Governments prepare for 'cyber cold war'

Governments prepare for 'cyber cold war'

Summary: Security experts have warned that governments are regularly monitoring and attacking the critical national infrastructures of other nations

SHARE:
TOPICS: Security
1

...was not named. "Attackers are using Trojan horse software targeted at specific government offices. Because they are custom-written, these Trojans are not amenable to signature detection and they can slip past antiviral technologies, so this is a big problem. Hackers have dedicated quality-assurance capabilities that they run on all of their malware to make sure that their malware doesn't get detected."

Circuitous routes are sometimes used by hackers to acquire information. According to a source close to the situation, the chief information security officer of the US Department of Commerce learned this summer that his home computer was being used to send data to computers in China. He found his family had been the victim of a spear-phishing attack, in which his child had been encouraged by an email to unwittingly download malware onto the family's home computer. Once it was compromised, the attackers used the security officer's personal computer as a tunnel into the Department of Commerce's systems.

Spear-phishing attacks — where one specific individual is targeted with a malicious URL — are very hard for governments and companies to counter, according to the Sans Institute. Senior civil servants and business executives simply do not appreciate IT departments sending them spear-phishing emails for education purposes.

"One inoculation is to provide benign versions of spear-phishing attacks, but this is hard because senior executives don't like to be fooled by IT people," said Paller. Another possible solution is to establish monitoring and forensics systems that constantly search network traffic and systems for evidence of deep penetration and persistent presence.

Systems can also be targeted through web applications, which is an area of major concern for the Sans Institute. This year, hundreds of senior federal officials and business executives visited a political thinktank website that had been compromised, allowing their computers to become infected via a cross-site scripting attack. Keystroke loggers, placed on their computers by the unknown assailants, captured their usernames and passwords when they signed into their personal bank accounts, their stock trading accounts and their employers' computers, and sent the data to computers in different countries. Bank balances were depleted, stock accounts lost money, servers inside the organisations were compromised and sensitive data was copied and sent to outsiders. Back doors were placed on some of those computers and are still there, according to the Sans Institute.

Read this

Feature

Q&A: Explaining the Estonian cyberattacks

Arbor Networks' Jose Nazario takes stock of the denial-of-service attack against the Baltic nation and discusses the wider implications

Read more

A short-term workaround for the problem of having insecure web applications is to diligently patch security software, said Paller, who indicated that IT professionals must ensure that patches are applied on users' machines. "It's absolute 100 percent patching, rather than a patch-and-hope plan. Hope is not a strategy," said Paller. "If you let users turn off security updates because they're inconvenient, their machines become a back door for everything."

Web-application firewalls can also help, while testing and patching custom-built applications is essential. "One quarter of custom-built apps have critical or bad vulnerabilities in them," said Paller. A longer-term solution would be for all organisations to insist on secure coding practices, he added.

As technology becomes more ubiquitous, permeating every level of global society, it seems cyber-espionage and cyberwarfare are set to increase dramatically. Nation states have traditionally gathered information on friends and foes from every source possible — regardless of political or trade alliances — as well as monitoring their own populations. It seems technology is providing another means to do this. Attacks on government systems and network probing can only increase.

But is it accurate to call this escalation a "cyber cold war"? Not necessarily. The Cold War was, at base, a battle of ideologies, which is seemingly at odds with the practical, hard-nosed, free-market economics currently practised by businesses in all of the world's major powers, including China.

However, those powers all still have their own agendas, as well as access to nuclear weapons, so a Dr Strangelove situation cannot be ruled out.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Mobile Terrorism The New Front of Cyber-Terrorism

    As the Founder of MyMobiSafe.com, I must agree that cyber-terrorism is becoming the new wave of security concern. As a unique angle on this topic, mobile terrorism creates diverse terrain where governments face incredible vulnerability.

    With the 2008 being marked as the year of open source platforms in the wireless industry, mobile terrorism has become a reality of homeland security. In addition to extensive development in open source, the evolving quest towards Universal Mobile Torrents (UMTs) presents a catalyst of mobile malware distribution.

    Mobile terrorism in the context of mass cyber-crime could ultimately cripple cellular communications across entire countries. By targeting the handset level, the greatest level of mobile vulnerability is uncovered. As the technological depth of cyber-terrorists continues to evolve, mobile security will also play a critical role in antiterrorism. As increasing numbers of customers have discarded their landline in favor of cellular phones, handset level vulnerabilities could cripple extensive communications infrastructure at a global level under the right conditions.

    As a security expert, I think that this day may come but I think that UMTs will play an important role in malware distribution in the event of a national/global attack. There is no debating that the future of terrorism has taken on a digital front, the question becomes which side will stay ahead of the technology. Perhaps governments should start recruiting mobile security experts sooner than later.

    Your friendly mobile security guru,
    Eric Everson

    Eric Everson, Founder
    MyMobiSafe.com
    iamtechlaw