From the Security Experts

July 17, 2009

Cyber Attacks Cost No More than $50K to Execute: Analyst

By Senior Editor

Cyber security remains top of mind this week as security analysts further evaluate the potential source of recent South Korean and U.S. cyber attacks.

Seven Web sites – one belonging to the South Korean government and the others to private entities – were attacked in a third round of cyber assaults this month. In the United States, the Treasury Department, Secret Service, Federal Trade Commission and Transportation Department Web sites were all paralyzed at numerous points over the July Fourth weekend and into last week. 
U.S. and South Korean officials have said they believe North Korea is behind the cyber attacks.
However, one Redwood Shores, Calif.-based security analyst offers a contrarian – perhaps more realistic – view of who is actually responsible for the so-called “denial of service” attacks.
“It doesn’t make sense that this attack came exclusively from North Korea. First, the attack was using widespread code executed by zombie computers all over the world. Second, this attack is relatively inexpensive to execute – no more than $50,000 – making it doable not just by any government, but also by any Tony Soprano. That’s the really scary part,” said Amichai Shulman, CTO of the data security company Imperva. 

According to Shulman, while the attacks on the U.S. government and South Korea were almost certainly the result of hackers sympathetic to the cause of North Korea, the government in the North should not be held exclusively responsible. 

He said cyber security efforts must be of equal importance to any other type of national security, which hasn’t happened in the United States.

“Today, many leading private sector organizations are undergoing a proactive and systematic lockdown of data, IP and software while bestowing CISOs with strong, executive powers,” Schulman said. “By contrast, the U.S. government has assembled another committee to study an obvious problem while appointing cyber security ‘czars’ with no influence. The result promotes a ‘checklist’ approach that, at best, has proved an exercise in paper pushing and, at worst, has aided America’s adversaries.” 
Further, in the case of U.S. government, he explained, the impact of the attacks could have been easily mitigated. The U.S. government has placed too much reliance on multiple Internet service providers, he said, pointing to Israel as a security model to follow.
“The U.S. government can learn a lesson from Israel who set up a central connection authority, the Tehila, for all government agencies that provide traffic management services as well as security, redundancy and disaster recovery. In this case, a central authority would have had an easier time blocking an attack of this nature.”  
Shulman said if so-called perimeter defenses been in place, the attacks would have only caused a minor slowdown in Internet operations and the hackers would have ultimately been unsuccessful in their quest.
“The attacks,” he went on to say, “show that security experts must never take their eye off of ‘old school’ threats as the industry moves to protect itself from new and more sophisticated attacks. As organizations shift their security focus to protect against data-centric attacks,” he said, “they should never forget about the importance of perimeter defenses.”

Erin Harrison is a Senior Editor with TMC. To read more of her articles, please visit her columnist page.