And all these threats — "trap doors," "logic bombs," theft — are only what we know about. "It's also the things we don't know," says Rhode Island Representative James Langevin, co-chairman of the House Cyber Security Caucus. "What is the threat out there tomorrow that we haven't anticipated, can't anticipate?"
Signs and barricades
The transnational reach of the hackerati makes policing this inchoate threat a near impossibility.
Andrew Fried, a former senior special agent in cyber-crime for the Treasury Department and now CEO of Deteque, a computer-security consultancy, says even the best-crafted American laws can do little to dissuade an intruder sitting behind a laptop in Russia or North Korea.
"It's kind of like the difference between a sign and a barricade," he says. "These laws are signs telling you not to do something, but it doesn't stop you from doing it."
Cracking down on cyber attacks is further complicated by the problem of attribution. Hackers routinely channel their assaults through a worldwide chain of anonymizing computers, making it impossible in many cases to determine the origin of the offensive.
And even if investigators can trace an attack with some degree of certainty, divining motives and affixing blame can be a tricky endeavor. Take, for instance, the "denial of service" strike on Estonia.
Tensions between Russia and the former Soviet satellite flared in the spring of 2007 over a giant bronze statue of a Red Army soldier in the Estonian capital of Tallinn. And after ethnic Russians clashed with nationalists on what became known as Bronze Night, authorities moved the statue to a more protected spot.
That, of course, only set off waves of outrage in the Russian media and political circles. And before long, hackers were knitting together tens of thousands of "zombie" computers — their owners unaware — in a massive "botnet" attack on Estonia's digital infrastructure, cutting off access to online banking, media, and government services.
The Estonians, after some cyber sleuthing, claimed the code behind the attack had been written on Cyrillic-language keyboards traced back to Russia. But who, precisely, in Russia was to blame?
Some Russian officials suggested that "patriotic hackers" independent of the government may have been responsible. Observers speculated that organized crime — with its phalanx of high-level hackers — might have played a role. Either, of course, could have operated with the tacit support of the government. But the Kremlin denied involvement and stonewalled on the investigation.
Three years later, the origins of what may be the highest profile cyber attack in history remain a mystery.
'One of the most serious . . . challenges we face'
Washington is hardly blind to the danger.
"This cyber threat is one of the most serious economic and national security challenges we face as a nation," said President Obama in a major address on the topic in May 2009.
The Obama administration was the first to elevate its cyber-security czar to the level of White House director. And last year, Defense Secretary Robert Gates ordered creation of the United States Cyber Command, which launched in May under four-star General Keith Alexander.