US struggles to pinpoint cyber attacks: Top official

March 10, 2009
National Intelligence Director Dennis Blair testifies before the Senate Armed Services Committee on Capitol Hill in Washington, DC. The United States often cannot quickly or reliably trace a cyber attack back to its source, even as rival nations and extremists may be looking to wage virtual war, Blair warned Tuesday.

The United States often cannot quickly or reliably trace a cyber attack back to its source, even as rival nations and extremists may be looking to wage virtual war, a top official warned Tuesday.

"It often takes weeks and sometimes months of subsequent investigation," said US intelligence director Dennis Blair, "and even at the end of very long investigations you're not quite sure" who carried out the offensive.

China, Russia and other countries already could be potent online foes and terrorists may find it easier in the future to hire to target key systems, Blair told the Senate Armed Services Committee.

"Terrorists are interested in using cyberweapons, just the way they're interested in using most any weapon they can use against us," notably to target systems critical to the high-tech driven US economy, he said.

"We currently assess that their capability does not match their ambitions in that area, although that's something we have to work on all the time because things become more widespread, terrorists can find hackers to work for them," he said.

"It is a concern, but right now I'd say their capability is low and, in addition, I think the more spectacular attacks that kill a lot of people on very publicly is what they are looking for," said Blair.

Blair told the panel, which was looking at to US interests, that Washington is "absolutely" trying to speed up what is now the "very slow and painstaking" process of determining who carried out a cyberattack.

(c) 2009 AFP

Explore further: Hewlett Packard to create 500 jobs in Ireland

Related Stories

Hewlett Packard to create 500 jobs in Ireland

March 10, 2009

US technology company Hewlett Packard is to create 500 jobs with an 18-million-euro (23-million-dollar) expansion of its global service desk operation in Leixlip, County Kildare southwest of Dublin, Prime Minister Brian Cowen ...

Recommended for you

Apple issues update after cyber weapon captured

August 26, 2016

Apple iPhone owners on Friday were urged to install a quickly released security update after a sophisticated attack on an Emirati dissident exposed vulnerabilities targeted by cyber arms dealers.

Auto, aerospace industries warm to 3D printing

August 25, 2016

New 3D printing technology unveiled this week sharply increases the size of objects that can be produced, offering new possibilities to remake manufacturing in the auto, aerospace and other major industries.


Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet Mar 10, 2009
Take away their internet.....
not rated yet Mar 10, 2009
The problem seems to me that there is too much bureaucracy in these investigations and not enough focus on the technological front line.
not rated yet Mar 11, 2009
With such a large amount of traffic being routed through the USA, how are you going to track it?

We could do like China has and use packet sniffing at key intentionally created bottle necks in the routes.

In the end its a question of how much freedom and privacy you are willing to give up for security.
5 / 5 (1) Mar 11, 2009
We need more wiretapping. Obviously.

/* irony */

If government agencies would invest properly in security and training for it's personel, the majority of cyberattacks wouldn't even be possible.

Contrary to most people's views, you CAN be secure. You can't be 100% secure because there's always the human factor, trained or untrained, but the majority of cyberattacks are either on poorly secured software OR poorly secured workstations. Both of which are securable.

not rated yet Mar 11, 2009
Perhaps it's time to revamp the communications protocol to something that allows better tracking/auditing. We've held onto IPv4, because I think everyone's nervous about trying to change such a global standard. However, if all the major players agree, coming up with a more accountable protocol might be the way to go. The current one works well, but is too open to modification, which is (I think) what allows these people to hide and deflect.
not rated yet Mar 11, 2009
Mgraser, even old school techniques like connecting through several servers in a chain will work in IP6.

Or hiding by just spoofing your IP in IP4 isn't fool-proof. It just requires you to ask permission for the IP assignment info from several different private ISPs for their IP ranges.

But like ealex said, the human factor is the easiest way to get into a server and use it. Clicking yes to viruses, laziness in not updating/securing a server, trusting connections from others servers in your network, SIMPLE passwords or writing them down somewhere in your desk, etc.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.