April 19, 2024

You are here: Home / Archives for security firms

Guardians of Internet Security Are Targets

August 5, 2011 by Leave a Comment

“Whether an intrusion is conducted by a skilled outsider with criminal intent, an adolescent hacker seeking a thrill or a disgruntled employee bent on revenge or espionage, the potential risks to the organization are enormous.”

Last Friday, ManTech was that organization.

A band of Internet vigilantes calling itself Anonymous said it had sneaked into ManTech’s computers to demonstrate the company’s insecurity. The group released what it said were internal company documents and, in language that suggested the handiwork of an adolescent hacker seeking a thrill, taunted the company online: “It’s really good to know that you guys are taking care of protecting the United States from so-called cyber threats.”

ManTech is in good company. In recent months, several security firms and consultants have been hit by the very intruders they are hired to keep at bay.

Think of these companies as the new Pinkertons: Instead of taking on 19th-century outlaws in the Wild West, they are hired today to protect corporate and government data, including the most confidential intelligence information, across a vast virtual frontier. The string of embarrassing attacks on them demonstrates how vulnerable everyone is online, including those who are paid to be the protectors.

Many technology professionals who have long warned about such security risks say so-called hacktivist groups like Anonymous, which publicize their attacks to make a point, are the least worrisome of the many potential intruders out there.

“With the rise of hacktivism, now the people who break into you tell you they break into you,” said Jeff Moss, founder of the Black Hat conference, which drew nearly 6,500 technologists, largely security professionals, to Las Vegas this week. “A little bit of public humiliation is going to go a long way in helping the security industry clean up.”

Other times, the attackers are mysterious and more worrying entities, as in the case of the still unknown organization that in March breached the systems of RSA, whose electronic security tokens are used across many industries.

RSA’s parent company, EMC, has said that replacing tokens and cleaning up the mess has cost it roughly $90 million so far this year. Hackers used information obtained in the RSA attack to break into Lockheed Martin, the largest military contractor in the country.

On Wednesday the security company McAfee said it had uncovered a campaign of computer break-ins at 72 organizations and companies worldwide. McAfee called it the handiwork of a nation-state intent on acquiring, among other things, American military designs. Military contractors in the United States made up a disproportionately large share of the companies selected — 12 in all.

Anonymous, for its part, has made it plain that it goes after defense and intelligence contractors to expose their security vulnerabilities, not for financial or strategic gain. Booz Allen Hamilton, a $5.6 billion company based in McLean, Va., that does computer security work for the Defense Department, was hit by the group in early July; the hackers released the e-mail addresses of 90,000 military personnel.

The most notorious breach of a security company came early this year after an executive at HBGary Federal, a relatively small consultant eyeing a government contract, boasted publicly of his ability to unmask the members of Anonymous. In response, hackers made off with a large trove of the company’s e-mail messages and dumped them online, exposing details of its business transactions.

Greg Hoglund, who is the chief executive of HBGary, the parent company that owns a minority stake in HBGary Federal, said that the breach was the result of “a human mistake” and that his firm, along with other security companies, had fortified their systems since then.

“It was a wake-up call for the entire security industry,” Mr. Hoglund said. “It probably needed to happen. I wish I didn’t have to be the sacrificial lamb.”

As unlikely as it may seem, HBGary Federal still has a contract to help an unnamed federal agency sniff out spies inside its organization. And HBGary continues to sell its software, intended to ferret out the circumstances of a network intrusion.

For its part, ManTech posted a vague statement on its site last Friday after the Anonymous attack, saying that it addresses threats to its information systems and pointing out the obvious: “All organizations attract cyber threats in our highly networked world.”

An academic who studies computer security, who declined to be named because he consults for the government, described the Anonymous attacks on security companies in blunt terms: “They’re pulling their pants down publicly.”

The spate of attacks — and the fear of more — could actually end up buoying the fortunes of the global security industry. A nationwide survey of company technology managers, conducted by Forrester Research, found that computer security had increased as a share of the total information technology budget of companies, to 14 percent this year from 8.2 percent in 2007. Of those surveyed this year, 56 percent said it was a high priority to “significantly upgrade.”

“The landscape is more menacing now,” said Eve Maler, principal analyst for security and risk at Forrester. “Even the most experienced practitioners are in the process of upping their game.”

All of the major defense and intelligence contractors have expanded their digital security wings in recent years. They are simply following the money. The business of security for government agencies is growing by an enviable 9 percent a year, according to the research firm Input/Deltek. Federal government contracts alone amount to over $9 billion today and are projected to grow to $13.3 billion by 2015. “Cybersecurity,” Deltek concluded in a recent report, “is somewhat immune to spending and budget cuts.”

For better or worse, said Jonathan L. Zittrain, a Harvard Law School professor, securing the Internet has been largely left to private players — and even government information is increasingly guarded by private companies, whose actions can be difficult to monitor and hold accountable.

“In the absence of larger public order, we’ve seen do-it-yourself approaches: the technologically savvy can configure their own firewalls, and corporations can try to buy security,” he said. “But this can be as figuratively dicey as trying to get and maintain security contractors in Baghdad immediately following the fall of Saddam Hussein.”

Article source: http://feeds.nytimes.com/click.phdo?i=e77eae2531515651f358864d7384ef69

Filed Under: Business News Tagged With: , ,

Bucks: Cleaning Up an Online Reputation

June 11, 2011 by Leave a Comment

Paul Sullivan, in his Wealth Matters column this week, takes note of the women who received Representative Anthony Weiner’s texts to make the point that their names will be forever linked to his in any online search. Yes, this is a high-profile example, but Paul says that all sorts of people can be negatively branded on the Web, even if they did nothing wrong.

Paul also says there are companies that can help people clean up their online reputations. Technology and security firms, for instance, often resort to burying the information as best they can. And some insurance companies offer coverage to protect against defamation and libel suits.

Have you had negative information about you on the Web — true or untrue? How did you deal with it? And did it have any effect on a job search, for instance? Tell us your stories below.

Article source: http://feeds.nytimes.com/click.phdo?i=59efbd35fcd8076ca5f1de330c380fbe

Filed Under: Your Money Tagged With: , ,