If you think cyber hacking, cyber theft, cyber terrorism and cyber warfare are just a side show in the world of global economics and investments, let me tell you three short stories and ask you a few simple questions …
In 1999, Jonathan James in Miami, using the code name “c0mrade,” attacked NASA computers and caused a 21-day shutdown of systems that support the international space station. He also hacked the Pentagon weapons computer systems.
His age at the time: 15.
In 2001, just days after the 9/11 terrorist attacks, a 19-year old living in the UK nearly destroyed the Port of Houston, one of North America’s largest. He was arrested and tried. Prosecutors presented evidence that he had illegally obtained the addresses of 11,608 servers in the area.
But a jury found him “not guilty.”
In 2008, the FBI tracked down a young boy in East Boston, who was using the Internet to organize a phone hoax. His feat was to send a series of SWAT teams to the homes of high-profile individuals living in Colorado. His name was Matthew. His hobby was to play these kinds of “games” since he was 14.
|A 14-year old blind boy used the Internet to send SWAT teams to the homes of high-profile individuals living in Colorado.|
And he was blind.
Now the questions …
Question #1. Since these and countless other hacks began to take place years ago, has Internet security improved significantly?
Question #2. If a 15-year-old in Miami, a 19-year old “not guilty” young man in England and a blind teenager in East Boston can hack into supposedly secure, mission-critical computers of America’s space agency, America’s largest ports and America’s telecom systems, then …
What about teams of sophisticated software engineers employed or sponsored by the Russian Federal Security Service (formerly the KGB), China’s People’s Liberation Army, or Iran’s Ministry of Intelligence and Security? How much damage can they do?
Question #3. Which U.S. companies can best protect us from these attacks and how can investors profit from their achievements?
I can answer the first question with a two-letter word:
Cyber defense has not evolved significantly, certainly not as much as cyber weapons.
Indeed, for anyone who knows the truth, “www” really stands for Wild Wild Web — a vast world that’s wide open to criminal gangs, lone-wolf gunmen for hire, renegade nations, and rival world powers.
I’ll answer the second question with some stories that make those three teenage hacks look like party games by comparison.
And, I’ll answer the third question by naming the companies that are leading the charge in cyber defense plus, at the same time, merit a high Weiss Stock Rating.
Massive Cyber Attacks on the U.S. Homeland
Never before in our lifetime has our nation been more vulnerable to cyber attack and, relative to the magnitude of that threat, never before has so little been invested in its defense.
Just in the last few years, at least four nations — Russia, China, Iran and North Korea — have already launched daring, sweeping attacks on our soil; some causing immediate damage, some laying the groundwork for possible systemic destruction in the future.
This is not science fiction. It is here. It is now. And it’s documented by reams of evidence from the Pentagon, the CIA, FBI and virtually every Homeland Security agency.
That’s just the publicly available information. What’s known behind the scenes is far, far more.
But no matter what has been — or will be — coming to light, it never ceases to amaze me how much the Internet has grown and how little its underlying structure has changed.
I remember its early days. I was visiting my nephew at the University of California and needed a way to urgently share data with a professor at the University of São Paulo in Brazil.
A friend at the UC Computer Science Department helped me create an account. He showed me how to log in. And he gave me a short list of basic commands to type onto a blank, black screen. The word “google” wasn’t one of them. Neither the command nor the company even existed yet.
I asked my UC friend who else was on the system, and he gave me a brief rundown:
The U.S. State Department.
The Central Intelligence Agency.
The North American Aerospace Defense Command (NORAD).
The National Aeronautics and Space Administration (NASA).
The Federal Reserve.
Some of the largest U.S.-based multinational corporations and research think-tanks.
Computer science or engineering departments of select universities in the U.S. and abroad.
“You mean,” I asked, “I can actually log on to the computers of the CIA, NASA, NORAD or the Fed — all from your terminal right here?”
|All you need is the right username and password, and you can access virtually anything, anytime from anywhere in the world.|
He didn’t bat an eyelash. “Sure. All you need is the right username and password, and you can access virtually anything, anytime from anywhere in the world.”
I was aghast.
“But,” he continued, “how many people in the world have a terminal like this one? Most people, even computer users like you, don’t even know this international network exists.”
That was over 30 years ago.
