America’s critical computer networks are so vulnerable to attack that it should deter U.S. leaders from going to war with other nations, a former top U.S. cybersecurity official said Monday.

Richard Clarke, a top adviser to three presidents, joined a number of U.S. military and civilian experts in offering a dire assessment of America’s cybersecurity at a conference, saying the country simply can’t protect its critical networks.

Clarke said if he was advising the president he would warn against attacking other countries because so many of them — includingChina, North Korea, Iran and Russia — could retaliate by launching devastating cyberattacks that could destroy power grids, banking networks or transportation systems.

The U.S. military, he said, is entirely dependent on computer systems and could end up in a future conflict in which troops trot out onto a battlefield “and nothing works.”

Clarke said a good national security adviser would tell the president that the U.S. might be able to blow up a nuclear plant somewhere, or a terrorist training center somewhere, but a number of countries could strike back with a cyberattack and “the entire us economic system could be crashed in retaliation … because we can’t defend it today.”

“I really don’t know to what extent the weapon systems that have been developed over the last 10 years have been penetrated, to what extent the chips are compromised, to what extent the code is compromised,” Clarke said. “I can’t assure you that as you go to war with a cybersecurity-conscious, cybersecurity-capable enemy that any of our stuff is going to work.”

Clarke, along with Gen. Keith Alexander, who heads both the National Security Agency and U.S. Cyber Command, told the conference crowd that the U.S. needs to do a better job at eliminating network vulnerabilities and more aggressively seek out malware or viruses in American corporate, military and government systems.

But Clarke was more strident about pushing for broader government regulations to enforce such improvements, despite political reluctance. The problems, he said, will not be fixed unless the government gets more involved.

He added that the U.S. also needs to make it clear to countries such as China that efforts to use computer-based attacks to steal high-tech American data will be punished.

In a forceful and detailed public report last week. U.S. intelligence officials accused China and Russia of systematically stealing sensitive U.S. economic information and technologies for their own national economic gain.

The report called on the U.S. to confront China and Russia in a broad diplomatic push to combat cyberattacks that are on the rise and which represent a “persistent threat to U.S. economic security.”

On Monday, Clarke said that until there are real consequences for the massive espionage, countries like China will still keep stealing.

A six-second clip on Chinese state television has provided a rare glimpse into purported cyber hacking attacks launched by the country’s military, despite long-standing official denials that the government engages in such activity.

In an episode titled “The Internet storm is here,” CCTV-7, China’s official military channel, had experts discussing the different methods of cyberattacks and U.S. cyber operations. (http://military.cntv.cn/program/jskj/20110717/100139.shtml)

About halfway through the 20-minute episode, a user is seen operating a cursor on a screen that displays two options, a “www denial-of-service attack” and “distributed denial-of-service attack.” A denial-of-service attack is a basic hacking attack that brings down a website by spamming it with data.

The screen then changes, showing a box with the words “select attack target” and “input target IP address.” A scrolling marquee at the top of the box reads “China’s People’s Liberation Army Electronic Engineering Academy.”

The user then selects Minghui.org, a website of the banned spiritual sect Falun Gong, from a dropdown menu containing a list of other Falun Gong sites and clicks the “attack” button.

It is unclear if the program on the screen shown is a mock-up, or when the clip was filmed. But China has consistently — sometimes angrily — denied having anything to do with hacking attacks.

EVIDENCE?

The existence of the piece, which appears to have been shown in July, was reported on Wednesday by China SignPost website (www.chinasignpost.com) which noted it was “visual evidence” to undermine China’s official denials of involvement in hacking.

As of midday on Thursday, the page with the clip on Chinese state television’s website was no longer accessible. However, the clip was reposted on other video sharing websites and is available here: http://www.youtube.com/watch?v=L_Wu1HlZbBk

The United States says that many hacking attacks appear to come from China, often targeting human rights groups as well as U.S. companies.

In its annual report to the U.S. Congress on China’s military on Wednesday, the Pentagon warned that hacking attacks from China could one day be used for overt military means, rather than just trying to access data.

“The accesses and skills required for those intrusions are similar to those necessary to conduct computer network attacks,” the report said. “Developing capabilities for cyberwarfare is consistent with authoritative PLA military writings.”

Google, the world’s largest search engine, partially pulled out of China last year after concerns of censorship and a serious hacking episode.

Google, who said the attacks originated from China, was one of the dozens of high profile companies targeted in an ultra-sophisticated cyberattack named “Operation Aurora” that took place in the second half of 2009. Yahoo, Adobe and Dow Chemical were also reportedly among the targets.

In June this year, Google said its Gmail product had suffered a cyberattack originating from China that was aimed at stealing passwords and information from high level U.S. government officials and Chinese activists.

China also says it is a victim of hacking.

The cyberattacks add to the long list of tensions between the United States and China that span trade issues, human rights, the value of the yuan and Taiwan.

Hackers infected computers, derailed websites, and plundered networks in a memorably miserable quarter, according to a report released Wednesday by Internet security firm PandaLabs.

Hacking groups Lulz Security and Anonymous caused “widespread mayhem” during the three months ending June 30, and malicious software ”spread substantially,” according to the research unit of Spain-based Panda Security.

“This quarter has been one of the worst on record,” PandaLabs said in a quarterly security report.

