General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsWhere are the world's anti-hacking people?
I'm reading about all of these massive hacking operations going on and I'm just wondering where are OUR people? Not just the US but across the globe?
The Russians, the likely culprits, can't be THAT superior to everyone else can they?
Am I remembering correctly that there were sweeps after Snowden did his thing?
Not an IT expert myself at all.
jberryhill
(62,444 posts)This is what decades of lagging math and science education does to a country.
As an attorney who works on matters involving the internet, I frequently come across evidence of cybercrimes and have assisted law enforcement agencies in tracking certain things down - when you can get their attention and on my own dime.
There is a lot of incentive in committing cybercrime, not a whole lot in fighting it.
leftofcool
(19,460 posts)The government does not want to pay for it. They won't see this as important until someone hacks their bank account or the account of a US billionaire
jberryhill
(62,444 posts)There's a scam that goes like this... I've seen it a couple of times.
Company is named bigcompany.com, located in Virginia. Chief executive is Imin Charge.
Scammer finds out a few facts about how bigcompany is organized, what their emails usually look like, some internal email addresses and who works for who.
Scammer registers bigconpany.com. Sets up email account IminCharge@bigconpany.com. Sends email to Imin's financial controller and tells controller that he needs $30k wired to a bank account at a bank in Philadelphia for an initial payment on a contract that legal is finalizing. Controller goes ahead and wires the money.
Amazingly, this works. Twice!
Later in the month, Imin is looking over accounts and wants to know why they wired $60,000 to some bank account in Philadelphia. They figure it out and call me. Domain name is registered with all fake info, I have it shut down.
Banks have some "know your customer rules" so I get ahold of the legal department at the bank and give them the run down. They confirm that they know the guy in Philly who opened the account and that he has a fishy explanation for his deposits and withdrawals, that he's running some kind of auto export business, but they looked a little closer and have some doubts. They will preserve all information for law enforcement.
I get ahold of law enforcement in Philly. They tell me that its a Virginia problem. Virginia tells me its a Philly problem. Then, they both tell me its an FBI problem.
I have everything wrapped in a bow for the FBI to nail this guy, and give it to them.
FBI couldn't give two shits over a $60,000 interstate theft. As if that's the only thing this guy probably did, right?
I'm telling you... You want to rob people of a couple of $10k at a time. It's fucking legal in this country, because nobody is going to stop you.
Wellstone ruled
(34,661 posts)of the how,why and what the end picture looks like.
Friend worked at Foggy Bottom,and he was one of the first who spotted hacking of Governmental Computers. Being a Contractor,he was never able to find funding to put a stop to the Hacks. He described exactly to the tee how they were able to gain access and it was through the e-mail system.
leftofcool
(19,460 posts)They don't care. The FBI doesn't care, CIA doesn't care. The NSA does care sort of.
underpants
(182,830 posts)I'm learning a lot here. I can see how the email scam works.
Tatiana
(14,167 posts)This not only happens to "big companies" but also nationally known non-profits. In Illinois, at least, you can sometimes get a response if you contact the AG's office (Lisa Madigan for my state).
Mr. Ected
(9,670 posts)And it set me back $35,000.
Similar set-up. Real estate agent has her emails hacked. Agent's mails are monitored until a transaction is mentioned. In this case, agent's client was an out of state seller. Agent emails the closing attorney (me) her client's wiring instructions to send her net proceeds of sale. Problem is, it wasn't the agent contacting me. It was the hacker, and the $153,000 wire went into his account. Next morning, he withdraws $35,000. After 2 harrowing weeks, I get the $118,000 back...but now I have to pay the real seller her full proceeds. I cough up $35,000 from my operations account, nearly wiping me out.
My bank is no help. The recipient bank won't talk to me. No privity. I immediately filed an online complaint with the FBI. This was in December. I still haven't heard from them. Local law enforcement is attempting to procure information, but has been thwarted and ignored thusfar.
I'll never see that money again. And no one, no one gives a shit.
Johonny
(20,851 posts)so we have nothing to fear...unless somehow he's totally clueless to the real threat. Nah.
Tatiana
(14,167 posts)I'm not sure with our lack of resources in math and science, we have enough homegrown talent to mount an effective defense (and offense).
We should look to India and other places, while growing our own talent. My daughter is a Computer Science major and most of her classmates are immigrants from China and Korea.
leftofcool
(19,460 posts)Tatiana
(14,167 posts)But the skills needed have to be developed. Not sure we have the amount of talent necessary to compete with Russia which has actively groomed and cultivated their people for years.
The OP brings up a good point. We need to be actively thwarting these attacks now, while adequately supporting our national talent to develop the skills necessary to take the reigns.
