Cyber-Threats’ Reality

WAR, crime and terrorism are traditional concepts that occur in the physical domain. The only difference between those concepts and ­cyberwar, cybercrime and cyber-terrorism is the “cyber” prefix.

Cyberwar refers to warfare in cyberspace and includes ­cyber-attacks against a nation state and critical communication network. Cyber-terrorism refers to the use of cyberspace to commit terrorism. It is generally understood to mean unlawful attacks and threats of attack against computers, networks and the information stored therein when done to intimidate or coerce a government or its people to further political or social objectives.

Cybercrime or crime in cyberspace has been much experienced by many parties where the motive is more of computer-related crimes and monetary gain is the focus.

What is a threat?

From the information security perspective, a threat is defined as the potential to cause an unwanted incident in which an asset, system or organisation may be harmed.

There are three sources of threats: Intentional, accidental and environmental. Some examples of intentional threats are those that use malicious software or illegal software. Accidental threats can be seen as service failure, human design error or hardware failure.

Meanwhile, examples of ­environmental threats are ­earthquakes, thunderstorms or lightning. All these threats cannot be totally eliminated, but can be reduced through the establishment of effective measures to curb such threats within each organisation.

Threats however, if not properly controlled, can create an unwanted impact on security, socio-economy and human lives.

Cheap method

The dimension of warfare can be categorised as conventional, space and cyber-warfare. Conventional warfare and space warfare are expensive whereas cyber-warfare is cheap. It is also accessible to many groups and individuals.

Cyber-warfare enables asymmetric warfare, where individuals have the abilities and capabilities to cause damage to a nation state.

Access to a personal computer with an Internet connection can create as much damage as traditio­nal weapons. It is attractive to many because it is cheap in relation to the cost of developing, maintaining and using advanced military capabilities.

The sophistication of an attacker’s tools and techniques is becoming more powerful and requires less technical knowledge nowadays.

Furthermore, all of these tools are available on the Internet, which is more user-friendly, at a very ­minimal cost and in many instances, are free of charge.

There are known threats which have limited capabilities and marginal opportunities with high risks of being detected. There are also emerging threats which have many capabilities and broad ­opportunities and provide low risks of detection. These are the ­dilemmas that we face today.

Case studies

Below are several case studies of cyberthreats reported outside Malaysia:

· Cyberattacks experienced by the Japanese government.

It was reported that the Japanese government’s computers were under attack on August 4, 2004. Eight Japanese government ­agencies’ computer networks were disrupted almost simultaneously, similar to what is known as barrage jamming in telecommunication terms.

Those networks experienced denial-of-service attacks whereby the affected networks were not accessible for a few hours.

· Hackers clogging up the US customs’ computers for hours.

This case was reported in August 2005 where viruses attacked the US Customs and Border Protection system for several hours. Several thousands of people were affected.

The viruses left a grave impact on the computers at airports in Miami, New York, San Francisco, Los Angeles, Houston and Dallas.

· Cyberattacks on Estonia

In May 2007, Estonia was under cyberattack for three weeks. The attacks paralysed Internet ­communications targeting the government, banking, media and police websites.

Huge economic losses were incurred as online transactions were disrupted. · Cyber-warfare between Russia and Georgia

Russia’s invasion of Georgia in August had moved into cyberspace as the Russians managed to siege and gain direct routing intended for Georgia.

It was reported that the Russians intercepted the network traffic to Georgia and redirected the route to their servers. Many of Georgia’s Internet servers were under their command and control.

Local attack

In 2001, Malaysia’s Internet ­infrastructure was attacked by the Code Red worm. This was a classic example of infrastructure attack in which the worm spread very fast and brought our national ­communication network to a ­standstill.

It was reported that the relevant agencies took three months to ­eradicate this worm and the ­estimated minimum losses was RM22mil, not inclusive of the losses to the business fraternity and other sectors as well.

Other incidents of cyberattacks were caused by the Blaster and Naachi worms in 2003. The incident started with the propagation of the Blaster worm through the scanning of vulnerable machines via the network, followed by Naachi worms.

These worms exploited the vulnerability found in the Windows NT, 2000 and XP software. The ­estimated cost to eradicate this worm was about RM31mil, not including lost productivity and the cost of lost opportunity.

Modern warfare

Today, cyberspace is the new war frontier whenever there are conflicts between countries.

The popular method of a ­cyberattack is the defacement of websites. Web defacement is a malicious activity whereby a website is “vandalised.”

Often the hacker replaces the site’s content with a specific ­political or social message. The hacker may even erase all the contents from the site by relying on known security ­vulnerabilities to access the site’s content.

The US-China conflict in May 2001, which resulted from an ­incident where a Chinese fighter was lost at sea after colliding with a US naval reconnaissance plane, is a good example to illustrate this scenario.

End word

In conclusion, cyber-threats are the problems of today and the future. They need to be addressed in a comprehensive manner. In dealing with cyber-threats, a country cannot stand alone. There is a need to have strategic alliances to deal with threats and vulnerabilities in the cyberworld.

Co-ordination and collaboration from all parties is important in order to enhance the security of Malaysia’s cyberspace.

Google’s Chrome Browser

Google takes aim squarely at Microsoft with the release of its new Web browser, Chrome. And Microsoft should be very afraid: Chrome lives up to its hype by rethinking the Web browser in clever and convenient ways that make using the Web a more organic experience than you’d get with either Microsoft’s Internet Explorer 8 or Mozilla’s Firefox 3.

