Country-to-country cyberattacks deemed OK by users

Huge number of computer users say acceptable for countries to plant malware and hack systems of foreign private companies, finds new Sophos survey.

An alarming 63 percent of computer users deem country-to-country cyber-espionage to be an acceptable act, according to a new report by security vendor Sophos.

Released Wednesday, the survey revealed that one in 14 respondents believed that crippling denial of service attacks against another country's communications or financial Web sites were acceptable during peacetime.

Another 32 percent said countries should be allowed to plant malware and hack the networks of private foreign companies in order to spy for economic advantage. Of this group, 23 percent said such actions were necessary only during wartime, the survey revealed.

The midyear online survey polled 1,077 computer users from across the globe on their attitudes toward cyber warfare and other IT security trends. When contacted, a Sophos spokesperson declined to say which countries were included in the poll.

The high figures came as a surprise to Graham Cluley, senior technology consultant at Sophos, who noted that by consenting to such actions, one's company may be subjected to similar spying or hacking activities.

"After all, by giving the green light to these kind of activities, you'd also have to expect to be on the receiving end too," he said. "Maybe yours will be the next company probed by an overseas power?"

Cluley said hacking and virus-writing began as a hobbyist activity, often designed to prove the intelligence of the programmer, rather than to cause serious long-term harm. But, these have changed toward achieving financial and political objectives.

"It evolved into organized criminal activity with the lure of large amounts of money and now, in 2010, it could be argued that the third motivation is using malware and the Internet to gain commercial, political and military advantage over others," he explained.

The most recent high-profile attack, dubbed "Operation Aurora", was made public by Google in January this year when the search giant said attacks targeting its systems and other U.S. companies had originated from China. Google had threatened to exit the Chinese market but both sides have since reached a resolution, with China renewing Google's license as an Internet content provider in late July.

U.S. tops list as malware-hosting country
The Sophos report listed the United States as the top location, at 42.9 percent, of malware-hosting sites, followed by China and Russia.

"Although Web site owners in the U.S. clearly have a lot of cleaning up to do, France, Italy and the Netherlands have all joined this Top Ten [list] since the start of the year, so it's far from an isolated problem," noted Cluley.

"The biggest issue is that a lot of these Web sites are legitimate ones that have been targeted by hackers [so] businesses could end up infecting their customers, leaving them open to fraud," he said.

Aggressive search engine optimization (SEO) techniques are also often used to push infected Web sites to the top of search results, increasing the rate of traffic to malware-hosting pages, thus, infecting more Web users.


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All