Prove That You Are Not Being Attacked at This Very Moment
August 28, 2010
Today I am issuing a challenge to everyone who reads this, a challenge to prove me wrong. Right now, as you read this, you are either being attacked, or a victim of theft, or unknowingly aiding and abetting in a crime, or being set up to fall victim to one or more of these events, or at best being spied upon. How do I know this? Take my word for it, I do. Thirteen years in I.T. experience and a Masters Degree in Cyber-Security better count for something, but if you don’t believe me then here is my challenge. When you get done reading this article, download a free program called Malwarebytes, install it, and run a full scan on your computer. I will provide details on how to download and run this at the end of this article. If it finds nothing then you have proved me wrong and you or someone is taking very good care of your computer. But I suspect in most cases it is going to find files or programs on your system that are infected with untold numbers of malware and spyware that you never knew was there, how it got there, or what it is doing on your system.
You may be wondering why I am issuing this challenge. Is it because I am such a caring individual that I want to make sure that your personal computer is safe from danger and potential threats? No, I am issuing this challenge simply to illustrate to you a growing problem that not only involves you and me, but corporations of all sizes around the world, the Pentagon, The White House, governments in Europe, Asia, Africa, South America, Russia, and The Middle East. If malware exist on your personal computer and is able to spy on your activities and extract data from your system, just imagine the type and amount of data that could be extracted from some of the largest corporations around the world. Just image the type of data that could be extracted from computers and networks that run our government and military, from the CIA and the FBI. Recently the number two man in charge at the Pentagon, United States Secretary of Defense, William J. Lynn III wrote an article describing the Pentagons strategy to defend our country from cyber-attacks and the extent to which the threat exists. In this eye opening article, Lynn, who is only one official away from answering directly to the President, writes:
“Every day, U.S. military and civilian networks are probed thousands of times and scanned millions of times…Adversaries have acquired thousands of files from U.S. networks and from the networks of U.S. allies and industry partners…Cyber-threats to U.S. national security are not limited to military targets. Hackers and foreign governments are increasingly able to launch sophisticated intrusions into the networks that control critical civilian infrastructure. Computer-induced failures of U.S. power grids, transportation networks, or financial systems could cause massive physical damage and economic disruption."
Lynn goes on to say, “Earlier this year, Google disclosed that it had lost intellectual property as a result of a sophisticated operation perpetrated against its corporate infrastructure, an operation that also targeted dozens of other companies. Although the threat to intellectual property is less dramatic than the threat to critical national infrastructure, it may be the most significant cyber-threat that the United States will face over the long term. Every year, an amount of intellectual property many times larger than all the intellectual property contained in the Library of Congress is stolen from networks maintained by U.S. businesses, universities, and government agencies. As military strength ultimately depends on economic vitality, sustained intellectual property losses could erode both the United States' military effectiveness and its competitiveness in the global economy.” In other words, we are at war, but this war is being fought in cyber-space.
So what does this have to do with you and me? Everything. Some of those infected files that Malwarebytes will find on your computer could be used by foreign governments, cyber-terrorists and other hackers to launch attacks on government or corporate networks for the purpose of extracting data, or shutting down infrastructure. If your computer is part of a company network, a rouge file or program could be hiding that could mine your company’s network for data that could be used against you, your company’s clients, or even our government. Everyday millions of computers are infected simply by the act of going to a website that unknowingly contains malicious code, or from a flash drive that has infected files, or from “worms” that find their own way on to your computer with out you having to do anything at all except be connected. You see, when governments such as China and North Korea as well as terrorist organizations, are actively training thousands of their citizens and members to be cyber spies and hackers, it is no longer a question of if we will be compromised, but when. We are no longer on the sidelines watching the war happen on the news, we are on the front lines right in the middle of the gunfire and the fact is in this war we do not have the upper hand. We are chasing the enemy and as of now we are losing.
As Lynn states in the first paragraph of his article, “In 2008, the U.S. Department of Defense suffered a significant compromise of its classified military computer networks. It began when an infected flash drive was inserted into a U.S. military laptop at a base in the Middle East. The flash drive's malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the U.S. Central Command. That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control. It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary.”
Other attacks that we know of have included an attack of over 75,000 computer systems and 2500 companies around the world that began in 2008 and was only detected January 26th of this year. According to the Washington Post it, “targeted proprietary corporate data, e-mails, credit-card transaction data and login credentials at companies in the health and technology industries in 196 countries.” Also in 2008 the campaigns of both McCain and Obama were hacked into and mined for data that could predict their foreign policy decisions. There are actually too many examples to list here and if you still question if this effects you, according to CBS news, “corporate America is losing critical data to overseas competitors, robbing the U.S. economy of up to $20 billion a year.” (Watch the video above for the full report from CBS.)
This is a threat that by most news organizations is simply swept under the rug but is as big of a threat as it gets. This is a threat that involves the continued national security of our country as well as the continued economic growth of our nation, but unless it involves a company like Google that all of us use every day, or our own personal financial data that is contained on some online store or credit card companies data bases, it is seldom if ever talked about in the news. And if you think that your I.T. department is going to keep you safe, think again. Believe me they have great intentions but quite frankly, the hackers are smarter and many of the hackers either work in your I.T. department or in third party companies that are contracted to work on your systems. And just as I have challenged each and every one of you to scan your own systems for malware I also challenge each and every public organization and private company to have there own networks "penetration tested" by an outside company that will uncover the holes that exist in your systems. Because the truth is, no matter how secure you think your network is, there are holes and the bad guys will find them if you don't first. And when they do your data will be compromised long before you even knew they were there. So the question is, do you accept the challenge?
Click here to download Malwarebytes. If your browser is set up to not allow files to download then you will get a long yellow bar across the top of the window. Click on this bar to OK the file download. The file will be called "Mbam-Setup-1.46.exe". After installing make sure to first run an update, then run a full scan on your system. The entire scan will take about one hour. Good luck.
You can follow this conversation by subscribing to the comment feed for this post.