Initially available for download for Windows Vista and XP, Google plans to expand its Chrome offerings to the Mac and Linux platforms as well. The company doesn’t offer any timeline for these versions, though. (For additional PCWorld.com coverage of Google’s new browser, see ” Chrome vs. the World” and ” Google’s Chrome: 7 Reasons for It and 7 Reasons Against It.”)

Chrome automatically detects the Web browser you’re using and prompts you through the process of installation (right down to telling you how to access downloaded files within Firefox, for example). When you first run the application, Chrome imports your bookmarks, passwords, and settings from Firefox or Internet Explorer. It even can grab username and password data, and it automatically populates those fields for you when you use Chrome for the first time to visit a particular site.

After running through a quick import checklist, Chrome opens on your desktop–and right away you begin to experience the Web in a new way. Chrome’s layout is very simple: You’ll see a row of tabs running along the top, a Web address bar, and a bookmarks bar that runs beneath the address bar. A separate recent bookmarks box appears at the right of the screen, as does a history search field.

Like its Google stablemates, Chrome has a remarkably minimalist interface. There is no full-scale menu bar and no title bar–and few distractions. All controls are buried beneath two icons to the right of the Omnibar (as Google refers to its address bar): a page icon for managing tabs and using Google Gears to create application-like shortcuts from your desktop to a Web site; and a wrench for history, downloads, and other browser options.

You can set your own home page, or you can use the ‘most visited’ sites page as your starting point. This page provides thumbnail images of your most frequently visited sites, shows recent bookmarks, and supplies a search field for searching your page history. You can change your default search engine, too: This option is located beneath the wrench icon, under Options .

Chrome’s design bridges the gap between desktop and so-called “cloud computing.” At the touch of a button, Chrome lets you make a desktop, Start menu, or QuickLaunch shortcut to any Web page or Web application, blurring the line between what’s online and what’s inside your PC. For example, I created a desktop shortcut for Google Maps. When you create a shortcut for a Web application, Chrome strips away all of the toolbars and tabs from the window, leaving you with something that feels much more like a desktop application than like a Web application or page. The lack of forward and back buttons means that if you browse between pages in a saved Web application you may find yourself a little confused if you want to go back a page. Chrome does let you right-click to navigate backward, however.

This being Google, search is an integral part of Chrome; and Google has added some clever features to make searching easier. Chrome goes beyond its Microsoft and Mozilla competition by searching your browser history’s page titles as well page content. The history results show the title of the page, as well as a thumbnail representation of the page (for some sites but not all; it was unclear why some sites were visually represented while others were not), but it doesn’t show the actual Web page address. The lack of URL information can make it difficult to identify the specific Web page you’re going to, especially if the site’s title bar description is not specific (because, say, different sections of the same site have identical title bar descriptors).

For example, earlier today I read an article on Macworld about an upcoming Apple launch event. To find the article in my browser history, I simply typed ‘apple event’ in the Omnibar. The resulting list showed every page I had visited that contained the phrase ‘apple event’. Conveniently, the Omnibar lets you search not just your history, but Google and other sites as well.

The default search engine is Google, as you might expect. However, you can choose from a list of nine other search engines, or you can manually add your own search engine. Type ‘google fish sticks’ to search for fish sticks on Google. The same syntax works for Yahoo, Amazon, Live Search, and other sites that are already recognized by Google or that you add. This feature, though nifty and promising, proved inconsistent in the early going: It worked for me most of the time on a Windows Vista PC, but two of my colleagues who were testing Chrome on Windows XP machines had trouble getting the feature to work. Google provides keywords to activate this search feature, but some of us had to edit the search engine keywords manually before the feature would function properly.

Chrome includes a number of features that appear in other browsers, such as a private browsing mode dubbed Incognito, tools for Web developers to use in viewing and troubleshooting source code, and the ability to restore all tabs from a previous session. Chrome also features tab isolation: If a Web page causes a problem with Chrome and leads to a crash, the crash will affect only the tab displaying the page and not the whole program. Internet Explorer 8 will offer a similar feature, but Chrome takes the idea a step further by adding a task manager that gives the user an idea of how much memory and CPU use a page is eating up, and by allowing you to kill anything that is causing a problem. Unfortunately, you have to configure this tool manually.

In my early testing, I ran into some problems. Chrome can be a little unstable, which is not surprising considering that it is a beta. Also, I have found that Flash does not work with Chrome on my Vista-based system, though my two colleagues running XP had no issues with Flash compatibility. They did, however, experience software crashes when searching in the history section. And when Chrome crashes, it takes everything with it unless you manually configure the browser to act otherwise (the configuration options are buried under the wrench icon, in the Options/Basics menu). In contrast, Mozilla Firefox and Microsoft Internet Explorer 8 automatically restore your previous session in the event of a crash.

The sites I visited that rely on JavaScript and Ajax seemed to work fine, but Microsoft’s Silverlight wouldn’t work with Chrome. Google’s browser uses WebKit, the same engine that powers Apple’s Safari Web browser–and Silverlight only works with Safari for Mac.

Google has produced an excellent browser that is friendly enough to handle average browsing activities without complicating the tasks, but at the same time it’s powerful enough to meet the needs of more-advanced users. The search functionality of the Omnibar is one of many innovations that caught my attention. PC World has chosen to rate this beta version of Chrome because of Google’s history of leaving products and services in long-term beta and in an ongoing state of evolution. In the past there has been some speculation that Google would develop their own operating system, but I think Chrome’s launch makes one thing is clear: The Web browser is Google’s operating system.