“I don’t appreciate your scare tactics,” the caller said. She was complaining about a marketing letter we had sent her. But it wasn’t about scare tactics; it was about reality.
In the letter, I had described the very reasonable scenario of a war in which China (or some other megapower) takes military action to recover some of its disputed territory (e.g., Taiwan, Singapore, etc.). Before unleashing its physical armament, China launches a massive cyber-warfare campaign to disrupt the critical, computer-related functions of the U.S. and its allies.
In preparation for the attack, China’s cyber-warfare group would have been stealthily infecting hundreds of thousands of PCs around the world. Like the “moles” of spy novels, the malware would lie dormant, undetected, awaiting a signal to be delivered by its masters via the Internet. It would even have been running its own version of antivirus to ensure that the PCs were not compromised by any other opportunists.
On command, the army of infected computers springs to life and initiates a crippling, coordinated attack on key websites, e-mail servers, routers and other IT infrastructure. Allied intelligence-gathering and communications are disrupted for hours or days. During the time that no one knows exactly what is happening or what to do about it, the aggressor is able to make irreversible gains toward its objective.
Admittedly, a scenario like this has not played out in reality yet, but the capabilities are there. It would be naïve to think it wouldn’t or couldn’t happen.
Just a few years ago, hackers and virus writers were individuals seeking personal notoriety for their vandalism. Now there is real money to be made from malware. I remember when an elderly fellow in our community sheepishly complained in a television news report that he had been duped out of $10,000 by one of the Nigerian bank account schemes. Cyber criminals are much more sophisticated today and prefer to use hundreds of thousands of infected computers to siphon off much smaller amounts from checking or credit card accounts.
If cyber criminals see value in compromised computers, it must be acknowledged that military organizations could see the value as well. The United States, for one, clearly recognizes the potential of computer infections as offensive weapons. Although it has not been proven or fully admitted, the U.S. and Israel allegedly combined their expertise to design a particularly insidious computer worm, which was then successfully injected into the industrial computers of Iran’s uranium enrichment program. The result has reportedly been significant disruption for the Iranians. If true, what could not feasibly be accomplished by force of arms has been accomplished with a few bits of software code.
My letter asked the reader to consider whether she could be certain of the allegiance of her computer. It’s not an idle question. In our business, we have visited thousands of offices to help them with their IT problems. Nowadays, most businesses take anti-malware protection fairly seriously. Even so, the most common reason a manager calls us is to deal with a computer infection of some type.
Home PCs are much less protected. It’s entirely plausible that the computer in your office or your home that is running slower and slower has already been compromised. Such a PC is not just a danger to itself, it is a hazard to the rest of us.
We owe it to each other to keep all of our computers protected and healthy. That’s not intended to be scary, just common sense.
Rick Edvalson is chief executive officer of IntegriNet Solutions in Boise. He may be reached at (208) 376-0500 or firstname.lastname@example.org. For more information, visit www.inservs.com.