A new war is being waged – a war that is not fought with guns, missiles, or human soldiers, but with code in cyberspace, using computers and the Internet. It’s a war on all fronts – by governments against governments, governments against corporations, organized crime and insiders against both, and even individuals against other individuals (which is more often dubbed cybercrime, but that’s not a necessary distinction for our purposes).
The point is that this war is pervasive, and we are all vulnerable to attack.
About three years ago, Heartland Payment Systems discovered that hackers had penetrated their systems for a period “longer than weeks” in late 2008, and were eavesdropping on the majority of transactions the company processed. In all, more than 100 million credit cards were compromised, resulting in the largest known case of credit card fraud in history. So far (through December 31, 2010), the company has had to pay out about $115 million in settlements of claims with banks and VISA, along with more than $30 million in legal fees.
More recently we’ve had the China/Google fiasco, a situation that culminated in Google all but accusing the Chinese government of at least abetting a coordinated and sophisticated attack aimed at cracking the email accounts of known political dissidents within the country. Google was forced to admit that the attackers were successful to an extent, in that they managed to steal the source code for the company’s password system that protects all accounts. But apparently no accounts were compromised in the attack, according to Google.
The weapons being used to fight this war are becoming more sophisticated and harder to protect against, while at the same time often becoming easier for foes with little technical experience to wield.