US struggles to pinpoint cyber attacks: Top official

March 10, 2009
National Intelligence Director Dennis Blair testifies before the Senate Armed Services Committee on Capitol Hill in Washington, DC. The United States often cannot quickly or reliably trace a cyber attack back to its source, even as rival nations and extremists may be looking to wage virtual war, Blair warned Tuesday.

The United States often cannot quickly or reliably trace a cyber attack back to its source, even as rival nations and extremists may be looking to wage virtual war, a top official warned Tuesday.

"It often takes weeks and sometimes months of subsequent investigation," said US intelligence director Dennis Blair, "and even at the end of very long investigations you're not quite sure" who carried out the offensive.

China, Russia and other countries already could be potent online foes and terrorists may find it easier in the future to hire to target key systems, Blair told the Senate Armed Services Committee.

"Terrorists are interested in using cyberweapons, just the way they're interested in using most any weapon they can use against us," notably to target systems critical to the high-tech driven US economy, he said.

"We currently assess that their capability does not match their ambitions in that area, although that's something we have to work on all the time because things become more widespread, terrorists can find hackers to work for them," he said.

"It is a concern, but right now I'd say their capability is low and, in addition, I think the more spectacular attacks that kill a lot of people on very publicly is what they are looking for," said Blair.

Blair told the panel, which was looking at to US interests, that Washington is "absolutely" trying to speed up what is now the "very slow and painstaking" process of determining who carried out a cyberattack.

(c) 2009 AFP

Explore further: Hewlett Packard to create 500 jobs in Ireland

Related Stories

Hewlett Packard to create 500 jobs in Ireland

March 10, 2009

US technology company Hewlett Packard is to create 500 jobs with an 18-million-euro (23-million-dollar) expansion of its global service desk operation in Leixlip, County Kildare southwest of Dublin, Prime Minister Brian Cowen ...

Recommended for you

Cryptocurrency rivals snap at Bitcoin's heels

January 14, 2018

Bitcoin may be the most famous cryptocurrency but, despite a dizzying rise, it's not the most lucrative one and far from alone in a universe that counts 1,400 rivals, and counting.

Top takeaways from Consumers Electronics Show

January 13, 2018

The 2018 Consumer Electronics Show, which concluded Friday in Las Vegas, drew some 4,000 exhibitors from dozens of countries and more than 170,000 attendees, showcased some of the latest from the technology world.

Finnish firm detects new Intel security flaw

January 12, 2018

A new security flaw has been found in Intel hardware which could enable hackers to access corporate laptops remotely, Finnish cybersecurity specialist F-Secure said on Friday.


Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet Mar 10, 2009
Take away their internet.....
not rated yet Mar 10, 2009
The problem seems to me that there is too much bureaucracy in these investigations and not enough focus on the technological front line.
not rated yet Mar 11, 2009
With such a large amount of traffic being routed through the USA, how are you going to track it?

We could do like China has and use packet sniffing at key intentionally created bottle necks in the routes.

In the end its a question of how much freedom and privacy you are willing to give up for security.
5 / 5 (1) Mar 11, 2009
We need more wiretapping. Obviously.

/* irony */

If government agencies would invest properly in security and training for it's personel, the majority of cyberattacks wouldn't even be possible.

Contrary to most people's views, you CAN be secure. You can't be 100% secure because there's always the human factor, trained or untrained, but the majority of cyberattacks are either on poorly secured software OR poorly secured workstations. Both of which are securable.

not rated yet Mar 11, 2009
Perhaps it's time to revamp the communications protocol to something that allows better tracking/auditing. We've held onto IPv4, because I think everyone's nervous about trying to change such a global standard. However, if all the major players agree, coming up with a more accountable protocol might be the way to go. The current one works well, but is too open to modification, which is (I think) what allows these people to hide and deflect.
not rated yet Mar 11, 2009
Mgraser, even old school techniques like connecting through several servers in a chain will work in IP6.

Or hiding by just spoofing your IP in IP4 isn't fool-proof. It just requires you to ask permission for the IP assignment info from several different private ISPs for their IP ranges.

But like ealex said, the human factor is the easiest way to get into a server and use it. Clicking yes to viruses, laziness in not updating/securing a server, trusting connections from others servers in your network, SIMPLE passwords or writing them down somewhere in your desk, etc.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.