Internet attacks against U.S. citizens, companies are increasing, research shows
Senate committee hearing from Obama administration on threats from overseas
Facebook, Microsoft, banks, media companies all hit with cyber attacks
The Obama administration wants China to curb hacking
By now, many Americans are used to getting random e-mails allegedly from “friends” with weird-looking links embedded in them, or what looks like SPAM from fake companies inviting you to click on a link to reset your password.
But what you may not know is that shady Internet practices could be playing a dangerous role in international cyber warfare.
From China to Russia to the Middle East to African countries in transition after the Arab Spring, attacks launched from overseas against American companies and private citizens have now become a primary fear of the U.S. government, according to the annual intelligence community’s worldwide threat assessment released Tuesday.
“Threats are more diverse, interconnected and viral than at any time in history,” Director of National Intelligence James Clapper said in testimony prepared for the Senate Select Committee on Intelligence.
“Attacks, which might involve cyber and financial weapons, can be deniable and unattributable,” Clapper said for Tuesday’s hearing. “Destruction can be invisible, latent and progressive.”
The Senate committee is talking with Clapper and other administration officials this week in an annual round of hearings on international threat assessments.
Cyber security firm Mandiant recently linked China to cyber espionage and attempts to steal American trade secrets.
“We see two sets of attackers in broad groups. We have intruders who are nation states who conduct espionage. They’re going after as you mentioned trade secrets, information that they can use to improve their own companies back home. And we also see criminal groups,” Richard Bejtlich, chief security officer of Mandiant, told Soledad O’Brien on CNN on Monday.
National Security Adviser Tom Donilon also sounded the alarm in his remarks on Monday to The Asia Society in New York.
“Increasingly, U.S. businesses are speaking out about their serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyber intrusions emanating from China on an unprecedented scale,” he said.
“The international community cannot afford to tolerate such activity from any country. As the president said in the State of the Union, we will take action to protect our economy against cyber-threats,” he said.
The White House signaled that cybersecurity would be a top priority during President Barack Obama’s second term.
On the same day as the State of the Union address last month, Obama signed an executive order aimed at quelling cyberespionage against U.S. government agencies and American businesses. The order also seeks to shore up defenses of the critical infrastructure vulnerable to cyberattacks.
“We know hackers steal people’s identities and infiltrate private e-mail. We know foreign countries and companies swipe our corporate secrets,” Obama said during the State of the Union address.
“Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems,” he said.
The president stressed the urgency of swift action.
“We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy,” he said.
For instance, that link in an e-mail from a trusted friend could really disguise a malicious file or “bot” intended to steal your passwords, log all your keystrokes or ultimately put your bank accounts, personal details and other private information in the hands of cyber criminals or foreign governments.
Now imagine that happening thousands of times a day, every day of the year, all across the country. The effect could put broader networks and secure data at risk.
Foreign governments can also monitor some data networks, cloud computing and wireless transmissions in efforts to steal sensitive information.
The United States is seeking a more muscular response to the growing threat from foreign hackers interested in obtaining business trade secrets.
The response, seen in a 150-page report unveiled by Attorney General Eric Holder and other leading government officials earlier this year, includes pledges by the Justice Department and FBI to crack down on hacking, a guide for corporations vulnerable to attacks on how to beef up their own security, and a proposal to better coordinate efforts with U.S. allies to prosecute foreign hackers.
“In this time of economic recovery, this work is more important than it has ever been before,” Holder said. “I am pleased to report we are fighting back more aggressively and collaboratively than ever before.”
Facebook, Microsoft, the New York Times and other media companies have all faced cyber attacks in recent years. So have financial institutions like Bank of America, US Bancorp, HSBC, JP Morgan Chase, Mastercard, PNC, SunTrust and Wells Fargo.
Companies like Goldman Sachs and Citigroup recently sounded the alarm with shareholders about the increased risk of cyberattacks.
The Obama administration specficially pointed the finger at China on Monday. Donilon said that Beijing must “take serious steps” to fight hacking of U.S tech networks.
He said the U.S. government wants China to recognize “the urgency and scope” of the cybersecurity issue and “the risk it poses” to international trade and to the “reputation of Chinese industry and to our overall relations.”
Legislation aimed at regulating how businesses report and address cyber attacks failed in the Senate last year amid GOP and business lobby resistance.
But the business community may now be coming around to working a bit more closely with the government in the interest of improving security.
During a Senate hearing last week, lawmakers listened to the business community and government officials’ concerns. During a similar series of committee hearings this week, lawmakers will examine more ideas on the topic.
Still, those in federal government and the business community are taking the increased risk of cyberattacks very seriously.
“A cyber attack against a government agency or a defense contractor is an attack against our nation,” said Sen. Jay Rockefeller of West Virginia, who is also chairman of the Senate Commerce Committee.
“A cyber attack against a private company dealing with, say a water company is an attack against our nation. So is it with an attack on a private company that provides power or clean water to millions of Americans,” Rockefeller said. “An attack against any of these pieces, even though they might be privately operated, is an attack against our nation’s critical infrastructure and therefore, us as a nation.”
CNN’s Sudip Bhattacharya, Mariano Castillo and Alex Mooney contributed to this report.