Hackers shifting to 'destruction': US cyber chief

Oct 01, 2012
Hackers are stepping up the intensity of their attacks, moving from "disruption" to "destruction" of key computer systems, the top US cyber-defense official General Keith Alexander, pictured in July 2012, said Monday.

Hackers are stepping up the intensity of their attacks, moving from "disruption" to "destruction" of key computer systems, the top US cyber-defense official said Monday.

General Keith Alexander, who is director of the and commander of the US Cyber Command, told a Washington forum that the new tactics could move beyond mere annoyances and begin causing severe .

"We are seeing the threat grow from exploitation to disruption to destruction," he told the group at the Woodrow Wilson Center.

He argued that these attacks could impact organizations ranging from to operators—"all of that is in the realm of the possible."

These types of destructive attacks can wipe out data, which could bankrupt a company or disable the control systems operating key infrastructure.

"It could overwrite the ability of a system to turn on," Alexander said.

"Think about a company that loses all the data on its system... If you wipe out the data, you wipe out the ability of the system to operate."

Alexander said the best way to protect against these types of attacks is to implement an information sharing system between the private sector and —as was proposed in cybersecurity legislation that failed this year in Congress.

Such legislation could include mandatory or voluntary reporting guidelines for when attacks occur, and it could allow those reporting the incidents to be immune from liability.

Senator Susan Collins, a sponsor of the failed cybersecurity bill, told the same forum the need for new laws remains high.

"I hope we don't have to wait for a 'cyber 9/11' for action to happen," she said. "These problems are not going to go away."

Both Collins and Alexander said, despite news the is considering an executive order, the for cybersecurity protection must come from legislation.

Collins said she told President that an executive order would be "a big mistake" and "cannot accomplish what legislation can."

She added that an executive order "could lull people into a false sense of security."

The two spoke the same day the White House acknowledged that one of its own computer networks was hit by a cyber attack, but said no classified systems were breached and there was no indication any data was lost.

An administration official spoke up after a report from a right-wing news site that Chinese hackers had breached a key White House military system.

The US official said the attack was against "an unclassified network" and was a case of "spear phishing," in which a spoofed email tricks a user into clicking through to a website where a hacker can install malicious software or gain control of another computer.

"These types of attacks are not infrequent, and we have mitigation measures in place," the official said.

Explore further: Britain threatens Internet 'trolls' with two years in jail

add to favorites email to friend print save as pdf

Related Stories

US NSA chief backs cybersecurity law

Jul 10, 2012

The head of the powerful National Security Agency, General Keith Alexander, said the US must adopt a law to protect the country from cyberattacks while insisting that it would respect privacy.

US Senate in new cybersecurity push

Feb 15, 2012

US senators, warning of potentially catastrophic cyberattacks, introduced a bill Tuesday aimed at protecting critical infrastructure such as power, water and transportation systems.

White House set to unveil cyber plan

May 12, 2011

The White House on Thursday is expected to unveil its proposal to enhance the nation's cybersecurity, laying out plans to require industry to better protect systems that run critical infrastructure like the electrical grid, ...

US senators call for cybersecurity czar

Apr 01, 2009

Two US senators introduced legislation on Wednesday aimed at creating a powerful national cybersecurity advisor who would report directly to the president.

White House unveils cybersecurity plan

May 12, 2011

Companies that run critical U.S. industries such as power plants would get government incentives to make sure their systems are secure from computer-based attacks, the White House said Thursday, detailing its broad proposal to beef up the country's cybersecurity. ...

Recommended for you

Kickstarter suspends privacy router campaign

51 minutes ago

Kickstarter has suspended an anonymizing router from its crowdfunding site. By Sunday, the page for "anonabox: A Tor hardware router" carried an extra word "(Suspended)" in parentheses with a banner below ...

Facebook unfriends federal drug agency

Oct 17, 2014

(AP)—Facebook wants assurances from the Drug Enforcement Administration that it's not operating any more fake profile pages as part of ongoing investigations.

User comments : 6

Adjust slider to filter visible comments by rank

Display comments: newest first

rwinners
5 / 5 (3) Oct 01, 2012
Oh yes! Let's have some more paranoia... and a leadin to a 'cyber' secure US... with all the associated garbage.
kochevnik
3 / 5 (4) Oct 01, 2012
If not for hackers Mr. Alexander would still be sending his alerts by US mail.
Caliban
5 / 5 (2) Oct 02, 2012
Alexander said the best way to protect against these types of attacks is to implement an information sharing system between the private sector and government agencies—as was proposed in cybersecurity legislation that failed this year in Congress.


This is not the reason for it's defeat.

It was defeated because it featured broad, ill-defined authorizations for Law Enforcement to covertly acquire and compile information on citizens without any legal check upon or oversight of that activity.

Big Cyber Brother, in other words.

And besides --what protection does the Federal Government provide against cyber attack? That's right --NONE. For the general public, that is. For the Federal Government, sure --but for your individual citizen ass...zero.

If they want to protect infrastructure/critical systems(and they should!), then those critical parts should be designated as such, and brought under the cybersecurityblanket of the US Federal Government.

No snooping necessary.

rkolter
5 / 5 (1) Oct 02, 2012
I would like to see the evidence that suggests that the people who currently use malware to exploit governments and businesses, are turning to destruction. I ask because it doesn't make sense - there are always folks who want to watch the world burn so to speak. But the reason cyber attacks are often designed to exploit a system is because there is money in it. For those people to switch from money-making to simple destruction seems counter-intuitive. Maybe it is happening, but evidence of it would be nice.
antialias_physorg
5 / 5 (1) Oct 02, 2012
Oh yes! Let's have some more paranoia... and a leadin to a 'cyber' secure US... with all the associated garbage.

My thoughts, exactly. Fearmongering is nothing new in amercan politics. And the idea to use a faceless enemy to curb liberties of citizens is also not new. In the 'hacker threat' they have found an ideal scarecrow image. Vague, unbeatable and never provable.

But please - at least have the decency to do some research. Statements like this
"It could overwrite the ability of a system to turn on," Alexander said. "Think about a company that loses all the data on its system... If you wipe out the data, you wipe out the ability of the system to operate."

Are completely ridiculous. Hast the man never heard of a backup? I would think that any company worth its salt has (and him being a general I bet the IT guys at his HQ have, too)
Deathclock
3.7 / 5 (3) Oct 02, 2012
I'm not a conspiracy theorist, but what is the possibility that some of the "hackers" are only doing what they do to force the issue to promote an agenda of tighter control and regulation of the internet and to garner public support for such laws to "protect" us from the "bad guys"?