Has the postman delivered your draft card yet? If not, you might want to check your email -- because it looks like we're in a cyber war.
By all accounts (except its own), North Korea declared e-war on the U.S. this week. On Wednesday, distributed denial of service (DDOS) attacks utilizing a "botnet" controlling some 100,000 zombie computers targeted multiple networks in the United States and South Korea.
Among the targets of recent attacks:
- The White House, State Department, NSA, and Pentagon
- US Bancorp (NYSE: USB )
- NYSE Euronext (NYSE: NYX )
- Nasdaq OMX (Nasdaq: NDAQ )
- Amazon.com (Nasdaq: AMZN )
- The Washington Post
- ... and The Office of the President of South Korea and the Korea Exchange Bank
I know. For decades, the United States has had more enemies than you can shake a mouse at. According to a report out of The Wall Street Journal earlier this year, the federal government logged more than 18,000 cybersecurity breaches last year, including more than 3,200 cases of unauthorized access and nearly 2,300 cases of malicious code being inserted into federal IT systems. The Post, stock exchanges, Amazon -- as high-profile proxies for "America," all are logical targets. But who's hatin' on South Korea, folks?
Only one name comes to mind: North Korea.
Oh, them again
Right, and fortunately for us, the effect of the attack was commensurate with the technological prowess of the attacker. If it's true that these attacks originated north of the 38th Parallel, this would explain the pathetic ineffectiveness of the attacks. The Pentagon confirmed that it suffered "no real damage" from the attacks, while the White House termed said it had "absolutely no effect on the White House's day-to-day operations." NYSE, whose website was also attacked, wasn't even aware it had been attacked until the government informed them.
And yes, a nation whose leadership has reduced its population to foraging for tree bark for dinner, and recently "flexed" its military muscle by once again meekly launching a missile salvo into the sea on America's Independence Day, probably isn't the biggest worry for U.S. cyberwarfare experts. Why, according to the AP, there may be as few as 500 competent hackers in North Korea, out of a population of about 24 million (I'd wager good money than most midsize U.S. high schools could muster up more than 500.)
But that's not the point.
What if Kim Jong-Il held a war, and nobody ... noticed?
Granted, if given our druthers, I can't think of many countries the U.S. would rather fight a (cyber) war with than North Korea. But we won't always be given that choice. On numerous occasions, the U.S. has endured more robust hack attacks -- apparently state-sponsored by the likes of China and Russia.
President Obama's Administration has promised to spend millions and billions of dollars strengthening U.S. e-defenses, what with:
- Boeing (NYSE: BA ) being tasked (at least until recently) with developing a secure communications intranet for use in the Future Combat Systems program.
- Lockheed Martin (NYSE: LMT ) having recently won a contract to develop a "National Cyber Range" for DARPA, wherein the agency will test "various cyber scenarios ... to provide a comprehensive, unbiased assessment of the security of information and automated control systems"
- And Cisco (Nasdaq: CSCO ) -- judging from the past few seasons of 24 -- providing much of the secure hardware "guts" for the federal IT infrastructure. The company recently released a styled cartoon advertising campaign called The Realm which focuses on the company's products which protect against events such as cyber attacks, whether from individuals or in this case, rogue governments.
As an investor, this is a threat that could affect you in multiple ways. Sure, you can attempt to profit from it by buying firms like Cisco or Verisign, but there's a less salient threat to all investors. Unless continued efforts are made to combat and deter the problem, holding stocks that are vital to American commerce such as NYSE Euronext, Nasdaq OMX, or US Bancorp carry an additional level of risk. As recent attacks showed, they're on the front lines for cyber attack should tensions increase between the U.S. and hostile nations with advanced technical abilities.
We still don't know who the bad guys are
This, Fools, is the real point of this week's news. It's not that the U.S. suffered a DDOS attack and fended it off handily. Nor is it that North Korea attacked the U.S. and now we need to respond in kind.
Fact is, despite all evidence to the contrary, North Korea may not have attacked us. Nearly 20 years after the Internet entered into widespread use on these shores, it's still nearly impossible to determine where an attack originates from. This week's could have come from "north o' the 38th" -- or from country further south. Or west or east for that matter. (I know that's a non sequitur, but you get my point.)
Fact also is, there's no reason to assume this attack was state-sponsored at all. According to a recent report out of the Council of European National Top Level Domain Registries (CENTR) a botnet of the size used in this week's attack can be "rented" online for as little as $1000 per day. So while North Korea certainly could have afforded it (Kim Jong-Il spends less on Hennessy cognac in a week!), so could almost anybody -- whether or not they rule a country of their own.
Someone threw a cyber war this week, Fools. True, no one bothered to RSVP (the invitation got tossed with the junk mail), but next time we may not be so lucky. It's great to know that the government is spending billions hardening the IT system against more competent attackers. But what we really need here is a million-dollar solution to the real problem: Identifying who the attackers are.
Not long ago, the offer of a $10 million Ansari X prize sparked the race to private space flight. The firms who endured this week's assault should band together and fund a similar contest to develop a simple, reliable, cost-effective means of identifying the source of a cyber attack.
Deadline for submission: Yesterday.
Then post your thoughts in the comments section below. We're listening.
(Which company offers the absolute best play on America's need to beef up its IT security? Find out in Motley Fool Rule Breakers.)