Cyber attacks and warfare are among the greatest threats to the United States. The federal government and private industry spend billions of dollars every year in people and technology to defend critical systems and data. Our cyber defenders must stop the threat every time an intrusion attempt is made, but our adversaries only have to get it right once. Daily media reports of cyber breaches, loss of personal information, disclosure of classified information, and state-sponsored advanced persistent threats (APTs) fill the headlines.
Government agencies and the private sector are attacked literally every hour of every day by unskilled hackers trying for any vulnerability they can find. The real concern however, are organized crime rings and foreign countries that have armies of highly skilled attackers with the financial backing and patience to get into networks and stay inside once they have created an opening. These organizations will pay developers thousands of dollars to create custom malware, often referred to as “zero day” attacks that will slip past network security defense-in-depth systems and exploit computers because security systems haven’t seen this new threat before and don’t know to stop it.
A common tactic used by attackers is to obfuscate their Internet Protocol (IP) address, making it more difficult to trace illegal activity and to put blocks in place on network devices such as firewalls or routers. One way this obfuscation occurs is when an attacker hijacks another computer and then uses the hijacked computer to do their criminal activity. These hijacked computers are often referred to as “jump points.” When an attacker uses a jump point to do their hacking, it will make it look like the jump point was the source of the attack.
I once investigated a case just like what was described above. An organized crime ring found a vulnerable computer in the Pacific Northwest that they exploited and took control over, making it their jump point. The attacker then used this jump point to exploit another computer that belonged to an employee of a medical facility. Once the medical center computer was compromised, the attacker proceeded to obtain the credentials necessary to drain tens of thousands of dollars from the medical center’s bank account.
During the investigation, an IP address was identified as the source of this attack. I obtained a subpoena for the Internet Service Provider (ISP), which held that IP address and discovered it was assigned to an elderly couple in a nearby state at the time of this attack. A search warrant was obtained for their residence and law enforcement seized their computer and sent it to us for analysis. In short, we discovered that this unfortunate elderly couple had nothing to do with this attack except for providing a high-speed Internet connection and vulnerable computer to the attacker. We were never able to identify the attacker in this case.
The case highlighted above is financially motivated, but it could have easily been an attacker using this jump point to hack into national security information or the energy infrastructure. There are some easy steps any computer owner can take to harden themselves against becoming an accomplice to a cyber-terrorist. Some of the steps computer users can do to protect themselves and the country include:
- Always have anti-virus software installed and updated daily with the latest definitions.
- Install operating system security patches and updates.
- Keep third-party software applications updated.
- If using WiFi at home, ensure it is protected with encryption and consider other steps such as MAC address filtering and hiding the SSID.
- Turn off your computer and/or Internet connection if away for an extended amount of time.
- Use a firewall (software or hardware).
- Don’t click on links embedded in email messages when they are suspicious or untrusted.
- Use tough passwords and don’t re-use passwords (e.g., don’t use the same password to login to your computer as you do for your email and Internet banking).
- Use encryption on all your devices when available.
Everyone should practice these and other information security steps to protect themselves from becoming a victim of identity theft, financial fraud, forgery, and other criminal activity. By reducing the number of exploitable computers within the United States it protects our citizens and our nation from this type of cyber-attack.