Cyber Breaches: Worse Than You Think

It may seem as if a new breach of some computer system or network is reported every couple of months; but actually, one security expert says it's worse than that.

According to James Lewis, director of the technology and public policy program at the Center for Strategic and International Studies, reports of about 17 significant security incidents were released in the last two years - which averages to one report every 6 weeks.

The list isn't perfect. One report that made the list was released in November 2008, but focuses on a cyber intrusion that occurred in 2005, for example. Still, Lewis argues that a collective list of all breaches that occurred would be far longer -- particularly if you included the countless smaller targets than government. What this instead represents is the collective failures of governments around the world to properly respond to a growing threat.

"If Chinese or Russian spies backed a truck up to the State Department, smashed the glass doors, tied up the guards and spent the night carting off file cabinets it would be an act of war," Lewis said, "but when it happens in cyberspace, we barely notice."

So what defines 'significant' according to Lewis? Check out his list below and judge for yourself. Lewis submitted a condensed version of the list with testimony to Congress on Tuesday.

2007: The British Security Service, the French Prime Minister's Office and the Office of German Chancellor Angela Merkel all complained to China about intrusion on their government networks.

April 2007: The Department of Commerce had to take the Bureau of Industrial Security's networks off line for several months. This Commerce Bureau reviews high tech exports and its networks were hacked by unknown foreign intruders.

April 2007/August 2008: Estonia and Georgia had their cyber networks attacked by unknown foreign intruders, most likely at the behest of the Russian government.

June 2007: The Secretary of Defense's unclassified email was hacked by unknown foreign intruders.

July 2007: Reports surface about the State Department recovering from a large-scale network attack affecting operations worldwide, where the hackers appeared to target the department headquarters and offices dealing with China and North Korea.

September 2007: Contractors at DHS and DOD had their networks hacked, as a back door into agency systems

January 2008: A CIA official said the agency knew of four incidents overseas where hackers were able to disrupt, or threaten to disrupt, the power supply for four foreign cities.

June 2008: The networks of several Congressional offices were hacked by unknown foreign intruders. Some incidents involved offices with an interest in human rights or Tibet.

Summer 2008: The databases of both the Republican and Democratic presidential campaigns were hacked and downloaded by unknown foreign intruders.

November 2008: BusinessWeek reported that in April 2005, hackers gained access to a computer network in NASA's Kennedy Space Center, and launched a malignant software program that gathered data about Space Shuttle Discovery and sent it to a computer system in Taiwan. Much of the data came from a computer server connected to a network that tracks malfunctions that could threaten the International Space Station.

November/December 2008: Classified networks at the Defense Department and U.S. Central Command were hacked by unknown foreign intruders. Even worse, it took several days to dislodge the intruders and secure the networks.

February 2009: FAA computer systems were hacked, increasing the risk of an intentional disruption of commercial air traffic.

March 2009: Canadian researchers found a computer espionage system that they attributed to China implanted on the government networks of 103 countries.

March 2009: Reports in the press suggest that the plans for Marine Corps 1, the new presidential helicopter, were found on a file-sharing network in Iran.

April 2009:Reports circulate about malicious software discovered on computers that control the U.S. power grid.

April 2009: Reports reveal that hackers downloaded data about the Joint Strike Fighter, a multibillion-dollar high-tech fighter jet known as the F-35, by exploiting vulnerabilities in the computer networks that contractors use to design and build the aircraft's weapon systems.

May 2009: A hacker who once hacked into the Pentagon's computer system was extradited from Calgary to face charges in New York for stealing more than $1.8 million from a Calgary company that sells prepaid debit and credit cards.