In early July, government and private Web sites in the US and South Korea were the victims of cyberwarfare. The powerful cyber attack shut down the US Department of Treasury and Federal Trade Commission Web sites over the July 4th holiday weekend. Pentagon and White House Web sites were better equipped to fend off the Internet assault and suffered no disruption.
Other institutions that were targeted include the National Security Agency, the Department of Homeland Security, the US Department of State, the US Department of Transportation, the NASDAQ Stock Market, the Washington Post, and a US Secret Service Web site.
Some of the Internet addresses involved were traced to North Korea. However, government officials were unable to positively identify North Korea's Pyongyang government as the attacker. They believe between 30,000 and 60,000 computers were involved in the attack. Researchers are analyzing the program's code to try and identify the source.
The cyber attack was aimed at public Web sites in an effort to create a nuisance for the Web site hosts and disrupt access by Web site visitors. Although the attack did not target internal or classified files or systems, a spokesperson for the Department of Homeland Security warned that the effectiveness of the attack underscores the importance of cybersecurity in keeping our nation safe.
Types of Cyber Attacks
Cyber attacks occur frequently and are relatively easy to carry out. There are many types of assaults with varying degrees of risk. The July attack involved "denial of service." In this type of attack, the perpetrator overloads a Web site with so much traffic that the Web site is taken offline. For example, one of the government Web sites that usually handles about 25,000 visitors was the victim of as many as 4 billion Internet hits at once.
Other types of attacks involve breaking into a computer system and stealing or altering information. For example, a hacker can steal your credit card numbers and use the stolen information to make unauthorized purchases. Cyber attackers can also introduce viruses through e-mail systems that will erase your computer's entire hard drive and all your files.
What Is Cybersecurity?
Cybersecurity involves the use of various methods to reduce the likelihood that you'll be the victim of a cyber attack. According to the US Computer Emergency Readiness Team (US-CERT), the following tips will reduce your risk:
- Use passwords that cannot be easily guessed and keep them confidential
- Install an anti-virus program that can identify and block viruses from infecting your computer
- Install an anti-spyware program that prevents third parties from secretly gathering information about your computer use
- Restrict outside access to your computer and information with a firewall, i.e., a program or hardware that acts as a barrier by filtering information coming through the Internet to your computer system
- Don't run programs of unknown origin
- Don't open unknown e-mail attachments
- Lock your computer when you are away from it
- Disconnect your computer from the Internet when you aren't using it
- Back up all of your data on a regular basis
Computer information security is crucial whether it involves a government network, a corporate network or a home Internet user. Ideally, confidential information should be available only to those who have been given authorized access. Although it is impossible to prepare for every possible risk, taking the above steps can greatly reduce the chance that you will be the victim of a cyber attack.
Questions for Your Attorney
- How do governments and private businesses protect sensitive information about their activities and people? Are these entities liable if their systems are compromised and someone suffers damages due to identity theft or other losses related to security breaches?
- What should I look for regarding information security in businesses that I deal with, for personal and business needs?
- Where do I start in putting things back together after identity theft? I've got creditors coming after me for debts in my name that I didn't authorize - can you offer any help?