Published April 10, 2013
The House Intelligence Committee is warning that “time is running out” before the next major cyberattack: The Russians, Iranians, Chinese and others are likely already on your computer.
“You have criminal organizations trying to get into your personal computer and steal your personal stuff. And by the way, the Chinese are probably on your computer, the Russians are probably on your personal computer, the Iranians are already there,” House Intelligence Committee chairman Mike Rogers (R.-MI). told Fox News.
“They’re trying to steal things that they think are valuable or use your computer to help them steal from someone else,” he said. “That’s a real problem.”
Experts say Rogers may be stretching the truth: most people’s computers likely aren’t infected by agents of foreign governments.
“The Iranians, the Chinese, and the Russians are probably already on my computer? Sheesh ... I guess it must be getting pretty crowded in there,” joked Graham Cluley, a consultant with U.K. Web security company Sophos. But the threat Rogers describes is certainly real, he pointed out.
“Cybercrime is big business,” Cluley told FoxNews.com. “And online crooks are attempting to break into computers to steal information, or hijack PCs for the purposes of sending spam or launching denial of service attacks.”
Anup Ghosh, founder and CEO of security firm Invincea, said foreign countries are definitely targeting America.
"Foreign countries are actively compromising machines on U.S. government networks and major U.S. companies in the technology, manufacturing, healthcare, energy, financial services, and defense sectors," he told FoxNews.com. "They are seeking proprietary information, designs, plans, code and other intellectual property, mergers and acquisition documents, foreign policy plans for competitive edge."
Rogers believes the Cyber Intelligence and Sharing Protection Act (CISPA) can help counter that threat. The bill was introduced last year and passed the House, though it failed to make it through the Senate following a groundswell of concern from privacy activists.
CISPA aimed to improve protections from hackers seeking credit card info, medical records, and more by encouraging sharing of information between government and companies. And lawmakers are bringing it back for a second go-around.
The House Intelligence Committee meets Wednesday afternoon to mark up the bill before it heads to the floor for a vote, which could come as early as next week.
Privacy experts say there are still numerous problems with the bill. Greg Nojeim of The Center for Democracy and Technology recently called it “fundamentally flawed,” noting that the bill threatens civil liberties.
“The bill is intended to give companies in the private sector clear authority to share more cyber threat information,” he wrote online. “However, CISPA goes overboard in the authorities it grants, it lacks critically necessary civil liberties protections, and it inadvertently authorizes and immunizes conduct that itself constitutes a cybersecurity crime.”
“In short, we think CISPA needs major surgery,” Nojeim wrote.
Regardless of whether CISPA passes or is tripped up again by privacy advocates and activists, security should remain a top concern of every computer user. And that doesn’t mean guarding just against Russian or Chinese attackers.
“Many attacks originate much closer to home, and cannot be pinned on hackers in foreign countries. There are plenty of people across America who have the means and the will to break into their countrymen's computers in their desire to make a quick buck, or to cause corporate embarrassment, or in the hope that they might stumble across something juicy,” he said.
“The truth is, everyone's doing it. Not just the evil empire,” Cluley said.