What Is Next on Hackers' Hit Lists

NEW YORK (TheStreet) -- From Lockheed Martin to Citigroup and even the CIA, the list of major organizations falling victim to hackers is growing at an alarming rate, fueling worries that core U.S. infrastructure is the next big target.

"If you are talking about hackers that work for foreign governments, then I think the focus would continue with defense contractors as well as anything related to the U.S. infrastructure," said Jim Stickley of cyber security specialist TraceSecurity. "That could include the power grids as well as oil refinery companies and phone systems."

Underlining the importance of this issue, the National Security Agency has reportedly started a project called "Perfect Citizen," which aims to monitor key infrastructure such as power grids and nuclear reactors for potential cyber attacks. The NSA has not yet responded to TheStreet's request for comment on this story.

Attacks that temporarily knock out an organization's Web site, such as the ones which recently targeted the CIA and the IMF, are also likely to proliferate, according to John D'Arcy, an assistant professor at the University of Notre Dame's Mendoza College of Business.

"The next likely target will be a high-profile government Web site or system, or else one of the larger U.S. companies' sites such as Google," he explained. "These hacking groups are really trying to make a splash by going after high-profile targets (such as the IMF site) and I expect that trend to continue."

TraceSecurity's Stickley also notes a new approach from some hackers shifting their approach away from individual consumers.

"The next generation of attacks will focus less on the home users and more on the employees of organizations," he said. "For example if I am a hacker and can infect one teller computer on a banking network, I can write automated code to use the credentials of that teller to gain access to the core processor and retrieve the confidential information of every single customer."

Set against this backdrop, Mike Prettejohn, a director of U.K.-based Internet services firm Netcraft told TheStreet that he expects to see businesses focus attention on application-level security. F5 Networks, which sells all-in-one security "god boxes" is particularly well positioned, according to Prettejohn. "I would expect to see more and more companies front their Web sites with an F5 device, as that covers a lot of key aspects -- reliability, load balancing, performance, and also application level security," he said. Stocks to Gain on Security Pain Notre Dame's D'Arcy notes that the major consumer security players will also see upside in additional attacks.

"Research indicates that there are broader industry impacts, in that security vendors actually benefit from large scale breaches, so I expect this to continue, with the likes of Symantec, McAfee and others benefiting from the increased perceived need for security," he said. Symantec CFO James Beer recently told TheStreet that his company has avoided the slowdown in consumer spending that has blighted other tech firms, citing the volatile cyber-security environment.

Experts have repeatedly warned that that there is no such thing as a 100% hack-proof network, as the recent breach at authentication specialist RSA proved.

RSA recently confirmed that the breach of its SecurID remote access technology that took place in March was part of a broader attempt to hack Lockheed Martin and extended an offer to "virtually" all of its customers to replace their tokens.

The problems at RSA, which is a unit of storage giant EMC, should serve as a wake-up call for corporate America, according to Gartner analyst Avivah Litan. "I think that it's making people wake up and move beyond just user authentication," she said, adding that firms should be monitoring their users and carefully controlling their Web site access.

Symantec and Oracle, for example, both offer user monitoring technology, according to Litan, who sees additional opportunities for Web monitoring firm Silver Tail Systems and fraud detection specialist EnTrust. RSA's recent problems have also stirred up its competitors, said Litan, nodding to VeriSign, which is part of Symantec, and privately-held Phone Factor, which touts phone-based authentication.

The analyst, however, does not foresee a mass exodus away from RSA anytime soon. "That's not what I am hearing," she told TheStreet. "People don't want to get rid of the incumbent vendor."

Rich Mogull, CEO of research and advisory firm Securosis, agreed that corporate America is unlikely to ditch RSA en masse. "Customers are upset, but I haven't heard anything disparaging from them," he said. "I have had some conversations with people, and gut feeling is that, at this point, it's too early to tell."

--Written by James Rogers in New York.

Show Comments

Back to Top