I even wonder if maybe someone in the private sector could help with this effort, since the occupants of the WH have no interest in defending our country from Russian cyberattack.
leftofcool
(19,460 posts)You have to get funding for it and that is never going to happen. Perhaps when some millionaire Congress critter gets his back account robbed, the funding will suddenly show up.
Honeycombe8
(37,648 posts)Are you speaking of individuals IN the U.S.? Or the govt? Or Democrats?
You know all those bugs and viruses that go around? That's the work of hackers.
The U S govt is one of the top hackers in the world, and American hackers are innovative and creative. See http://www.csoonline.com/article/2984927/security/american-ingenuity-why-the-united-states-has-the-best-hackers.html
But stopping a hack and hacking are two different things, I would think.
underpants
(182,830 posts)I am just puzzled by this.
Honeycombe8
(37,648 posts)The govt hacks other govts (but not elections), like they hack us. Our allies hack us, and we hack them, I believe. They all hack each other.
But Russia is another level. The article says Russian hacking is like a govt-endorsed business. It hacks govts and elections and anything and everything.
unc70
(6,115 posts)Modern malware is quite complex, has multiple layers of defenses, and levels of obscurity. There are a lot of very talented people around the world "dissecting" this in the wild, trying to find a vulnerability in how it works and how to decrypt the data that was hijacked. This is a lot like dealing with a potent new virus spreading through a human population.
Leith
(7,809 posts)There have to be enough of them to work around the clock, weekends, and holidays.
Second, I have looked at the job ads. They're pretty damn steep. Examples of what is generally list as required:
- 5+ years professional experience in computer security. 10+ years AND management experience is common.
- Military experience or veteran.
- Ability to get federal security clearance (generally available only to military personnel).
- Work on a military base at least a 2 hour drive from recognizable civilization (okay, I live out west where that is a thing).
- Several years experience on several programming languages and platforms (mainframes, networks).
- Law enforcement experience.
- Upper limit on age.
- Your turn on call (why isn't anyone there watching already?).
- Move to Salt Lake City.
- Contractor position. Pay is all over the place, benefits last only as long as the contract does.
Those are just the ones I remember seeing. These requirements mean that anyone interested is probably not going to be considered. Those that make it to the interview are going to see what is expected of them for what they get in return will probably not want the job.
jberryhill
(62,444 posts)...is that there is no "silicon valley" pipeline for techies in Russia, so they find other ways to get paid.
TeapotInATempest
(804 posts)For the private sector. There are too few of us currently and most of us are employed protecting corporations (like me), so it's hard for the government to hire us though the FBI desperately wants to.
One thing I can say absolutely: the Russians are known, by those in my industry, to be the best in the world; Russian universities produce fantastic programmers/developers and have for years. Their hackers set up businesses - they have offices that are set up in the ways normal businesses are set up, they offer various support packages for their malware (Want better support? Upgrade to the gold or silver package!), will sell you the latest upgrades when they improve them, etc.
They're more than tolerated by the Russian government, are often seen at high-ranking government officials' parties and have their pictures taken with them. These people own PALACES, literal palaces. Their faces are plastered on magazines like rock stars.
I can't imagine how we compete with them, actually.
TeapotInATempest
(804 posts)I do know how we compete with them, although it's a long process. As a country, we need to teach computer skills starting to children from a young age. REAL computer skills, not the one most Americans possess. And we need our technology companies to start focusing on creating products with real societal value, not the social media type crap that will just create more billionaires.
ProudLib72
(17,984 posts)I had a professor who taught a basic class in computer information systems. She was a full time DBM for a non-profit. At the end of the semester, I told her I was signing up for an HTML/CSS class. She didn't say much, but her look was of severe disappointment.
underpants
(182,830 posts)drray23
(7,633 posts)its a pretty cool website to hone programming skills. not so much network stuff or security stuff but definitely algorithms and coding.
hunter
(38,317 posts)... talk radio too.
Best ignore the Cheese-Whiz internet news products too.
Thanks.
ananda
(28,866 posts)I keep wondering where Anonymous was this time around?
They helped Obama win Ohio when it was hacked.
YCHDT
(962 posts)MontanaMama
(23,322 posts)issue a warning statement aimed at Russia before the election?? I swear I remember that...will look for a link. Anyway, it sounds like they were out-gunned - lack of funding - maybe?? This ought to be a national priority. Imagine if we could recruit a cyber army? Pay them to go to school (like the GI bill?)and learn code, hacking skills and then in exchange require them to work for 2 years to protect our national cyber interests? That'd really be something. The Russians are still deep in our cyber systems. They aren't going anywhere anytime soon. I'm just brainstorming and thinking out loud but this seems like something that we should be working overtime on...that is of course when we're not dodging the goddam tennis ball machine full of flying manure shooting out of the WH.