Gabe Schoenfeld has written skeptically about the new Defense Science Board study, which raises alarms about the Department of Defense’s vulnerability to cyber-attacks, especially in light of the fact that so much of our software code is written abroad, “some in countries that may have interests inimical to those of the United States.”
If our adversaries are as good as we are saying they are at exploiting vulnerabilities in our technology, why are their brilliant programmers not going off on freelance missions to tap in, say, to the electronic systems of a Goldman Sachs and transferring its assets to themselves?
The short answer is they are doing precisely that. It’s just that the public doesn’t hear much about it because the targeted institutions want to keep as quiet as possible for obvious reasons, so as not to encourage copycats and not to endanger the confidence of their clients, investors, and counterparties.
The Financial Times broke the story of one such attack that occurred in 2005. Israeli-Russian mobsters based in Tel Aviv succeeded in hacking into the London offices of the Japanese bank Sumitomo, and almost managed to transfer some $500 million to their own bank accounts. According to one account, this was how the operation was carried out:
Thieves masquerading as cleaning staff with the help of a security guard installed hardware keystroke loggers on computers within the London branch of Sumitomo Mitsui, a huge Japanese bank.
These computers evidently belonged to help desk personnel. The keystroke loggers captured everything typed into the computer including, of course, administrative passwords for remote access.
By installing software keystroke loggers on the PC’s that belonged to the bank personnel responsible for wire transfers over the SWIFT (Society for Worldwide Interbank Financial Telecommunication) network, the thieves captured credentials that were then used to transfer 220 million pounds (call it half-a-billion dollars).
These thieves were nabbed in time by Scotland Yard, but if they had succeeded it would have been the greatest bank robbery of all time.
There are also, of course, countless cyber-attacks being carried out every day against the information infrastructure of the U.S. and our allies. The most famous of these was the assault by Russian hackers on Estonia’s computers earlier this year. (For details, see here.)
The U.S. is just as vulnerable to such an attack. In fact, as Ralph Peters argues in this New York Post column, our reliance on computer networks and satellites constitutes one of our biggest strategic vulnerabilities. He calls it a “ ‘high-tech’ Maginot Line,” and I would have to agree with him.
The comparison may seem overwrought, but only because no enemy has tried to exploit this vulnerability in a major way. Yet. We do know, however, that China, Russia, and various non-state actors are working to ramp up their capabilities in this sphere. We’d better step up our defenses, or else face the prospect of many of our super-expensive weapons and surveillance systems being rendered useless in a war. There is also the very real threat of cyber-terrorism wreaking havoc with our financial systems. Just imagine what would happen if the fidelity of banking or trading records were compromised on a massive scale: That could be a more severe blow to our economy than the loss of the World Trade Center.