World News | Latest News: 04/18/11

Monday, April 18, 2011

Attacks on critical systems rise

18 April 2011 Last updated at 19:09 ET

Internet-based attacks on critical systems such as gas, power and water have increased around the world, a report suggests.

Security firm McAfee surveyed 200 IT executives working for utility companies in 14 countries.

Eight out of 10 said their networks had been targeted by hackers during the past year.

China was seen as the most likely source of attacks, followed by Russia and the United States.

The number of reported incidents was higher than in 2009 when just over half of those asked said they had fallen victim.

Denial of service

Most of the reported security breaches took the form of distributed denial of service (DDOS) attacks.

These typically involve a network of computers, under the control of criminals, overwhelming a company's internet-connected systems.

While such incidents have the potential to impact websites and corporate networks, researchers said it was unlikely they were intended to cut off energy supplies.

However, there remained a possibility that DDOS attacks could do more harm in future, according to Stewart Baker, a former US national security advisor to President George W Bush and one of the report's authors.

"We asked what what the likelihood was of a major attack that causes significant outage.

"That is one that causes severe loss of services for at least 24 hours, loss of life or personal injury or failure of a company.

"Three quarters thought it would happen within the next two years," he said.

Stuxnet

Arguably the best known example of an internet-bourne threat disrupting an industrial system is the Stuxnet worm, which was discovered in 2010.

Analysis suggests that the malicious computer code was specifically designed to take control of machinery in either Iran's Bushehr or Natanz nuclear facilities.

While it was known that the worm had spread more widely than its intended target, McAfee's research suggested the full extend of its reach.

Among those utility companies that had carried out a search for Stuxnet on their computer systems, 40% found traces of it.

"It probably didn't result in any obvious interference with the systems, because it wasn't designed to do that," said Mr Baker.

"But the fact that it spread so widely and could have done so if it had been differently designed is very, very troubling if you are worried about cyber attacks by hostile nations or extortion attempts by well organised criminal gangs."

Government help

Respondents were also questioned about how much involvement they had with their governments on tackling cyber security issues.

Japan came out on top, along with China and the United Arab Emirates, although the survey did not ask if that cooperation was voluntary or enforced.

The United Kingdom scored lowest of all those taking part in the study.

A Cabinet Office spokesman told the BBC that the situation had improved dramatically since the launch of its National Security Strategy in October 2010.

The policy document recognises cyber attacks as one of the top four national security threats facing the country.

"We have recently launched an initiative with the private sector to help develop greater awareness of the threats and better protection for dealing with them," said the spokesman.

Piracy hunt law firm facing costs

18 April 2011 Last updated at 11:31 ET

A controversial law firm that tried to get money from computer users by accusing them of illegal file sharing could be hit with massive legal fees.

ACS:Law and its one solicitor, Andrew Crossley, sent thousands of letters threatening recipients with court action if they did not pay out.

Now a judge has ruled that the company may be responsible for wasted costs in the case and ordered a full hearing.

Mr Crossley's lawyers declined to comment.

The proceedings represent something of a role reversal. Originally the Patents County Court had been asked to hear the cases brought by Mr Crossley's firm.

After those collapsed, it was decided that he might be liable for costs.

Those could run into thousands of pounds, although that money is likely to be covered by solicitors' insurance.

Lawyer's letters

ACS:Law had originally teamed-up with a company called MediaCAT, which purported to represent copyright owners, such as film and music producers.

Together they sent letters to around 10,000 people in the UK, alleging that the IP addresses of their computers had been linked to illegal file sharing.

Individuals were given the option of paying �500 or facing court action.

Many of those contacted said they had never engaged in such activity and accused ACS:Law of carrying out a speculative "fishing" exercise.

Mr Crossley eventually brought 26 cases to court, but soon after hearings began he tried to have them dismissed, claiming he had been attacked and received death threats.

Judge Colin Birss QC refused to allow proceedings to stop and accused Mr Crossley of trying to "to avoid judicial scrutiny".

Soon after, both ACS:Law and MediaCAT were wound-up.

Profit share

It emerged in court that the two companies had agreed on a profit-sharing model, with ACS:Law receiving 65% of any money recovered.

In his most recent ruling, Mr Birss said that arrangement had "brought the legal profession into disrepute".

He also branded the now-defunct firm "amateurish and slipshod".

The court's decision to press ahead with a hearing on wasted costs was welcomed by lawyers representing those people who received ACS:Law letters.

Michael Forrester, from Ralli Solicitors, said his firm was also planning to pursue claims for harassment against Mr Crossley and urged anyone who was affected to join the action.

"It can be incredibly upsetting for people to receive these letters and they may well have a claim in harassment, so I am urging them to come forward."

Mr Crossley's application for permission to appeal was refused. He is also being investigated by the Solicitors Regulation Authority.