Colorado Springs Experts Say Threat Of Hacking Goes Far Beyond Russia's Suspected Email Poaching

But that doesn't mean that the world's most prominent political hack hasn't gotten the cybersecurity industry's attention.

The apparent willingness of Russia to wield cyberweapons so easily could spell a future with bigger computer warfare worries.

Related:

FBI backs CIA view that Russia intervened to help Trump win election

"That's just a drop in the bucket compared to the real problem," said Ed Rios, who heads the National Cybersecurity Center in Colorado Springs.

Getting access to an email inbox is a relatively simple exercise for an experienced hacker said Michael Semmens, who heads cybersecurity firm Imprimis Inc. in Colorado Springs.

"The email hack is by far the most common hack," Semmens said.

National security officials say Russia hacked the Democratic National Committee's email accounts, a point of contention for President-elect Donald Trump. The breach was embarrassing for the party, and the leaked information provided a treasure trove of talking points for Trump.

Trump, meanwhile, took to Twitter last week as congressional leaders called for hearings into the hack and the Obama administration stepped up its allegations that Russian President Vladimir Putin used the hack to tilt the election toward the Republican.

"If Russia, or some other entity, was hacking, why did the White House wait so long to act?" Trump tweeted. "Why did they only complain after Hillary lost?"

No matter who did the hacking, it was one of the simplest tricks in the hacker's arsenal.

Getting access to someone's email inbox is as simple as finding out which employee in the targeted organization uses "password" as the code to secure their account.

According to news reports, the hack on the DNC was slightly more sophisticated - the term of art among hackers is "spearfishing."

"They start constructing emails that look like they are very real," Semmens said.

The Democrats were targeted with a fake message that purported to be from their email provider and enticed recipients to enter their password on a bogus website. The email said the password was required to address a security concern.

Once a hacker has a password, the emails are theirs.

Most hackers are looking for more lucrative targets than emails.

"Certainly there are much more aggressive attacks like Target and Sony," Rios said.

In the 2014 Sony Pictures case, hackers linked to the North Korean government attacked the firm's computer network, stealing confidential information including unreleased movies and used malware to disable computers throughout the company. U.S. officials said the hack was tied to Sony's movie "The Interview," a spoof centered on a bungling assassination attempt against North Korean dictator Kim Jong Un.

In 2013, hackers cracked a Target database that included credit card and personal data for millions of the retailer's customers. The attack rocked the firm, which saw its sales drop and faced a string of lawsuits from customers and banking firms.

Last week, internet giant Yahoo revealed that it was the victim of the world's largest hack to date, with data for an estimated 1 billion users stolen. It earlier announced a similar scheme that gave hackers information on an estimated 500 million users.

"In both attacks, the stolen information included names, email addresses, phone numbers, birthdates and security questions and answers," The Associated Press reported.

Rios said the corporate hacks show how vulnerable businesses can be. His center is aimed at helping local and state governments along with small and midsized businesses protect themselves from similar hacker strikes.

"The reason we focus on small and medium business is the lack of resources," he said, noting that small firms can lack the cash for elaborate cybersecurity schemes.

Semmens said hackers recently have turned to the medical field to steal money.

"The credit card information is getting so common that they can't very much profit on it so they moved to medical information," he said.

Phony insurance claims can net millions. And computer kidnapping can be even more profitable - hackers implanting malware to hijack computers.

"If they get inside and encrypt your data and you don't have a full backup, you're in real trouble," Semmens said. "A lot of hospitals have paid ransom."

At the top end of the hacking scale, computer warfare, more than money, is at stake.

"It's now at the point where anything that's of national security interest is going to exist in computer form somewhere," said Barry Fagin, a professor of computer science at the Air Force Academy.

Computers can cause real-world damage.

A year ago, Russian hackers allegedly caused blackouts across Ukraine by gaining control of that nation's computer-controlled electric grid.

The academy has set up a model town in one of its classrooms to show cadets how similar hacks can impact utilities, military compounds and transportation systems. Older industrial control computers are especially vulnerable, Fagin said.

"They are easy to hack and the consequences of them being hacked are very serious," Fagin said.

Semmens is worried that terrorists could use a hospital hack to kill, by changing medical records on patients, leading to drug overdoses or worse.

The future for hackers could be tougher. At the academy, Fagin is working to design hack-proof computer networks.

"It would be much better if we can design systems that don't have those problems in the first place," he said.

But for now, getting government, businesses and individuals to take computer hacking seriously is the best defense against attack.

Rios said by increasing the profile of cybersecurity, it could turn out that the DNC hack made America safer.

"I think we see more attention now than ever," he said.

Semmens, who gives public talks on cybersecurity, agreed.

"The awareness that something is there is definitely increasing," he said.

Semmens said he hopes the DNC hack gets Americans in the habit of scanning for computer viruses and changing their passwords. Computer security is a habit Americans need to pick up, he said.

"We're used to security type things - we lock our house when we leave," he said. "But we're not used to doing it on a computer."

-

Contact Tom Roeder: 636-0240

Twitter: @xroederx

Source : http://gazette.com/colorado-springs-experts-say-threat-of-hacking-goes-far-beyond-russias-suspected-email-poaching/article/1592604