Hackers Hitting Popular Apps - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

07:49 PM
Connect Directly

Hackers Hitting Popular Apps

Cybercriminals have shifted targets. Until recently, hackers went after operating systems and Internet services like Web servers and E-mail servers. In 2005, they took aim at software applications and set Internet security back six years.

Nonetheless, Richmond feels he has the situation in hand. "As part of the federal government and the judiciary, security is and always has been a very, very important concern, both physical security and data security," he says. "We limit access to our systems beyond the point of inconvenience. We use a private network. We're gated to the Internet in very narrow gates that are very tightly controlled, partly because of security concerns and partly to protect the performance that we need to get out work done."

Despite such attention to security, targeted attacks can test even the most security-conscious organizations. In mid-July, the Department of Energy Computer Incident Advisory Capability issued a warning about a rise in targeted attacks. "We are seeing more targeted attacks both within and outside of the DOE," the bulletin says

Recent revelations about Titan Rain demonstrate that sometimes targeted attacks are successful. "Titan Rain is the code term that the U.S. government has assigned a series of coordinated attacks against a variety of government and commercial systems that contain, at the very least, sensitive data," explains Winkler. He notes that these attacks--conducted though Chinese Web sites and believed by some U.S. officials to be directed by the Chinese government--have been going on for years, and have been escalating recently.

According to Winkler, data on satellite systems, space exploration, and other export controlled technologies have been taken in these attacks. But it's not just companies with advanced technology being targeted. Pretty much any organization with sensitive personal or financial data represents a potential target. Pescatore points to recent reports of credit card identity theft, some of which have involved the installation of a rootkit--the hacking tool that recently got Sony sued--on a specific server in order to harvest databases and send them to criminals. "There's just so much more financially motivated attacking going on," he says. "People are stealing these credit card databases not just to have fun and say, 'Look what I did.' They're stealing them because they can sell the credit card numbers."

The success of hacking attacks is having a dramatic impact on consumers. Two recent studies, one by the Pew Internet & American Life Project and the other by Consumer Reports WebWatch, find that over 90% Internet users say they have adjusted their online behavior out of fear of cyber crime. The Consumer Reports WebWatch study indicates that fully a quarter of U.S.-based Internet users have stopped buying things online.

Pescatore and others note that fear of online victimization has curtailed the growth of electronic bill presentment and payment, which offer companies significant savings over paper payment processing.

Because targeted attacks don't typically get reported--unless required by a law like California Security Breach Information Act (SB-1386)- there's a chance tight-lipped companies may staunch the hemorrhage of online shoppers with silence, under the theory that what they don't know won't deter them.

But silence also makes it harder for security professionals to make the case for increased investment in security. "[Targeted attacks] don't generate press, so they don't encourage other companies to prepare for them," Pescatore explains.

In an E-mail, Howard Schmidt, a noted cybersecurity expert and former CSO for both Microsoft and eBay, says the SANS report highlights the utility of hardening the presentation and application layers as a means to reduce cyber security events. "The first stop on the way to fix this is through secure coding and better QA of development processes, penetration testing on compiled code as well as vulnerability testing of integrated deployed applications via Web front ends," he says.

Pescatore says that companies in general are better prepared to deal with security issues than they were a few years ago. But criminal hackers are better prepared too. "The good news is the termites are no longer eating the bottom floor of your house," he says. "The bad news is they're eating top floor."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2 of 2
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
Register for InformationWeek Newsletters
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll