Just as the United States Department of Defense released its DoD Strategy for Operating in Cyberspace (DSOC), new information from law enforcement agencies revealed new and more involved cyber crimes.
The DSOC is the first official and comprehensive strategy for protecting the nation’s military, intelligence and business operations, including the financial payments industry, Deputy Secretary of Defense William J. Lynn told an audience at the National Defense University in Washington.
The DOD has more than 15,000 networks and more than 7 million computers. Lynn pointed out the military depends on the nation’s power grid for 99 percent of its power needs; ninety percent of the military’s voice and communication services are provided by private (civilian) networks. The military also heavily relies on civilian transportation systems to move military personnel and freight, on civilian refineries for fuel provision, and on the private financial industry to process military payments.
“Significant disruptions to any one of these sectors could impact defense operations,” Lynn said. “A cyber attack against more than one could be devastating. The centrality of information technology to our military operations and our society virtually guarantees that future adversaries will target our dependence on it.”
Lynn outlined a five-point plan for protecting cyber space and the industrial and military infrastructure it supports.
“This strategy holds that our posture in cyberspace must mirror the posture we assume to provide security for our nation overall,” he said, adding that a military response to a cyber attack will remain an option, but the emphasis for the DOD will be to develop systems - in conjunction with private partners - that deny attackers any benefit from an attack.
The aim of the DOD strategy is to build “a more secure and resilient Internet,” Lynn said.
Lynn noted that every day more than 60,000 new malicious software programs or variations are identified that threaten U.S. security, the U.S. economy, and U.S. citizens. Backing him up was a report issued the day of his speech by the Internet Crime Complaint Center (IC3), the partnership created by the FBI and the National White Collar Crime Center.
The report identifies new cyber crime trends, including an uptick in the number of distributed denial of service attacks. Among the attacks documented was an attack on one unidentified financial institution’s Internet banking services that caused the bank to receive more than 8,000 hits per second to its login screen and thereby blocked access to bank services by legitimate clients.
Other scams documented by IC3 include:
- Attempts to extort $250 from victims by first posting private information such as names, addresses, phone numbers and email addresses and then threatening potential victims with complaints that would destroy their professional reputations unless they paid.
- A spear phishing scam in which victims receive a letter, from an entity falsely representing itself as being the FBI, directing the recipient to contact the FBI’s Economic and Financial Crimes Commission in Nigeria and provide their full names, email addresses and telephone numbers. The letter asks for $250 to obtain clearance documents that supposedly will give recipients access to $1.5 million. The letter also states failure to respond to the email could result in questioning by the FBI.
- A spear phishing scam in which a faked email falsely identifying the FBI as the sender inserts a malicious trojan into the operating system when it is opened.
- A scam requesting recipients to repay a $600 payday loan or face arrest and jail. This spear phishing scam makes the emails appear as if they were sent by IC3.
IC3 reported merchants are getting hit with fraud scams at a rapidly growing rate. These scams are generally targeted to stealing consumer names, addresses, email addresses and IP addresses. IC3 noted that in the last three months there has been a “significant increase” in the amount of spear phishing directed at merchants. The good news is malware attacks were down during the same period.
According to the IC3, much of the increase in fraud attacks is attributable to thefts of personal information through fake donation sites for causes such as the Japanese earthquake and tsunami relief effort. Social networks are thought to be an important vehicle for promoting this scam.