Fittingly, a call to action from one side of the Atlantic to the other comes as news across the globe suggests the cybersecurity industry is in need of widespread reform.
While those in other areas were left to derive their own lessons from the news in the Internet security industry this week, U.S. lawmakers were addressed directly. The Transatlantic Consumer Dialogue sent a letter to U.S. Representative Mary Bono Mack this week that criticized the U.S. government's outlook on data security. The group, a coalition of more than 80 consumer organizations from North America and Europe, called out the current U.S. dialogue on data security for its reluctance to fall in line with that in Europe. Because of the differences in security track records between the two continents, the TACD believes U.S. lawmakers should follow in
the footsteps of their European counterparts.
However, current literature on the U.S. side of the issue suggests that some aren't taking the best line of protection into consideration.
"[The] TACD is therefore somewhat surprised by what appears to be an effort to call into question the purpose and 'burden' of the E.U. Data Directive," the organization wrote in its letter. "Given the widespread agreement across consumer organizations in both Europe and the United States that the United States lacks adequate privacy safeguards and that the U.S. privacy laws lag woefully behind current technology and business practices, we expected a hearing that would focus on the lessons that the Congress might draw from the E.U. experience with data protection."
Other similar organizations in the United States echoed these sentiments, with the Intelligence and National Security Alliance Cyber Council releasing its own report calling for data security improvements in both the private and public sectors.
Whereas the TACD called for international standardization, the INSA urged a proactive approach in the United States. Rather than devote their efforts to analyzing events that have already transpired, security experts should look ahead and prevent attacks before they occur, INSA analysts said.
"While there is a great deal of focus on current cybersecurity issues, there is little focus on defining and exploring the cyberthreat environment at a higher level," the report explained.
For the United States, this kind of wakeup call may not have come at a better time, with the 10th anniversary of the September 11 terrorist attacks being echoed across the Internet. And if the recollection of the attacks wasn't enough to reiterate that national security standards need to advance with the times, international hacking news likely was. Per usual, cybercriminals and hackers aimed their efforts this week at exploiting the increased national attention paid to the anniversary of 9/11.
After breaching the Twitter account for NBC News, one group of hackers posted a falsified message claiming a terrorist attack had struck ground zero.
"Breaking News! Ground zero has just been attacked. Flight 5736 has crashed into the site, suspected hijacking. more [sic] as the story develops," the Tweet read.
While the hack may have raised the concerns of U.S. citizens only temporarily – NBC News removed the post quickly and issued a swift explanation – it caught the undivided attention of U.S. law enforcement. The FBI has since begun investigating the matter, and it may have a potential lead, as the perpetrator claimed to be a member of a hacktivist network known as Script Kiddies. The group is known to be affiliated with the more well-known and successful Anonymous and Lulz Security hacking organizations, each of which has come under fire from the FBI this year.
Those responsible for the NBC News Twitter breach weren't the only hackers to make headlines this week. In an email interview with the New York Times, the infamous Comodohacker provided some details on one of the most troubling security issues of the year, for which he claimed responsibility. Known and named for his hack of the Italian data security firm Comodo, the hacker took credit for the use of falsified digital certificates to spy on Iranians' email messages. The report added a new layer to speculation that the man-in-the-middle attack that spied on an estimated 300,000 Iranian citizens emails was backed by the country's government.
To the contrary, Comodohacker told the Times that he, like so many other hacktivists, is merely trying to stir the pot.
"I'm totally independent," he said in an email exchange with the New York Times. "I just share my findings with some people in Iran. They are free to do anything they want with my findings and things I share with them, but I’m not responsible."
Experts believe the hacker's behavior indicates that the attack is, instead, the efforts of a young, skilled hacker with his own agenda.
Some evidence lies in the fact that Comodohacker published the details of his attack on Internet forums, boasting his own intelligence and going so far as to call it the "most sophisticated hack of all time." This has raised red flags with security experts trying to gauge the Iranian government's participation in the attack.
"If he were an intelligence analyst for the secret police he wouldn’t be doing this," Mikko Hypponen, a security researcher with F-Secure Labs, told the Times.
The Times report did acknowledge that the source may not have been entirely honest about his identity or location. The email Comodohacker sent to the news provider originated from a computer located in Russia, the report said. This just added another level of ambiguity to the story.
"Comodohacker has either remotely taken control of someone’s computer in Russia, or he may not be an Iranian software engineer at all," the Times explained.
In all, the week closes with another chapter added to the developing history of cybercrime and cyberwarfare. While the news is nothing new – hacking has been around for years and speculation has persisted that malevolent government activity involves some shady computer activity – the details can do nothing but help the security industry advance. Knowledge and analysis of the behavior of today's hackers is the only way the industry can predict their next steps, and authorities worldwide continue to call for that kind of action to be taken.