April 2, 2007:
The U.S. Department of Defense has
some good news on the Cyber War front, but is not sure if this masks some very bad
news. Basically, this past January, there were only 40 successful hacks against
Department of Defense computer networks, compared to 130 two years ago. The
number of attacks has grown enormously, from 16,000 in 2004, to 23,000 in 2005
and 30,000 in 2006.
What is unknown is the number of successful attacks
that were not detected. This is a growing problem, because the undetected
attack is the most valuable for the attacker. The longer a hacker can maintain
an undetected penetration, the more valuable that hack is. An undetected
penetration enables the hacker to steal stuff and monitor activity. A good
example of this was the recently discovered penetration of the computer systems
at the retail chain TJ Maxx. This went undetected for at least 18 months, and
data on over 46 million credit card accounts was stolen.
The problem is that the computer security industry
has put most of its efforts into defenses, and less into forensics (the
analysis of seemingly healthy computer systems, to discover if hackers have
gotten in.) Forensic tools have not kept pace with the stuff hackers have been
creating to secretly penetrate, and maintain themselves, on a network.