Feb 14, 2011

Our Next Pearl Harbor? Cyber War Is Imminent

Roger HedgecockBy Roger Hedgecock

Twitter Facebook Contact YouTube Amazon

Hackers, worms, viruses, WikiLeaks, Stuxnet: Every day, in every corner of the world, we learn of advances made by those who penetrate supposedly secure computers.

I believe we are witnessing previews of the next war – a war against the computers which have made our lives so much easier, so much more complicated and so much more vulnerable.

Hacking used to be done by talented teenagers as a prank. It was the stuff of Hollywood movies. Then there was industrial espionage, done for money and competitive advantage.

Today we hear of Stuxnet, which attacks and disables the Iranian centrifuges working night and day to enrich uranium to be used in Iranian nuclear weapons. The U.S., Israel and Germany are said to have developed Stuxnet, accomplishing what a messy bombing campaign against Iran could never have done.

The Chinese hack into Pentagon computers, into Nasdaq, into American oil companies –modern-day raiding parties probing the enemy's weaknesses.

The Wall Street Journal recently (on Feb. 10) reported that China continues to conduct a "coordinated, covert and targeted" campaign of cyber espionage against five multinational energy companies.

The attacks, dubbed "Night Dragon" in the West, successfully took gigabytes of highly sensitive internal company documents, including proprietary information about oil and gas field operations, technological advancements in drilling, project financing and bidding documents.

We could be witnessing the results of this espionage in recent Chinese acquisitions.

PetroChina is China's largest energy firm, jointly owned by private investors and the Chinese government. PetroChina recently announced purchase of 50 percent of Canadian energy company Encana's Cutback Ridge asset for $5.4 billion. The purchase gives China access to natural gas from 635,000 acres in British Columbia and Alberta.

Last year, another Chinese energy giant, Sinopec, paid $4.5 billion to ConocoPhillips for a 9 percent share of Canada's biggest oil sands project. Nearly a quarter of China's $46 billion energy project purchases were made in Canada, a principal source of American imported oil.

WikiLeaks has proven there is no such thing as Internet security. The revolution in Egypt made practical use of that fact.

I interviewed cyber security expert Tom Kellermann last week. His conclusion? There is no such thing as a secret on the Internet, and no computer is safe from hackers who steal or manipulate the content.

In effect, we are as vulnerable at this moment as the villagers of York, England, were in the 12th century to Viking raids.

With this background in mind, I was shocked to hear of the proposed purchase of the New York Stock Exchange by the German Borse.

I wasn't shocked to hear of the dethroning of New York as the financial capital of the world. That was coming on for a long time for two reasons.

First, technology makes it possible to trade shares anywhere in the world. A "center" like New York is no longer as vital as it was in the ticker tape era.

Secondly, local, state and federal governments in the U.S. have been slowly strangling the New York goose that laid the golden eggs. Taxation and regulation made "free trade" of stocks less and less attractive in New York.

World economic trends made consolidation of stock exchanges inevitable.

The NYSE itself had gobbled up the American stock exchange, and purchased Euronext, which owned the exchanges in Amsterdam, Brussels and Paris. Now competitive pressures brought on by computer technology force this further consolidation that effectively unites the economic systems of the European Union and the United States.

Only this concentration of economic power, the largest number of publicly traded companies in the world, stands a chance in the new competitive world where China, India, Brazil and other emerging economies will play a larger role.

But this concentration of economic clout is possible only by the instantaneous trading done today not by humans shouting bids at each other on a trading floor, but by computers talking to each other at the speed of light all over the globe.

Computers are now increasingly vulnerable to attack.

In April 2010, the value of the entire NYSE plunged in seconds, wiping out trillions of dollars of equity.

A trader's "fat finger" was blamed initially for the snafu, which was swiftly corrected. No further explanations for this disaster have ever been offered – no congressional hearings, no SEC investigation.

Two weeks ago, the London Stock Exchange reported it was "under major cyber attack" during a switch over to a Linux-based operating system. The LSE, unlike U.S. exchanges, is not based on the Internet and was thought to be less vulnerable to cyber attacks.

While LSE and British security officials were tight lipped on what actually happened (even concocting a "fat finger" cover story), share prices of five major companies collapsed in a second, and the LSE suspended trading for a day.

America's Nasdaq suffered a wave of cyber attacks recently with hackers gaining access to "non-public, insider information." Sen. Max Baucus has asked the SEC to investigate whether these hacks have given anyone a trading advantage.

The fact that there is a more threatening explanation to these instances of hacking the major stock exchanges has been universally ignored.

What if some group (some country?) wanted to erase the West's economic clout in one blow?

What if these recent attacks are but probes to develop and use a super-Stuxnet which erases the wealth of every investor and every listed company in one nanosecond?

It must be recognized that this is possible today. Won't the further concentration of exchanges into fewer hands using centralized computer systems just make such an attack easier and more likely?

In this "Pearl Harbor" scenario, what if it isn't the U.S. Navy attacked, but the wealth of the West that's attacked and erased from the computers on which that wealth is recorded?

Are we ready for that kind of assault?

Related Links

Britain Wants International Rules on Cyberspace - FOX News
Merger mania again hits global stock exchanges - International Business Times
Chinese Hosting Company Named In Cyber Attacks On U.S. Oil Companies - TheHostingNews.com
German company aims to acquire NYSE - WALB-TV
Lawmakers warned that cybersecurity is becoming battleground of the future - Infosecurity Magazine