Governments prepare for 'cyber cold war'

Summary:Security experts have warned that governments are regularly monitoring and attacking the critical national infrastructures of other nations

There has been a sea change over the past year in the amount of government-sanctioned cyber-espionage, according to some security experts. They warn that a "cyber cold war" is developing, in which governments are using technology not only for the immediate benefit of gaining intelligence from stolen data but also to probe critical national infrastructures for possible weak points that could be exploited in the event of conflict.

Countries are currently testing the water to gauge the threat and potential for damage posed by their cyber-assaults, according to the 2007 Virtual Criminology Report produced by security firm McAfee.

The use of networks of compromised computers, or botnets, for data theft and intelligence gathering has increased this year, according to Peter Sommer, an expert in information systems and innovation at the London School of Economics. "There are signs that intelligence agencies around the world are constantly probing other governments' networks, looking for strengths and weaknesses, and developing new ways to gather intelligence," said Sommer. "Government agencies are doubtless conducting research on how botnets can be turned into offensive weapons but, before launching a weapon, you need to be sure what the outcome will be — you don't want attacks to spill over to your own allies by mistake."

However, attacks are not limited to any particular countries, or by alliances between countries, according to cyberwarfare watchers. In the McAfee report, Johannes Ullrich, chief technology officer for research organisation the Sans Internet Storm Center, said that most countries hack each other regardless of any supposed allegiances.

Alan Paller, director of research at security training organisation the Sans Institute, concurred. "All nations are doing it to each other. I don't know of any country not doing it," he said. "If it's not for normal espionage, it's for economic espionage. It's a very broad set of countries [involved]."

Paller said attacks against the US military this year — reportedly made by China, although the Chinese have denied responsibility — resulted in the loss of large amounts of data. The data had, in part, been stolen from the NIPRNet, a US military network which is open to the internet and used for the transmission of non-classified documents.

Quoting Major General William Lord, a director of information, services and integration for the US Air Force, Paller said: "China is stealing identities and stealing sensitive terabytes of information from the NIPRNet."

While the NIPRNet itself does not carry sensitive information, Paller argued that the ultimate aim of such attacks is to "own" the opponent's computer. Probing systems for weaknesses also gives intelligence gains, he said.

As in the Cold War, it is the countries with access to the most resources that are seen to be flexing their muscles. Paller said that, while he had no data on any US attacks on rivals, both China and Russia had launched attacks this year.

"The US Department of Commerce admitted that its computers had been penetrated and had information stolen by China this summer," said Paller, who added that it was difficult to say whether it had been the government or "hybrid groups" of government and other organisations within China that had been responsible for the attack.

Mikhel Tammet, director of the Estonian communication and information technology department, said he believes forces within the Russian government may have initiated and sponsored attacks against his country's critical national infrastructure earlier this year. "It was a political campaign induced by the Russians; a political campaign designed to destroy our security and destroy our society," said Tammet. "The attacks had hierarchy and co-ordination."

While the attacks on Estonia sought to knock out parts of the country's critical national infrastructure by brute force, with both government sites and internet-banking systems targeted, most attacks against other nations are conducted by stealth.

Social-engineering attacks, in which intelligence-gathering organisations target either an individual or group of individuals, can be highly successful.

Nato analysts, quoted in the McAfee report, said that some governments are leaving themselves open to attack. "Many government offices don't even know yet that they are leaking information," said one analyst, who...

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.