Today, as in the beginning days of the Internet, people hack for power and money -- and for one other reason: simply because they can.

Early on, there were black hats and white hats, they were just much more reserved and secretive than today's headline-capturing hackers. The difference today is that there are massive amounts of information, intellectual property and money moving back and forth on information systems. Successful hacking attempts disclosed in just the last few weeks have demonstrated how millions of dollars in cash and trillions in state secrets can be stolen comparable to the amounts taken in past wars. With the seriousness of cyber war now upon us, let’s look in more depth at the reasons.

Reason No. 1: Power

With personal portable storage capabilities in terabytes and global Internet access available to all, organizations such as the National Security Agency (NSA) got interested in gaining power and control over technologies that could access these information systems. This led to years of control of encryption algorithms, software back doors, wireless spectrum and increased control over the Internet.

The NSA's information gathering is now refined in a secretive unit known as Tailored Access Operations. TAO identifies, monitors, infiltrates and gathers intelligence on computer systems being used by entities hostile to the United States. The unit uses automated hacking software to harvest approximately 2 petabytes of data per hour, which is largely processed automatically. With this much technological power must come responsible restraint. The U.S. Department of Defense calls the use of offensive exploit hacking "computer network exploitation," but emphasized that it doesn’t target technology, trade or financial secrets.

There is, however, a thin line between the use of exploitation hacking technologies that can quickly change cybersecurity defense into cyber war offense. The first big example of cyber offense was the use of very sophisticated exploit malware called Stuxnet, which was used to attack the control system of an Iranian nuclear plant. Recently a state sponsored attack was disclosed in a Defense Science Board study as reported by The Washington Post. More than two dozen top U.S. weapons systems -- including the Patriot missile defense program, the V-22 Osprey, the Black Hawk helicopter and the Navy’s new Littoral Combat Ship -- were compromised by a Chinese cyber espionage attack. This use of computer network exploitation is a clear example of just how powerful these cyber technologies are -- and how defenseless we are in stopping them.

In the past, as today, standards, compliance mandates and even secret government programs try to keep the potential use or abuse of both defensive and offensive information system security technologies in check. Big corporate and government involvement in these security technologies coordinated timely distribution of adequate security technologies while still controlling sophisticated methods of cracking security if needed. Today there is software that can find security back doors in minutes, and new exploit tools can be downloaded daily, making control of information security solutions much more difficult. We have reached a point in cybersecurity where we must focus on solutions that cannot be manipulated.  We can't continue to think we can deploy cyber technologies that have hidden access or can develop exploit systems fast enough to stay ahead of a world of knowledgeable hackers. The true power in cybersecurity is just what it says it is: security. Nations that focus on financing defensive technologies will prove to have the real power in this cyber game.

Reason No. 2: Money

Cybercrime is now believed to be the No. 1 form of crime, exceeding even illegal drug trade. Some figures within the last year give an idea of how much money we are talking about -- commercial and government projections count trillions of dollars lost in global intellectual property, with recent bank robberies of $45 million in cash.


View Full Story
Larry Karisny  | 

Larry Karisny is the director of Project Safety.org and a consultant supporting local wireless broadband, smart grid, transportation and security platforms.