New York
It's hard to imagine a safer place than the International Conference on Cybersecurity, held earlier this month at Fordham University in New York City.
A New York Police Department mobile command post bus was parked outside; uniformed officers searched every bag of every participant; and serious-looking FBI agents sporting earpieces guarded the doors to the sessions. A hilarious side effect was that almost nobody tried to break the "no food or drinks" rule in the auditorium. Sneaking in a shot of joe just didn't seem worth tangling with a beefy Fed. I got stopped just because my conference badge had flipped around the wrong way.
Anyway, nobody needed coffee to stay awake, as speaker after speaker revealed new and frightening facts about the global reach of cybercrime.
This event marked the first such collaboration between the Federal Bureau of Investigation and a university, driven by a growing awareness of the serious threats to business, military, and even personal computers in North America.
Shawn Henry, Assistant Director of the FBI's cyber division, said the U.S. government now considers cybercrime the most critical threat "after a weapon of mass destruction in one of our cities.”
To emphasize this commitment, 22 federal departments and agencies have been told to work together on a comprehensive national cybersecurity initiative, some of whose details remain classified.
Sandra Sanar-Johnson, senior executive at the spooky U.S. National Security Agency, described cyberwarfare attacks against government and business computers in Estonia, and more recently in Georgia, as well as cyberfrauds such as a phishing scheme in Romania that just saw 40 people arrested.
"Rather than employing foot soldiers and thugs to intimidate, they recruit young hackers," she said, adding, "we are in a world where technology moves much faster than the government typically moves."
Appearing rather nervous, because "I almost never do unclassified briefings," Sanar-Johnson said the U.S. government takes cybercrime and cyberwarfare so seriously that they're reaching out to anyone who can help. The 200 or so computer security experts attending the conference from 37 countries seemed to agree that urgent action is required.
So does Google. That company was a major sponsor of the conference, providing a room with lava lamps, toys and candy. This allowed stressed-out security and intelligence types to stretch out in colorful beanbag chairs as they received security alerts on their BlackBerrys.
One participant, whose firm operates a socialcasting (media sharing) site that's popular in the Middle East, learned just before he spoke that a major denial-of-service attack had just been launched against his company's computers.
Adam Swidler, a senior product marketing manager at Google, reported that his company is a major target for cyberattacks, because "we're more than just scrutinized more often than anyone else, we're attacked more often."
In a private conversation later, he acknowledged that Google has suffered outages to Gmail and other services, but argued that its track record is better than competitors and that "when we go down, everybody knows about it."
Swidler urged companies to consider cloud computing solutions, which of course Google's enterprise division is happy to sell you. He cited Circuit City, Jenny Craig and (his alma mater) Fordham University as companies that were taking this approach.
Although farming your data out to remote computers might seem risky, he said it's actually safer, because Google hides it in very secure places. "Even I have never seen one of Google's storage facilities," he said, "and I don't ever expect to."
Eastern Europe is apparently a cesspool of computer fraud, child pornography and hacking, and merited its own session at the conference.
Agent Darren Mott of the FBI computer intrusion unit reported that cyberevil is radiating out from Russia into neighbouring countries.
Mott says the highly publicized takedown of the Russian Business Network, which provided internet hosting for many criminal sites, may have been something of a false victory.
"The RBN gets all the news," he laughed, "but it was only one of about 20 'bulletproof' internet service providers in Russia.”
He suggested the bad guys may have offered it up as a sacrifice to take the pressure off their other illegal operations.
Several speakers referred to the catastrophic events of 9/11 and suggested that terrorists could cause even more havoc with computers than by flying planes into buildings. Targets could range from banking and business computers to the supervisory control and data acquisition (SCADA) systems that run power grids and other utilities.
Evan Kohlmann, a senior investigator at Global Terror Alert in Washington, D.C., showed how Islamic terrorist groups are using the internet to recruit, organize, and fund their operations.
He displayed chilling chat posts from terrorists such as Abid Hussain Khan, now serving a 12-year prison term in the U.K. Khan wrote that "attacks are permissible throughout this world, so the world is a battlefield in my vision, everything, almost, is a target."
One of the most unlikely speakers in this mainly male group of intelligence gurus was Shannen Rossmiller, a Montana mother of three and former judge, who is self-taught in Arabic.
Motivated, she says, by patriotism, she creates fictitious terrorist identities and role-plays them in online discussion groups. To date, her radical Muslim male characters and online stings have resulted in 214 cases of actionable intelligence.
These include the case of United States Army v. Spec. Ryan Anderson, who received five life sentences for attempted espionage and providing material support to a terrorist group during time of war.
The overwhelming impression left by this conference is that we are, indeed, locked in a nasty and continuous cyberwar, and that the bad guys only need to find one vulnerability while the cyberdefenders need to plug all the holes.
Doing this is probably going to bring changes in how people use their workplace computers. The U.S. government is already cracking down on recreational computer use on its premises and strongly suggesting that companies do the same.
The days of taking a break to check the sports scores or book a vacation may be numbered.
As for watching videos or downloading software at work, in the words of Tony Soprano - who would have been decidedly uncomfortable at this conference - "fuggetaboutit."
(Tom Keenan is a professor at the University of Calgary and an expert on technology and its social implications. He can be reached at keenan@businessedge.ca)