“The number of attacks suffered by businesses and large organizations has set alarm bells ringing as systems and companies that until now were considered ‘hack-proof’ have fallen victim to cyber-crime,” the report continued.

Hacking victims have ranged from the International Monetary Fund and the US Defense Department to Sony, SEGA and Citigroup.

While computer networks were cracked for motivations apparently political, financial, or mischievous there was a significant spread of viruses to computers in homes around the world, according to PandaLabs.

Hackers can seize control of infected computers and use them to attack networks or websites.

Researchers determined that an average of 42 new strains of malicious software, referred to as “malware,” were created each minute during the recently-ended quarter.

A list of countries with the greatest infection rates was topped by China, where PandaLabs estimated that 61.33 percent of all computers were tainted with malware.

Thailand placed second with 56.67 percent and Taiwan third with 52.92 percent, according to PandaLabs.

The United States and much of Europe was ranked near the global average of 39.79 percent.

Sweden was said to have the lowest incidence of malware infections at 27.29 percent, followed by Switzerland and Norway which both had fractions more than 29 percent.

The findings were based on data from a Panda ActiveScan online tool that people can use on-demand to check computers for viruses.

The quarter also revealed blurred lines between online activism, or “hacktivism,” and criminal cyberattacks.

“It seems that the only way the Anonymous group has to protest is by committing illegal acts,” the report stated.

Hacker collective Lulz Security, or LulzSec, rampaged the Internet with a stated mission of simply having fun at the expense of others.

“If you took the most irresponsible and brainless members of Anonymous and put them all together, they would be considered the most refined gentlemen compared to LulzSec,” the report concluded.

LulzSec said on June 26 that it has ended an Internet rampage that included cyberattacks on videogame companies, police and even the CIA’s website.

“For the past 50 days, we’ve been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could,” the group said in an online farewell.

“It is time to say bon voyage,” the message concluded. “We must now sail into the distance.”

While it remained to be seen whether members of the group would truly stop bedeviling the Internet, it was unlikely police would abandon efforts to track them down.

In the days before its farewell message, the group released hundreds of documents from the Arizona Department of Public Safety.

The documents included information on drug cartels, street gangs, informants, border patrol operations and the names and addresses of members of the Arizona Highway Patrol.

Responding to a recent report from the North Atlantic Treaty Organization condemning Anonymous, the online “hacktivist” group has issued a public response warning the global organization not to challenge it.

Claiming that the NATO report singled it out as a threat to “government and the people,” Anonymous defended some of its recent actions in the name of freedom and dissent. In its message (Google cached version), it also asserted that NATO fears the group not because it’s a “threat to society,” but because it’s a “threat to the established hierarchy.”

Issued last month by Lord Joplin, general rapporteur of NATO, the report warned member nations about the rising threat of “hacktivism,” or carrying out cyberattacks for political purposes. Singling out Anonymous, NATO described several of the group’s most recent actions, including the distributed denial-of-service attacks against MasterCard, Visa, PayPal, Amazon, and others that had cut off services for WikiLeaks.

Noting that Anonymous has become more sophisticated, the NATO report cautioned that it could hack into sensitive government, military, and corporate information and described a strong response against the group.

“Today, the ad hoc international group of hackers and activists is said to have thousands of operatives and has no set rules or membership,” said the report. “It remains to be seen how much time Anonymous has for pursuing such paths. The longer these attacks persist the more likely countermeasures will be developed, implemented, the groups will be infiltrated and perpetrators persecuted.”

In its response, Anonymous tried to soften its stance in parts by saying that it doesn’t want to threaten anyone’s way of life or terrorize any nation. But it made clear its reaction to NATO’s report.

“Finally, do not make the mistake of challenging Anonymous,” warned Anonymous in its message. “Do not make the mistake of believing you can behead a headless snake. If you slice off one head of Hydra, ten more heads will grow in its place. If you cut down one Anon, ten more will join us purely out of anger at your trampling of dissent.”

NATO’s report also provided a larger look into the growing danger of cyberattacks and how governments should respond to them. In the report, Joplin asked the question of how NATO should react if one of its member nations was the victim of a cyberattack.

“Can one invoke Article 5 of the Washington Treaty after a cyber attack?” asked the report. “And what response mechanisms should the Alliance employ against the attacker? Should the retaliation be limited to cyber means only, or should conventional military strikes also be considered?

Both the U.S. and the U.K. have recently made their own positions clear–that they consider cyberwarfare another form of warfare, and one potentially subject to a response using conventional military weapons.

Sony’s Playstation Network, its online service for Playstation 3 and its Playstation Portable consoles, suffered from a major outage today; which is on going as of this writting. According to Son’ys blog, the interruption in service may last into the long weekend – for at least another “full day or two”. Sony released a statement through its EU blog, saying that the network outage may be a result of “targeted behaviour by an outside party”, brining in the possibility of cyberattacks. Adding to the confusion is the fact that the message has since been removed.

While it could be the case that other Anons have acted by themselves AnonOps wa not related to this incident and takes no responsiblity for it. A more likely explination is that Sony is taking advantage of Anonymous’ previous ill-will towards the company to distract users from the fact the outage is accutally an internal problem with the companies servers.

TL:DR

Sony is incompetent.