Governments prepare for 'cyber cold war'
Published: 03 Dec 2007 11:58 GMT
...was not named. "Attackers are using Trojan horse software targeted at specific government offices. Because they are custom-written, these Trojans are not amenable to signature detection and they can slip past antiviral technologies, so this is a big problem. Hackers have dedicated quality-assurance capabilities that they run on all of their malware to make sure that their malware doesn't get detected."
Circuitous routes are sometimes used by hackers to acquire information. According to a source close to the situation, the chief information security officer of the US Department of Commerce learned this summer that his home computer was being used to send data to computers in China. He found his family had been the victim of a spear-phishing attack, in which his child had been encouraged by an email to unwittingly download malware onto the family's home computer. Once it was compromised, the attackers used the security officer's personal computer as a tunnel into the Department of Commerce's systems.
Spear-phishing attacks — where one specific individual is targeted with a malicious URL — are very hard for governments and companies to counter, according to the Sans Institute. Senior civil servants and business executives simply do not appreciate IT departments sending them spear-phishing emails for education purposes.
"One inoculation is to provide benign versions of spear-phishing attacks, but this is hard because senior executives don't like to be fooled by IT people," said Paller. Another possible solution is to establish monitoring and forensics systems that constantly search network traffic and systems for evidence of deep penetration and persistent presence.
Read this
Q&A: Explaining the Estonian cyberattacks
Arbor Networks' Jose Nazario takes stock of the denial-of-service attack against the Baltic nation and discusses the wider implications
Systems can also be targeted through web applications, which is an area of major concern for the Sans Institute. This year, hundreds of senior federal officials and business executives visited a political thinktank website that had been compromised, allowing their computers to become infected via a cross-site scripting attack. Keystroke loggers, placed on their computers by the unknown assailants, captured their usernames and passwords when they signed into their personal bank accounts, their stock trading accounts and their employers' computers, and sent the data to computers in different countries. Bank balances were depleted, stock accounts lost money, servers inside the organisations were compromised and sensitive data was copied and sent to outsiders. Back doors were placed on some of those computers and are still there, according to the Sans Institute.
A short-term workaround for the problem of having insecure web applications is to diligently patch security software, said Paller, who indicated that IT professionals must ensure that patches are applied on users' machines. "It's absolute 100 percent patching, rather than a patch-and-hope plan. Hope is not a strategy," said Paller. "If you let users turn off security updates because they're inconvenient, their machines become a back door for everything."
Web-application firewalls can also help, while testing and patching custom-built applications is essential. "One quarter of custom-built apps have critical or bad vulnerabilities in them," said Paller. A longer-term solution would be for all organisations to insist on secure coding practices, he added.
As technology becomes more ubiquitous, permeating every level of global society, it seems cyber-espionage and cyberwarfare are set to increase dramatically. Nation states have traditionally gathered information on friends and foes from every source possible — regardless of political or trade alliances — as well as monitoring their own populations. It seems technology is providing another means to do this. Attacks on government systems and network probing can only increase.
But is it accurate to call this escalation a "cyber cold war"? Not necessarily. The Cold War was, at base, a battle of ideologies, which is seemingly at odds with the practical, hard-nosed, free-market economics currently practised by businesses in all of the world's major powers, including China.
However, those powers all still have their own agendas, as well as access to nuclear weapons, so a Dr Strangelove situation cannot be ruled out.
Previous
- Governments prepare for 'cyber cold war'
- MI5 warns of Chinese digital espionage
- Burglars plunder Verizon's London data centre
- Cyberterrorism: Myth or reality?
- Explaining the Estonian cyberattacks
- The worst IT security incidents of 2007
- Cracking open the cybercrime economy
- Countering corporate espionage
- Anatomy of a hack attack
- Storm worm anniversary brings fresh variants
- CIA: Cyberattack caused multi-city blackout
- Schneier: Cyber-extortion on the rise
Did you find this article useful?
33 out of 37 people found this useful
- Share this article:
Full Talkback thread
1 comment
