Inter-country cyber espionage OK: users

An alarming 63 per cent of computer users deem country-to-country cyber-espionage to be an acceptable act, according to a new report by security vendor Sophos.
Written by Tyler Thia, Contributor on

An alarming 63 per cent of computer users deem country-to-country cyber-espionage to be an acceptable act, according to a new report by security vendor Sophos.

Released on Wednesday, the survey revealed that one in 14 respondents believed that crippling denial-of=service attacks against another country's communications or financial websites were acceptable during peacetime.

Another 32 per cent said countries should be allowed to plant malware and hack the networks of private foreign companies in order to spy for economic advantage. Of this group, 23 per cent said such actions were necessary only during wartime, the survey revealed.

The mid-year online survey polled 1077 computer users from across the globe on their attitudes toward cyber warfare and other IT security trends. When contacted, a Sophos spokesperson declined to say which countries were included in the poll.

The high figures came as a surprise to Graham Cluley, senior technology consultant at Sophos, who noted that by consenting to such actions, one's company may be subjected to similar spying or hacking activities.

"After all, by giving the green light to these kind of activities, you'd also have to expect to be on the receiving end too," he said. "Maybe yours will be the next company probed by an overseas power?"

Cluley said hacking and virus-writing began as a hobbyist activity, often designed to prove the intelligence of the programmer, rather than to cause serious long-term harm. But, these have changed toward achieving financial and political objectives.

"It evolved into organised criminal activity with the lure of large amounts of money and now, in 2010, it could be argued that the third motivation is using malware and the internet to gain commercial, political and military advantage over others," he explained.

The most recent high-profile attack, dubbed "Operation Aurora", was made public by Google in January this year when the search giant said attacks targeting its systems and other US companies had originated from China. Google had threatened to exit the Chinese market but both sides have since reached a resolution, with China renewing Google's licence as an internet content provider in late July.

US tops list as malware-hosting country

The Sophos report listed the United States as the top location, at 42.9 per cent, of malware-hosting sites, followed by China and Russia.

"Although website owners in the US clearly have a lot of cleaning up to do, France, Italy and the Netherlands have all joined this Top 10 [list] since the start of the year, so it's far from an isolated problem," noted Cluley.

"The biggest issue is that a lot of these websites are legitimate ones that have been targeted by hackers [so] businesses could end up infecting their customers, leaving them open to fraud," he said.

Aggressive search engine optimisation (SEO) techniques are also often used to push infected websites to the top of search results, increasing the rate of traffic to malware-hosting pages, thus, infecting more web users.

Via ZDNet Asia

Editorial standards