Like HowStuffWorks on Facebook!

How CISPA Works


What sorts of threats is CISPA meant to protect against?

The vital infrastructure CISPA aims to protect includes services such as power, water and sewage, transportation, communications, financial networks and government agencies. Pretty much every company and every utility, as well as the government itself, is at least partially online these days, and anything hooked up to the Internet, from a lone computer to a huge network, is vulnerable to a debilitating attack.

The bill doesn't go into detail on types of attacks, but there are a few common ones: distributed denial of service (DDOS) attacks, where a large number of requests are sent to a company's servers, causing disruption of service to legitimate users; man-in-the-middle attacks, where communications from one server to another are intercepted and run through an attacker's server to spy or make harmful changes; and advanced persistent threats (APT), which are long-term targeted attacks on certain companies or other entities. Attackers may aim to install viruses, worms, spyware, trojans and other malware (malicious software) on target computers to wreak havoc or gain unauthorized access.

There are overt intrusion attempts from hackers, a la the movie "War Games," where the protagonist dialed right into company and government computer systems. Users and system administrators have ways to protect against direct attacks, such as software or hardware firewalls], anti-virus and anti-spyware software and improved login methods that include things like complicated passwords or multi-factor authentication.

Unfortunately, many systems are breached by attackers who use social engineering methods that trick unwitting individuals into providing login information or installing malware onto their own machines. Phishing is a common social engineering method where e-mails are sent out with file attachments containing malware, links to Web sites that look legitimate but aren't or requests for personal information. There's a more targeted version of this scam called spearphishing, where the attackers know something about their intended victims and can use that to make the e-mail sound legitimate.

Even the software that a user seeks themselves might include malware, as happened in a recent case where employees at Apple, Facebook and Microsoft (and presumably other companies) fell prey when they downloaded infected software from popular developer sites that had been hacked.

Malicious software can infect a computer or possibly an entire network of computers and allow spying, disruption or other nefarious shenanigans. A computer might be hijacked by installing something called a bot -- software that runs certain tasks automatically and can allow an outside user to control the computer unbeknownst to the owner. These are sometimes called zombie computers. There are networks of these hijacked machines called botnets that can be used to launch attacks against others.

There have been other notable attacks in the news of late. According to an investigation by a cybersecurity company called Mandiant, hackers in China broke into the New York Times network, apparently to spy on the e-mail of certain reporters writing about a high ranking Chinese official. A similar attempt was made against Bloomberg News. Attacks against other companies have also been traced to China, according to Mandiant [source: Bodeen].

Saudi Aramco, the world's largest oil producer, was attacked with a virus that replaced data on around 30,000 computers in the company with a picture of a burning U.S. flag, rendering the machines useless. These attacks were traced to a computer that was apparently not connected to the Internet, leading to speculation that it was an inside job.

Cyberattacks can be perpetrated by individuals seeking to show off their skills, criminals looking to steal intellectual property or financial information, terrorist groups aiming to wreak havoc and even governments for purposes of espionage or military activities. There are also sometimes breaches by activists or people who wish to point out potential security issues.The costs of the more ill-intentioned cyberattacks can be enormous and can include loss of trade secrets and other data, financial theft and the cost of clean-up and repair of infected systems, among other things. And the risks also include disruption of services that we all depend upon.