EXPERT CONTACT :
Associate Professor of Law
University at Buffalo School of Law
Bartholomew is an expert in intellectual property and cyber law. Here, he comments on the Cyber Intelligence Sharing and Protection Act (CISPA), a controversial cybersecurity bill pending in Congress.
"Hacktivist" Groups Like "Anonymous" Are Not the Biggest Threat to Cybersecurity, Says UB Information Assurance Expert
EXPERT CONTACT :
Dr. Shambhu Upadhyaya
Professor of Computer Science and Engineering and Director of UB's Center of Excellence in Information Systems Assurance Research and Education
University at Buffalo School of Engineering and Applied Sciences
Shambhu Upadhyaya teaches and conducts research in the area of computer security. He is director of the Center of Excellence in Information Systems Assurance Research and Education (CEISARE), whose work has included studying cybersecurity and training students to protect the nation’s information technology systems.
With hacker collectives carrying out high-profile cyber attacks — most recently claiming to have stolen a large trove of data including personal information from U.S. law enforcement agencies — Upadhyaya comments on how much of a threat these groups really pose to cybersecurity.
Q: Are hacker groups like Anonymous the biggest threats to cybersecurity today?
A: No. Groups such as Anonymous, LulzSec, AntiSec, etc. belong to a special group who indulge in ‘hacktivism’ — hacking and activism. They are largely a sympathizer of ‘freedom of information,’ and their agenda is basically to protest what they perceive as violation of freedom of information or violation of privacy. These attacks are not aimed at individuals but against organizations. Based on the recent arrests across the country and in the U.K., it appears that the group consists of juveniles who want to get some notoriety. They are not big threats because they indulge in denial of service attacks—creating nuisances such as defacing of websites, slowing down online accesses on the Internet, etc.—and occasionally stealing sensitive information such as password files, social security information, etc.
A: The biggest threat to cyber security is attacks on nation's critical infrastructure such as the electric power grid, transportation system, financial network and military assets. We have seen attacks on Pentagon's $300 billion F-35 Joint Strike Fighter project in April 2009, where the attackers stole some critical/sensitive information. Hactivism attacks of the type of Anonymous, LulzSec, AntiSec., etc. cannot be ignored, but they are of much lower risk compared to the attacks aimed at nation's critical infrastructure.
A: The Cyber Security and Internet Freedom Act 2011 that is in the works at the government is the right thing in fighting cyber attacks. It focuses on training and recruiting cyber security workforce to protect the critical assets of the nation. Companies and academia are doing research on cyber security to counter cyber attacks but there is no magical solution for this problem yet. There will never be a complete solution for cyber attacks because it involves a combination of process, technology and people, the people becoming the weakest link in the security chain. As an individual, one should use strong password and apply security patches to their systems constantly. One should not open unsolicited and suspicious emails and attachments. Such good practices will prevent a number of attacks and make you somewhat secure.
A: Anonymous showed solidarity to WikiLeaks last year when WikiLeaks founder Julian Assange was arrested. As an act of sympathy, they attacked Visa, MasterCard and online payment companies such as PayPal since these companies broke ties with WikiLeaks. Anonymous group also attacked Fox News and CIA websites. (The) FBI went after Anonymous and made several arrests recently in the U.S. and U.K. Other sympathizer groups such as AntiSec attacked several law enforcement agency websites as a retaliation to the arrest of Anonymous members.