Advertisement
Promo

Security threats Toolkit

Global Tech Threats

Schneier: Cyber-extortion on the rise

Tom Espiner ZDNet.co.uk

Published: 23 Jan 2008 17:28 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Security expert Bruce Schneier has warned that cyber-extortion is on the rise, but gave the caveat that it mainly affects "fringe" industries, such as online gambling, rather than critical national infrastructure organisations.

Schneier wrote in a blog post on Tuesday that the security company he founded, Counterpane, has seen proof of attack capability followed by extortion demands — but said the attacks he had seen had not been against power companies. He wrote the blog post in response to a CIA statement, reported by security training body the Sans Institute, that a cyberattack had caused a power blackout in multiple cities in a country outside the US. The CIA also said it had evidence of blackmail demands following demonstrations of successful "intrusions through the internet".

"Cyber-extortion is certainly on the rise; we see it at Counterpane," Schneier wrote. "Primarily it's against fringe industries — online gambling, online gaming, online porn — operating offshore in countries like Bermuda and the Cayman Islands. [Cyber-extortion] is going mainstream, but this is the first I've heard of it targeting power companies."

Schneier counselled calm, saying that it was not known whether supervisory control and data acquisition (Scada) arrays, which many critical national infrastructure organisations use to control and measure systems, had been compromised.

"This CIA titbit tells us nothing about how the attacks happened," Schneier wrote. "Were they against Scada systems? Were they against general-purpose [computers] — maybe Windows machines? Insiders may have been involved, so was this a computer security vulnerability at all? We have no idea. I'd like a little bit more information before I start panicking."

Alan Paller, director of research for the Sans Institute, told ZDNet.co.uk on Tuesday that Tom Donahue — the CIA analyst who reported the attack to a Sans Institute conference a week ago — had not divulged the countries involved, nor the method of attack, nor when the attacks had occurred. However, Paller confirmed that US power companies had not been involved.

"All we know from Tom [Donahue] is that it was not US companies [that were attacked]," Paller wrote in an email exchange with ZDNet.co.uk. "The CIA is involved because Tom [Donahue] is the person responsible for the US cyberthreat analysis, and he and his management chain must have felt the risk to US companies was elevated because it had happened for real in other countries, and because the quality of security in many US utilities needs immediate and substantial improvement."

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON
Global Tech Threats

Did you find this article useful?
5 out of 5 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More in this Special Report

Governments prepare for 'cyber cold war'

Governments prepare for 'cyber cold war'

There has been a sea change over the past year in the amount of government-sanctioned cyber-espionage, according to some security experts. more

MI5 warns of Chinese digital espionage

MI5 warns of Chinese digital espionage

MI5 has issued a warning to UK businesses that spies in China are conducting a campaign of cyber-espionage against them. more

Burglars plunder Verizon's London data centre

Burglars plunder Verizon's London data centre

Criminals posing as policemen conned their way into a data centre near London's King's Cross station, tying up staff and stealing computing equipment, the Metropolitan Police said on Friday. more

Cyberterrorism: Myth or reality?

Cyberterrorism: Myth or reality?

Following recent accusations of government-sanctioned digitial espionage and alleged hacking attacks from China and Russia, there seems to be evidence that countries are capable of using electronic means to disrupt the computer systems of rival nations. more

Explaining the Estonian cyberattacks

Explaining the Estonian cyberattacks

When it comes to denial-of-service attacks, Jose Nazario has seen just about everything. more

The worst IT security incidents of 2007

The worst IT security incidents of 2007

Despite the message being driven home by governments, consumer groups and industry bodies that IT security is paramount, this year has thrown up a worrying number of serious breaches. more

Cracking open the cybercrime economy

Cracking open the cybercrime economy

Hacking for fun has evolved into hacking for profit, and created a business model that is nearly as sophisticated as that of legal software more

Countering corporate espionage

Countering corporate espionage

Theft of commercially valuable information costs the world's largest companies over £22bn a year, and small firms are just as vulnerable. How can you mitigate the risks to your company? more

Anatomy of a hack attack

Anatomy of a hack attack

With the help of security experts we reconstruct a typical hack attack on two large organisations and walk through the steps that the head of IT should follow in such a case more

Storm worm anniversary brings fresh variants

Storm worm anniversary brings fresh variants

The first anniversary of the Storm worm has brought a fresh wave of variants, security companies have warned more

CIA: Cyberattack caused multi-city blackout

CIA: Cyberattack caused multi-city blackout

The CIA has warned of successful attacks against various countries' critical national infrastructures more

Schneier: Cyber-extortion on the rise

Schneier: Cyber-extortion on the rise

The security expert has warned of an increase in cyber-extortion, but added there is no need for panic about attacks on critical national infrastructures more

More In Security threats


Related Jobs

Network Services Architect

Senior Civil Engineer

Senior Account Manager - Insurance Software Solutions

Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Climate research centre compromised

One of the UK's leading climate change research centres has had a security breach. The Climate Research Unit at the University of East Anglia (UEA) suffered a compromise of information,... More

1 comment

Government web-monitoring plans on hol...

Government plans to compel ISPs to process and store details of all web communications have been put on hold until after the next election. The Home Office told ZDNet UK on Wednesday... More

1 comment

Watchdog reveals illegal sale of phone...

The Information Commissioner's Office is preparing a prosecution file against a mobile operator's employees who allegedly sold on thousands of customers' details to a competitor. The... More

1 comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters