CircleID

The U.S. federal government cybersecurity team with primary responsibility for protecting the computer networks of government and private enterprise is facing challenges, according to a draft Government Accountability Office (GAO).

Keith Epstein, a correspondent in BusinessWeek's Washington bureau reports: "The U.S. Computer Emergency Readiness Team, known as US-CERT, mans the front line in any cyber-attack. The group monitors computer networks for hacker threats, investigates suspicious activity online, and is supposed to issue timely alerts to information technology security professionals from the White House to corporations and electric utilities. But the GAO draft report describes US-CERT as bedeviled by frequent management turnover, bureaucratic challenges that prevent timely sounding of alarms, a lack of access to networks across wide swaths of critical terrain, and an inability to fill large numbers of positions with qualified workers."

Also included in GAO's report, threats that have been identified by the U.S. intelligence community and others: Bot-network operators, Criminal groups, Foreign intelligence services, Hackers, Insiders, Phishers, Spammers, Spyware/malware authors, and Terrorists.

Types of cyber attacks on GAO's watch list include:

Denial of service - A method of attack from a single source that denies system access to legitimate users by overwhelming the target computer with messages and blocking legitimate traffic. It can prevent a system from being able to exchange data with other systems or use the Internet.

Distributed denial of service - A variant of the denial-of-service attack that uses a coordinated attack from a distributed system of computers rather than from a single source. It often makes use of worms to spread to multiple computers that can then attack the target.

Exploit tools - Publicly available and sophisticated tools that intruders of various skill levels can use to determine vulnerabilities and gain entry into targeted systems.

Logic bombs - A form of sabotage in which a programmer inserts code that causes the program to perform a destructive action when some triggering event occurs, such as terminating the programmer's employment.

Phishing - The creation and use of e-mails and Web sites-designed to look like those of well-known legitimate businesses, financial institutions, and government agencies-in order to deceive Internet users into disclosing their personal data, such as bank and financial account information and passwords. The phishers then use that information for criminal purposes, such as identity theft and fraud.

Sniffer - Synonymous with packet sniffer. A program that intercepts routed data and examines each packet in search of specified information, such as passwords transmitted in clear text.

Trojan horse - A computer program that conceals harmful code. A Trojan horse usually masquerades as a useful program that a user would wish to execute.

Virus - A program that infects computer files, usually executable programs, by inserting a copy of itself into the file. These copies are usually executed when the infected file is loaded into memory, allowing the virus to infect other files. Unlike a computer worm, a virus requires human involvement (usually unwitting) to propagate.

Vishing - A method of phishing based on voice-over-Internet Protocol technology and open-source call center software that have made it inexpensive for scammers to set up phony call centers and criminals to send e-mail or text messages to potential victims, saying there has been a security problem and they need to call their bank to reactivate a credit or debit card, or send text messages to cell phones, instructing potential victims to contact fake online banks to renew their accounts.

War driving - A method of gaining entry into wireless computer networks using a laptop, antennas, and a wireless network adaptor that involves patrolling locations to gain unauthorized access.

Worm - An independent computer program that reproduces by copying itself from one system to another across a network. Unlike computer viruses, worms do not require human involvement to propagate.

Zero-day exploit - A cyber threat taking advantage of a security vulnerability on the same day that the vulnerability becomes known to the general public and for which there are no available fixes.

Update: US DHS Should Lose Its Cybersecurity Authority 9/16/2008 4:43 pm PST

Read full story: BusinessWeek

Related topics: Cyberattack, Cybercrime, Internet Governance, Malware, Security