Are Rising Corporate Cyber Attacks a Conspiracy?

Thursday, 6 Oct 2011 | 3:40 PM ET

The hacker world has been a busy one lately.

Nick Rowe | Photodisc | Getty Images

The blend of high-profile cyber intrusions and denial of service attacks, mixed with vague anonymous threats delivered by mechanized voices and curiously timed offline periods for major corporations, have prompted some conspiracy theorists to wonder — Is there a hacker movement underway to undermine big business and/or the economy?

The good news is that while there are certainly some anti-business forces in the hacking world, groups like Anonymous and its many offshoots and imitators lack the focus to organize a sustained attack on the corporate world at large. Unfortunately, that doesn't mean there's going to be any sort of slowdown on these attacks anytime soon. In fact, things may get worse before they get better.

"What you're seeing is that hackers are responding to the considerable amount of media attention being given to the hacking issue," said Hemu Nigam, founder of SSP Blue, an Internet security consultant business and former VP of Internet enforcement at the MPAA. "More hackers want to attack [companies] to see if they make the press. It's a vicious cycle and the only way to stop it is to focus on identifying the vulnerabilities and closing the gaps."

The hacks of late have been of especially high profile. What is believed to have been a denial of service attack Tuesday took down MSNBC and NBC Sports. (Update: On Thursday MSNBC.com indicated that it does not believe the incident was an attack, although the cause remains under investigation). MSNBC is owned by NBCUniversal and Microsoft. NBC Sports, like CNBC.com, is owned by NBCUniversal, which is owned by Comcast.

And the Twitter feeds of both Fox News and NBC News have been compromised recently, with the hackers publishing false alerts of a terror attack on the 10th anniversary of 9/11 and of the assassination of President Obama on July 4.

They're not limited to companies. Personal information of JPMorgan CEO Jamie Dimon and Burger King CEO Bernardo Hees was posted online last week. And they're not limited to the U.S. Japan's Mitsubishi Heavy Industries was hacked last month at factories that build submarines and missiles and make components for nuclear power plants.

The proliferation of attacks, though, is making many people leap to the assumption that there are nefarious reasons for any corporate Web outage. For the past several days, Bank of America has had several disruptions to its homepage.

The problems, which include delays and difficulty in accessing online banking systems, started a day after the company announced plans to charge a $5 monthly feefor many account holders using their debit cards.

Bank of America, though, has repeatedly insisted it hasn't been hacked or faced any security issues. At the same time, it hasn't given a reason for the outages, which has fueled the rumors. (The bank subsequently blamed a software upgrade).

This sort of paranoia among consumers is normal, Nigam said, but the fact is outages happen all the time, and hackers are rarely to blame.

"A sense of fear is developing in the consumer community," he said. "Any time a system goes down, people will assume it's because of hacking — and the majority of times, that's not why. It could be many, many, many other reasons. It could be upgrades. It could be a server issue. It could be human error."

The biggest name in the hacking world is Anonymous. This loosely organized group got its start on 4chan, the Internet’s most infamous imageboard, specifically its sometimes gritty "/b/" subforum. The founder of that site, though, argues that while the site (and the group) have become notorious for their exploits, there's a value in hiding behind that wall of anonymity.

"One of the things that 4Chan does that’s really special is the way people come together to collaborate en masse," said Christopher Poole at South by Southwest this year. "It’s the process at which you arrive at the product that is fascinating. … Anonymity is authenticity. It allows you to share in a completely unvarnished, raw way. … The cost of failure is really high when you’re contributing as yourself."

That anonymity leads to plenty of confusion, though — even among members. Since anyone can claim to be a member and speak on behalf of the group, it's hard to know what threats to take seriously. The most recent example of this is the threat that appeared Tuesday to "erase" the New York Stock Exchange from the Internet. One day later, though, another person claiming to speak for the group denied the plan was real.

Anonymous' communications issues are a more recent trend, though. In fact, the group has achieved a level of notoriety that has upped the stakes in the hacking world. Earlier this year, a splinter group calling itself LulzSec hacked Sony Pictures , posting reams of personal information from customers in an attempt to gain 'street cred' in the hacking world. (Many alleged members of that group have since been arrested.)

It was, in fact, the high-profile attacks on Sony's PlayStation Network (which Anonymous is suspected of playing a part in – perhaps unwittingly) that kicked off this year's flood of high-profile cyber crimes.

"Hackers are very motivated by seeing people talking about the fact that they've successfully broken into a system," says Nigam. "Inside their community they might be sharing who did what — and in that community they're excited about what's going on."

To date, the attacks have largely been annoyances rather than catastrophic. The release of customer personal data is a public relations blow to any company — and an annoyance to those customers who have to install alerts on their credit reports — but rarely fatal. Similarly, denial of service attacks cost companies money in terms of resources required to fix the problem and downtime, but from a corporate standpoint, they're more brush fires than raging infernos.

The attacks do, however, underscore weaknesses in the security systems of big businesses that have been ignored for too long.

"If there's a message here to the private sector, it's hunker down and fix those vulnerabilities - and fix them before the hackers find them," Nigam said. "Your business's revenue is at risk."

  Price   Change %Change


Contact U.S. News


    Get the best of CNBC in your inbox

    › Learn More

Don't Miss

U.S. Video

  • NBC's Stephanie Gosk reports the domestic cattle herd is the smallest it has been since 1951. The biggest culprit is California and the Southwest's record water shortages.

  • CNBC's Jim Cramer explains why he is watching the oils, including Baker Hughes, Pioneer Natural Resources and EOG Resources.

  • In this clip from the March 10, 2009 edition of CNBC's Squawk on the Street, the late Mark Haines tells Erin Burnett, "I think we're at a bottom. I really do." As the credit crisis continued to swirl, the Dow had closed the day before at 6,547.05, a staggering 54 percent plunge from its all-time closing high above 14,000 in October of 2007. It was "going out on a limb" at the time, but has proved to be one of the best market calls ever heard on CNBC. March 9 turned out to be the bear market closing low. In the three years since Mark's call, the Dow has almost doubled.