Now, fast forward to 5 AM, Monday, March 23, 2015, and the number of Internet users is no longer measured in the thousands, not even in the millions.
It’s 3 billion, 88 million, 100-odd thousand and still growing. Very, VERY fast.
China alone, home of one of the most advanced hacking operations in the world, has 642 million online users — two for every man, woman and child alive in the United States.
Russia, which has developed some of the most sophisticated cyber warfare technology, has more than 85 million.
Impoverished and war-torn Nigeria, the source of some of the biggest Internet scams ever witnessed, has more Internet users than the UK or France.
Even in Iran, which has been isolated from the world economy by sanctions, the number of people on the Internet is nearly triple the total population of New York City.
And still, in most situations, all you need is a username and password to access virtually anything, anywhere, anytime from any location in the world.
How does a thief, terrorist or enemy combatant break in? There are many ways. But here’s the most common:
You’re an employee at Lockheed Martin, Boeing, Raytheon, or any one of America’s top defense contractors.
You have “confidential,” “secret” or even “top secret” security clearance.
You get an email that seems to be from a friend, a family member or your boss. It has an attachment. You open it.
And instantly, a piece of malicious software (malware) is saved on your computer, spreads to the entire network, and opens a gaping hole into your company’s databases.
Without any inkling of what’s happening, you become the conduit for thefts that can involve more valuable assets than the greatest bank robberies of all time.
The crux of the problem: The Internet — the heart, aorta and circulatory system of the global economy — is now more mission-critical (and vulnerable) than all telecom networks and postal systems of yesteryear.
But it was never built with top security as a priority. It was always built prioritizing easy access.
Virtually anyone with a desktop, laptop or cheap mobile device can barge in. And well-funded foreign government operatives can cause major damage. Here are just a few of the most blatant examples …
China attacks U.S. defense contractors.
According to NSA whistleblower Edward Snowden, Chinese spies have stolen voluminous data related to Lockheed’s F-35 Joint Strike Fighter. And U.S. military experts say Beijing has probably used the information to help develop its latest generation of fighters.
|China has allegedly stolen data on Lockheed’s F-35 Joint Strike Fighter.|
Specifically, the Chinese appear to have stolen 50 terabytes (50 thousand trillion units) of data, including information about the fighter’s detailed engine schematics, methods for cooling exhaust gases and the systems the jet uses to track targets.
U.S. military experts believe China then used the stolen information to help develop its fifth-generation fighter jets Chengdu J-20 and Shenyang J-31 that threaten Western sky superiority over Asia and beyond.
According to Bloomberg News, China has also been stealing massive amounts of U.S. military drone technology — virtually nonstop since 2007!
Their hacks provided totally unrestricted and extensive access to high-level, classified military technology, “dwarfing any theft of Cold War secrets.”
Richard Clarke, former special adviser to President George W. Bush on cyber security, explained it this way: “God forbid we get into a conflict with China, but if we did, we could face a major embarrassment, where we try out all these sophisticated weapons systems and they don’t work.”
China has also reportedly hacked into U.S. weather and satellite systems under NOAA, the U.S. Postal Service and the U.S. Office of Personnel Management, which stores detailed data on up to 5 million U.S. government employees and contractors with sensitive security clearances.
Result: They probably know virtually “every single person who is cleared in the U.S,” says Jacob Olcott of Good Harbor Consulting, a cyber-risk-management company, and a former counsel for the Senate Commerce Committee.
- Health-insurance company Anthem Inc. has been the target of one of the world’s largest-ever data thefts.
Number of U.S. residents whose Social Security numbers and other personal data were stolen: 80 million!
Source of the hack: China.
Their probable goal: Data on tens of thousands of employees with major U.S. defense contractors in order to help penetrate those computer systems.
- Chinese hackers also infiltrated a computer network linking hundreds of hospitals across the United States, stealing the personal information of 4.5 million patients in 28 states.
- China and at least one other country are capable of hacking into critical infrastructure such as the electric power grid or water systems, potentially causing “catastrophic failures” that could kill Americans or damage property, according NSA. “The cyber challenges we’re talking about are not theoretical. This is something real,” said Adm. Michael Rogers, who leads U.S. Cyber Command.
Iran’s attacks against U.S. deemed “highly sophisticated.”
