Answer:
For those that are not familiar with this, on Sunday, January 25, 2004, terrorists leveraging resources in Korea, and posing as United States government representatives, attacked our country in an attempt to undermine the security of our banking systems.
In this case, the terrorists used a method of attack called "phishing." Phishing uses fraudulent email messages and fraudulent websites to fool recipients into divulging personal authentication data such as account usernames and passwords, credit card numbers, social security numbers, etc. Because these fraudulent emails and websites look "official" many people are tricked into disclosing valuable information -- which results in financial losses and identity theft.
This latest phishing attack is one of the most aggressive ever seen. An email, which appeared to originate from the Federal DepositInsurance Corporation, tells consumers that their banking accounts have been denied insurance from the FDIC due to suspected violations of the Patriot Act.
"As a result Department Of Homeland Security Director Tom Ridge has advised the Federal Deposit Insurance Corporation to suspend all deposit insurance on your account until such time as we can verify your identity and your account information. Please verify through our IDVerify below."
The attack last night was more than a generic network attack against a single network, it was an attack on our country and a blatant attempt to undermine the integrity of our financial systems. In this case, our reaction should be immediate neutralization of the threat. At the time I'm writing this, nearly 24 hours after the threat originated, the website in question is still active.
Are cyber attacks disguised as government messages, preying on some of our deepest anxieties, something that we have to endure until we can become more wary?Are security alerts and consumer education the only defense against these attacks?
I don't think so.
What is the right response to a specific act like this? We know where the threats come from and we have the technical and the physical means to stop these threats immediately.
So why don't we?
I propose two fixes, one in the short-term and the other longer term.
In the short-term, we should have a task force authorized to rapidly disable threats either physically or technically.
Long-term, we should focus on consumer education and awareness. But until that is in place, we need to focus and attack the threats as they appear.
The call to action? I am willing to do my part, whatever it takes, to build a response plan that will effectively neutralize these threats as they appear. Who else wants to step up?
print
share