In my last blog post, I linked to President Obama’s proclamation announcing the start of National Cybersecurity Awareness Month. This week, I would like to discuss in more detail the cyber threats that we are facing as a Nation and as individuals. A key theme for this month is that cybersecurity is "our shared responsibility." Each one of us must take the time to increase our awareness of the cyber risks that are present every time we turn on our computers.
Just the other day, the media was breaking a story about the latest generation of malicious software designed to steal money from bank accounts. This "bank Trojan," called URLzone provides a sophisticated interface for managing theft from numerous accounts and deceives the account owner with false statements.
For years, research institutions have noted a steady increase in number of malicious programs that are being used to exploit the vulnerabilities of our computers. A vast percentage of all e-mail is spam, which tries to lure us into downloading software, visiting an infected website or social networking account, or even making a phone call in order to get us to reveal information useful for identity theft or to steal money. Many of these malicious actors are now sending out fake emails from the Internal Revenue Service.
Sophisticated cyber criminals are bypassing individual computer users and are attacking financial institutions. To them, the motivation is simple. Why steal one bank account record when you can steal millions? Fortunately, our law enforcement agencies have had some remarkable successes against key groups responsible for cyber attacks. Just last week, nearly 100 people were arrested in the United States and Egypt on charges of computer fraud, conspiracy to commit bank fraud, money laundering, and aggravated identify theft. Last month the U.S. Government convicted the individual responsible for the theft and sale of more than 40 million credit and debit card numbers from numerous U.S. retailers with losses of more than $21 billion. You can learn more about federal law enforcement efforts in combating cyber crime here, here, and here.
And then there are the botnets, which are large numbers of compromised computers that are controlled remotely by criminals or other malicious actors. Some computer experts have estimated that one quarter of all personal computers are part of a botnet. The Conficker worm has been around for about a year and has managed to spread into millions of machines through network connections and portable media such as thumb drives. These botnets appear to be used primarily for supporting criminal activities such as spam, but we worry that such large botnets could be used to launch unprecedented denial-of-service attacks against banking, government, or other important websites.
As you can see, the cyber threat is quite real. Every day dozens of Federal departments and agencies work with their industry partners to help mitigate these threats. And while we have made great strides thwarting the efforts of cyber criminals, more needs to be done. Next week, I will write more about the basic cybersecurity tips that every computer user should know and adopt.
John Brennan is Assistant to the President for Homeland Security and Counterterrorism