Until recently, U.S military and intelligence officials discounted Iran as a minimal threat. Now they’ve changed their mind.
Reason: Iran’s hacking capabilities have improved dramatically, thanks to a partnership with Russian cybercriminals, with Moscow’s tacit approval.
Indeed, a series of cyber attacks — carried out by hackers working for Iran’s government or by groups acting with the approval of its leaders — have targeted U.S. banks, energy companies and the U.S. military.
Iranian intruders penetrated a U.S. Navy computer network that’s used for email and the service’s internal intranet.
They attacked Las Vegas Corporation, which runs the casinos of billionaire Sheldon Adelson, stealing credit card data, Social Security numbers and driver’s licenses.
Since at least 2012, Iranian hackers have also directly attacked, — and extracted highly sensitive materials from — the networks of government agencies and major critical infrastructure companies in Canada, England, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea,Turkey, United Arab Emirates, and, of course, the United States.
So much so that, according to many security experts, Iran is now “the new China.”
Russia trumps them all.
In a 2015 presentation to the Senate Armed Services Committee, entitled Worldwide Threat Assessment of the U.S. Intelligence Community, national intelligence director James Clapper reported that Russia’s cyber command has developed the capability to target U.S. industrial control systems to attack electric power grids, air-traffic control systems, and oil and gas distribution networks.
|Russia has sponsored hacking campaigns targeting a host of high-level institutions, including NATO.|
But Jeffrey Carr, head of the web security firm Taia Global and author of the book Inside Cyber Warfare, believes that even these kinds of threats are greatly underestimated.
“Russia,” he says “has been more active than any other country in terms of combining cyber-attacks, or cyber-operations, with physical operations. The Russia-Georgia war of 2008 was a perfect example of a combined kinetic and cyber operation.”
In fact, reports from Google, from cyber security companies and from U.S. intelligence agencies show that Russian sponsorship of skilled hacking campaigns dates back to 2007 and targets a whole host of high-level institutions: NATO. Governments of Russia’s neighbors. And U.S. defense contractors like Science Applications International, and Academi LLC (previously Blackwater).
Collectively, the new research validates a view long expressed privately by U.S. officials security specialists: Moscow is the A-team of America’s Internet adversaries. China may hack more often, officials say. But Russia hacks better.
Just four months ago, for example, the U.S. State Department confirmed hackers breached its email system, and as of last month, it still had not been able to evict them from the department’s network. People familiar with the intrusion say the nature of the links strongly suggest involvement by the Russian government.
Russia’s next target was the White House, when hackers breached a computer network used by President Obama’s senior staff. Their intent was apparently to map the White House system, find entry points where they connect to other systems, and conduct mass espionage.
Russian hackers have also launched unprecedented, highly-sophisticated attacks on Western oil and gas companies, U.S. banks and other institutions.
My friend … I’m not talking about petty theft or minor property damage. I think you can see that plainly by now.
Rather, this is about massive robbery, rampant espionage, fatal terrorism and outright warfare, striking at the soft underbelly of our entire economy and military — the wide open, virtually unguarded, Internet.
Can U.S. Companies Come to the Defense?
Strangely, despite everything I’ve documented here — plus, much, much more — both U.S. government agencies and corporate boardrooms are just now waking up from their long slumber of complacency; just now beginning to think more seriously about cyber defense.
And already, money is starting to pour into cyber security companies in torrents.
I’ll save the details for a future article. But right now, let me get the ball rolling by naming the U.S. companies with cyber security operations that merit a Weiss Stock Rating of B+ or better.
- Northrop Grumman Corp (rated A)
- Cisco Systems (A-)
- L-3 Communications Holdings (A-)
- General Dynamics Corp (B+)<
- Intel (B+)
- Lockheed Martin (B+)
- Symantec (B+), and
- VASCO Data Security International (B+).
As you can see, most are not pure cyber security companies. Many are giant names that are broadly diversified with many other tech or defense product lines.
But as global cyber warfare escalates, it’s very likely that hundreds of billions of dollars will shift toward the kinds of cyber defense products these companies develop.
And that money is bound to come BOTH from taxpayers paying for new government contracts AND from investors hunting for profits.
Stand by for more on these kinds of companies coming soon.
Good luck and God bless!