2015-01-21 / Features

Queens Chamber Of Commerce Holds Meeting On Cyber Crime

BY THOMAS COGAN

In mid-January, the Queens Chamber of Commerce’s Info Tech Committee invited speakers associated with the InfraGard Member Alliance to appear at QCC headquarters at the Bulova Center in East Elmhurst to cover the topic of cyber crime. Recent spectacular instances of damage done to large companies’ information technology systems by mysterious hackers or, allegedly, cyber warriors working for one government or another, have made the public aware and perhaps fearful of these attacks and the harm that can come to institutions and individuals as a result.  The speakers, chiefly a special agent of the Federal Bureau of Investigation, explained how much of this mischief is perpetrated and what companies and individuals can do to counter it.

Getting the meeting started was Joseph R. Concannon, president of Integris Security in Garden City and formerly of the InfraGard Program of the Federal Bureau of Investigation, which he joined after a career in the New York Police Department.  InfraGard was begun by the FBI in 1996 to bring together private sector information technology persons with the bureau’s cyber experts.  Out of that beginning in the FBI’s Cleveland field office, a national network of member alliances has grown.  In New York, the NY Metro InfraGard Members Alliance, a non-profit, 501(c)(3) corporation, has more than 700 members, Integris Security being one of them.  Nevertheless, Concannon said, many members, including sizable companies with large IT departments, seem oblivious to the danger of being invaded by hackers at several levels of sophistication.  InfraGard is there to advise them how to avoid the misfortunes that Choice Point, Target and Sony Pictures, among others, have undergone.  

Concannon introduced Special FBI Agent Mitchell Thompson, who began by asking what trades or professions were represented in the room, apparently just to see some examples of the vast number of businesses that are dependent on functional information technology.  Then he identified the range of cyber threats:  computer-based, network-based, user-based and facility-based.  He said that ways of disabling a system include intrusion; denial of services; and physical access to the system’s supply chain.  The stages of hacking include:  reconnaissance (finding a target); scanning, in search of weak points; gaining access through exploitation of such weaknesses; maintaining access, or taking control; and covering one’s tracks before vanishing.  Thompson said there are a great many tricks to set up an intended target for a strike.  For instance, the Stuxnet invasion of the Iranian government’s IT system was set up in part when agents of disruption generously supplied Iranian technologists with flash drives that were stocked with malware to facilitate the breach.  He said the invasion of Sony Pictures by North Korean technologists (as the FBI maintains) or persons yet unknown, was achieved, according to the victim, when a flaw in its defenses was spotted by the vigilant attackers.

One listener at the meeting said he’s afraid the aggressors are too far ahead of their intended targets, who can at best only react when they have been hit.  Thompson said if companies or governments maintain their own defensive vigilance they should be able to repel attacks, frequent though they may be.  

He identified three tiers of invader, high, medium and low.  The highest would be foreign government hacking teams; the medium, “blackhat” hackers; and the lowest comprising “hackavists,” kids and entry-level miscreants who probably are using off-the-shelf tools.  The most dangerous of these could be the ones on the third tier—wild-card operators whose relatively unsophisticated equipment is often unknown to the big companies with top-of-the-line software.  Still, the more clever players on the higher levels have to be resisted constantly because they can resort to tactics such as spoofing information to mask a hostile packet used in an attack; misdirection that has defenders going after seeming malware while the real thing attempts penetration; and poisoning the domain name server (DNS) and proceeding to hack the domain. Thompson said domain name owners must always be aware of their expiration dates.

As for malware, it can show up as a virus, a worm, a trojan or backdoor, the terms implying that it can (a) disease software; (b) slyly penetrate it; (c) hide within a seemingly innocuous cover; or (d) make an entry from a direction nobody would suspect. If a malevolent source makes a widespread attempt to invade, it is said to be phishing; if the attempt is concentrated, it is spearphishing.  Anyone maintaining a site that has been hacked should prepare an emergency response plan and stick to it.  Define the attack and report it immediately, since attacks tend to be short-lived and the perpetrator mustn’t be allowed to do a vanishing act.

Thompson said the FBI’s job when called to rescue a bad cyber situation is first to investigate the violators, prosecuting them when they are apprehended. He added that the bureau also analyzes patterns and links and works with foreign investigators through MLAT, or the Mutual Legal Assistance Treaty. It does not take over or repair systems, share information or provide it to shareholders or the media. In action, the FBI takes a concentrated, not broad, approach, like a surgeon isolating an area of operation, he said.

Return to top

Copyright 1999-2018 The Service Advertising Group, Inc. All rights reserved.