Sony attack shows shifting online security threat

Published on NewsOK Modified: September 4, 2014 at 1:19 am •  Published: September 4, 2014
Advertisement
;

TOKYO (AP) — The boundary between the online and physical worlds got blurry last week when Sony's PlayStation Network was disabled by an online attack, while simultaneously an American Airlines passenger jet carrying a Sony executive was diverted due to a bomb threat on Twitter.

Experts say that's a wakeup call for a world still coming to grips with cybersecurity: What goes down online can be equally if not more disruptive in the real world.

What often surfaces from the Internet's underbelly to make headlines are acts that verge on pranks, and the culprits who get caught are the amateurs, such as a teenager in the Netherlands who tweeted a threat to an airline, saying she was part of al-Qaida and was planning to do "something really big."

But that's just the tip of the iceberg of 24-hour criminal action in cyberspace.

The serious players are after much bigger trophies such as wreaking havoc with defense systems and stealing valuable corporate information. The days of computer mischief to say "I was here," common several years ago, are over.

"Professionals are all in it for the money," said William Saito, an entrepreneur and technology expert who advises the Japanese government and teaches at several universities. "The ones that get caught are usually novices, known in the industry as 'script kiddies,' getting caught for the real-world equivalent of shoplifting."

For every "kiddy," there are 10 professionals, he said.

Japan's Capitol Hill, or Kasumigaseki central government, is targeted in cyberattacks at the rate of one per every six seconds, including viruses, data leaks and unlawful access, according to the Japanese government.

Public awareness of the threats is low.

"Until it happens to them or someone they know, it is not a concern for them," said Curt Esser, a cyber-security expert who heads Esser Consulting in Wisconsin.

"Hackers and cybercriminals keep coming up with new ways to bypass systems, many unimaginable to comprehend ahead of time," said Esser.

The consequences of a successful infiltration into the networks of companies and institutions could be drastic: disrupting power supplies, sending a stock price plunging, immobilizing traffic or even threatening global security.

The problems are rarely allowed to escalate to disruptive levels, but that may simply be sheer luck.

"The threat is real, and few nations are adequately prepared," Ian Wallace, a cyber-security expert at Brookings Institution, a Washington D.C.-based nonprofit organization, wrote recently in the Fletcher Forum of World Affairs.

In the Sony Corp. incident, no personal information was stolen. A 2011 attack had compromised the personal data of 77 million user accounts.

Last week, hackers orchestrated a so-called denial-of-service attack, overwhelming the game network with fake visits so that legitimate users couldn't get through. That kind of attack is not very sophisticated and is more a notoriety play.

Continue reading this story on the...