On March 31, keep an eye on your computer

Alas, Chicken Little may be right. A group calling itself Anonymous has posted its intention to shut down the Internet on March 31. A statement said it would be a “protest against Wall Street, our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs…” It went on to say, “Remember, this is a protest, we are not trying to ‘kill’ the Internet…”

Small comfort, eh?

Ordinarily, I wouldn’t give credence to such a threat. However, I heard a lecture this week that made me focus not just on this particular warning, but on the very real dangers of cyber-warfare, cyber-espionage and cyber-theft. The speaker was John S. Serafini, director of a private company involved in developing businesses dedicated to improving Internet security. He’s a kind of cyberspace venture capitalist, and he knows his stuff. His head may be in the i-clouds but his feet are here on Earth, where he hopes to make money and make private, business and military enterprises safer.

A graduate of West Point, Harvard Business School and Harvard’s John F. Kennedy School of Government, Serafini works between and among Washington, D.C., Abu Dhabi and Boston. He doesn’t dismiss the March 31 threat outright, but he says that if it happens, it would be a temporary shutdown until the experts could figure out a way around the problem.

During his talk, he enumerated various incidents of cyber-hacking. The intrigue, audacity and brilliance of the attacks make the subject both fascinating and frightening.

Nobody is officially taking credit, but it is widely believed that Israel and the U.S. were behind the so-called Stuxnet computer worm that infected and destroyed much of Iran’s uranium enrichment infrastructure, setting back the development of nuclear weapons in that country, perhaps by years. Stuxnet does little harm to computers that don’t meet specific configurations. “The attackers took great care to make sure that only their designated targets were hit … It was a marksman’s job,” said Ralph Langner, owner of a computer security company in Germany, in a New York Times article.

Remember when Israel attacked Syria in 2007, taking out its nuclear facilities? Serafini suggested that the Israelis used cyber-warfare to block Syria’s radar so that Israeli planes could pass undetected into the country.

It goes on. He spoke of Operation Shady RAT, an ongoing series of cyber-attacks starting in 2006. The attacks, which were reported by the Internet security company McAfee in 2011, involved at least 72 organizations, including governments and defense contractors. Simply speaking, the hackers go into a computer network undetected, steal vital information on business plans, government agencies, military operations or credit cards and then slip away, closing the door behind them.

Often the victimized companies don’t want to reveal the theft for fear of losing customers. Sometimes hackers will blackmail a company with proof that they can get into its computer systems, demanding money for not going through with the attack. That used to be called the protection racket.

Serafini spoke of the very real danger in the U.S., where our electrical grid and transportation and water systems depend on Internet connections. The enemy could be any nation-state or hacker group.

On Nov. 26, 2010, a group calling itself the Indian Cyber Army hacked websites belonging to the Pakistani army. On Dec. 4, 2010, a group called the Pakistan Cyber Army hacked the website of India’s top investigating agency, the Central Bureau of Investigation.

According to The Washington Post in a story published in August, the Hong Kong and New York offices of the Associated Press had been hacked, along with networks of the International Olympic Committee, the United Nations Secretariat and a dozen U.S. defense firms. According to the piece, McAfee, which monitors networks around the world, did not identify the adversary, but James A. Lewis, a cyber-security expert at the Center for Strategic and International Studies said, “The most likely candidate is China.”

According to The Post, Google’s disclosure several years ago that hackers in China had broken into its networks was a first — a major American company volunteered that it had been hacked. And so it goes, all over the world: a wireless battle for information and power.

FBI Director Robert Mueller, testifying in January before the Senate Select Committee on Intelligence, said that cyber-threats would surpass terrorism as the country’s top concern. “There are only two types of companies,” he said. “Those that have been hacked, and those that will be.”

According to John Serafini, when he asked a friend who heads a cyber-security agency how to avoid getting hacked, the friend said, “Whatever you do, don’t buy a computer. And if you do, then don’t take it out of the box.”