E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: The Wall Street Journal

Posted on February 2, 2010

Companies that run key public infrastructure assets like electric utilities, oil refineries and banks are regularly victims of the kind of cyber attacks that recently penetrated Google Inc., according to a new report by a former top U.S. homeland security official.

Cyber attacks are often coupled with extortion demands, according to the report commissioned by the computer antivirus company McAfee, which found that 20% of the 601 companies and government agencies surveyed said they had been a victim of such an attack within the past two years. It wasn't clear whether any companies actually paid extortion demands.

Stewart Baker, a former senior official at the Department of Homeland Security and the National Security Agency, led a team that surveyed executives at companies responsible for critical infrastructure. One hundred executives were American, and 20 to 50 participated from each of 13 other countries, including China, Russia, and the U.K.

The report was funded by the antivirus company, but Mr. Baker said his team at the Center for Strategic and International Studies think tank had a "free hand" in constructing the survey and report.

Among the executives surveyed, 54% said their company had been the subject of infiltration, according to the survey, and two thirds of those companies said the attacks had harmed company operations.

"That suggests it's a form of attack that's rife in critical infrastructure," Mr. Baker said in an interview. "I'm astonished at how pervasive it is."

The Wall Street Journal reported last year that Chinese and Russian cyberspies had infiltrated computer systems controlling the U.S. power grid and other U.S. infrastructure. Chinese and Russian officials denied any government involvement in the attacks.

The survey results suggest extortion attempts have expanded beyond their traditional targets -- financial institutions, said Tom Kellermann, a former World Bank cybersecurity official.

The survey found that rates of extortion were highest in the oil and gas sector, where 31% of executives reported their companies had been victimized by such a scheme, followed by 27% for electric utilities. Mr. Baker said the extortion rates across industries were much higher than he'd expected.

Extortion plots were most common in India, the Middle East, and China and were least prevalent in the U.S. and the U.K. Part of the growth of extortion schemes is because organized crime, in general, has moved to the Internet, a former law enforcement official said.

Over three quarters of executives who oversee computerized control systems said that those systems were connected to the Internet, and nearly half of them said that connection posed "an unresolved security issue."

Among the different infrastructure sectors, oil and gas had the highest levels of victimization, with 71% reporting they experienced a "stealthy infiltration." The Christian Science Monitor reported earlier this week that three U.S. oil and gas companies--ExxonMobil, ConocoPhillips, and Marathon--had been victimized in 2008. A former law enforcement official confirmed an attack on Exxon, but said it only targeted the company's administrative network. All three companies said they wouldn't comment on security matters.

Meanwhile, the survey suggested that the financial sector, which is often commended for having the strongest computer security in the private sector, isn't as safe as advertised.

One in five executives in the financial sector said they had experienced cyber attacks carrying extortion threats. Meanwhile, 59% of financial service executives said they had experienced a common penetration attack in the past couple years.

The measure that would do the most to secure cyberspace in the U.S., said Tata Communications security chief Adam Rice, is for the U.S. government to direct the top Internet providers to provide the government with data about Internet traffic to analyze and create a "blacklist" of bad actors.

The government could then direct the providers to block those actors from the Internet, he said. That direction would have to be coupled with funding, and any large Internet provider would require legal protections. Mr. Rice participated in the survey and said he was speaking for himself not his company. Indian-owned Tata provides Internet service in the U.S.

Some U.S. intelligence officials have advocated a similar approach, but it's met with political resistance over concerns about the government playing a role in policing the Internet.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.