been a victim.
Why would anyone want to launch a cyberattack? How are cyberattacks carried out? And since cybercrime against individuals is common, how can you protect yourself online?
The Digital Battlefield
People launch cyberattacks for various reasons. Terrorists or governments, for instance, may try to infiltrate the computer networks of their enemies to steal secrets or to sabotage the equipment that those computer networks control. In 2010, U.S. Deputy Secretary of Defense William J. Lynn III admitted that foreign “adversaries” had repeatedly attacked and penetrated classified U.S. computer networks and stolen “thousands of files . . . including weapons blueprints, operational plans, and surveillance data.”—See the box “Some Recent Cyberattacks.”
Computer criminals use similar methods to steal intellectual property or financial information from corporate networks and personal computers. Criminals reportedly rake in billions of dollars each year by means of fraudulent network transactions.
Criminal hackers have assembled vast armies of hijacked computers to carry out their online attacks. In 2009, an Internet security firm uncovered a criminal gang that remotely controlled a global network of nearly two million computers, many of them owned by private citizens. The Organization for Economic Cooperation and Development (OECD) recently estimated that 1 in 3 online computers is remotely controlled by an intruder. What about your computer? Could someone commandeer it without your knowledge?
Picture the following scenario. A criminal transmits a malicious program over the Internet. When the program finds your computer, it silently probes its online defenses. When it finds an unguarded door, it burrows deep into your computer and rummages around for useful information.* The malicious program may then change or delete your computer files, e-mail itself to other computers, or send passwords, financial details, or other confidential information back to the intruder.
Computer criminals could even trick you into infecting your computer yourself! How? You may infect your own computer by opening an innocent-looking e-mail attachment, clicking on a Web page link, downloading and installing a free computer program, plugging an infected memory device into your computer, or simply visiting a questionable Web site. Each of these actions can install malicious software on your computer and bring it under the control of a remote intruder.
How can you know if your computer has been infected? It can be very difficult to detect. Your computer or Internet connection may seem very slow, your applications may not run, pop-up boxes may prompt you to install certain programs, or your computer may operate in an unusual way. If you note any of these symptoms, have a reputable technician check your computer.
‘Consider Your Steps’
As nations and individuals become more reliant on computer technology, cyberattacks will likely become more common. Accordingly, many nations are scrambling to beef up their digital defenses, and some are conducting large-scale exercises to test the resilience of their computer networks to attack. Still, “given enough time, motivation and funding,” admits Steven Chabinsky, a senior U.S. Federal Bureau of Investigation computer security expert, “a determined adversary will always—always—be able to penetrate a targeted system.”
What can you do to protect yourself online? While complete online security may not be possible, you can take practical steps to make your computer more secure. (See the box “Protect Yourself!”) The Bible states: “The shrewd one considers his steps.” (Proverbs 14:15) Surely wise advice when you go online!
Cyberattacks are deliberate attempts to alter, disrupt, or destroy computer systems or networks or the information or programs that they store or transmit.—U.S. National Research Council.
In 2011, hackers could reportedly target over 45,000 known computer weaknesses. Exploiting those weaknesses, they usually try to install malicious software (malware) on people’s computers without their knowledge.
[Blurb on page 26]
Criminal hackers have assembled vast armies of hijacked computers
[Blurb on page 27]
According to the OECD, 1 in 3 online computers is remotely controlled by an intruder
[Box on page 27]
SOME RECENT CYBERATTACKS
2003: The Slammer computer worm spread rapidly through the Internet, infecting approximately 75,000 computers in ten minutes.* Regular Internet traffic slowed to a crawl, Web sites crashed, ATMs failed, airline flights were grounded, and computer and safety systems at a nuclear power plant were disrupted.
2007: A series of cyberattacks targeted Estonia, affecting the government, the media, and banks. Most of the attacks stemmed from hijacked computer networks (botnets), which caused more than one million computers in 75 countries to swamp their targets with bogus requests for information.
2010: The highly sophisticated Stuxnet computer worm infected industrial-control systems at a nuclear plant in Iran.
Computer worms are malicious programs that automatically copy themselves from computer to computer via the Internet. Like other types of malicious software, computer worms are usually assigned individual names, such as Slammer.
[Box on page 28]
1. Install antivirus, spyware-detection, and firewall software on your computer. Keep that software and your operating system updated with all security updates.
2. Think before you click on links or open attachments in e-mails or instant messages—even from friends. Be especially cautious if the mail is unsolicited and asks for personal information or passwords.
3. Never copy or run software from unknown sources.
4. Use passwords that have at least eight characters and include numbers and symbols, and change them regularly. Use different passwords for different accounts.
5. Do business online only with reputable companies that use secure connections.*
6. Do not give out confidential information about yourself or your accounts when using unsecured Wi-Fi connections, such as in public places.
7. Switch your computer off when it is not in use.
8. Regularly back up your files, and store copies securely.
Secure Web pages on Web browsers display a lock symbol and “https://” in the address bar. The “s” means secure.
[Picture on page 28]
Do what you can to protect your online security