Electronic attackers: computer crimes keep government and industry on the defensive.

• Author: Wagner, Breanne
• Position: CYBER WARFARE

[ILLUSTRATION OMITTED]

An onslaught of increasingly sophisticated cyber attacks has prompted the government and private sector to step up efforts to share information and secure networks around the country.

Yet the complexity of new malicious code and the elusive nature of cyber attackers have become significant impediments to detecting or preventing most intrusions.

Computer crimes have quickly increased in recent years and have overtaken the ability of the government and the private sector to fully protect their systems.

"We are constantly in the reactive mode," says Jerry Dixson, director of the national cyber security division at the Department of Homeland Security.

Long gone are the days of young whiz kids hacking into computers to fulfill curiosity or to prove their computer prowess. Today's cyber criminals are as technologically agile, but more perceptive and evasive.

"Software we found through investigations has gotten really sophisticated. It almost requires a PhD," Dixson says.

The Federal Bureau of Investigation identified more than a million computer addresses in June as potential victims of "Bot Net" cyber crime. The FBI defines a Bot Net as a collection of computers that is controlled by a criminal. The attacker gains control of a computer through a piece of malicious software, which infects the system without most owners' knowledge, Dixson explains.

"The majority of victims are not even aware that their computer has been compromised or their personal information exploited," says James Finch, FBI assistant director for the cyber division, in a statement. The crimes were discovered during "Operation Bot Roast," a major initiative created to disrupt intruders and raise public awareness of such attacks, the agency says. The FBI is working with Carnegie Mellon University's computer incident research and development center to notify victimized computer owners.

Malicious codes are one of the most serious threats because of their stealth and the level of financial damage they can inflict, says Ron Ritchey, principal at Booz Allen Hamilton, a technology consulting firm.

"There is a lot of money to be made from making new malicious code. Criminals can make $200,000 a year," Ritchey says.

A movement toward browser-based attacks has also emerged, he says. These entail a person's computer being attacked when logged on to an infected website. Dixson says that browser attacks can occur on seemingly innocuous web pages, like news outlets. Users can be compromised if even one line of code is infected on that site.

The intricacy of these sophisticated attacks has trumped old ways of securing...