As we discussed earlier this year in the Sophos Security Threat Report 2010 [PDF], a third era of malware appears to have well and truly arrived.
Hacking and virus writing began as hobbyist activities, often with the intention to show how smart the perpetrator was rather than to benefit financially. It was the time of Green Caterpillars munching the contents of your screen or letters cascading down your monitor like raindrops.
Cybercrime was a nuisance and could still cost your company money in terms of clean-up and recovery, but was typically designed with mischief and mindless vandalism in mind rather than money.
However, the threat evolved into organised criminal activity, with the lure of huge amounts of money driving gangs to steal identities, create botnets, and advertise shady goods to the masses via spam for significant financial rewards.
But in the last few years we’ve begun to see something new. The money-grabbing online gangs haven’t been replaced, but there does appear to be more and more evidence that they have been joined by those who wish to use malware and the internet to gain commercial, political, economic and maybe even military advantage over rivals.
Here’s just a short list of just some of the many stories we’ve covered in recent years on this topic:
Here at Sophos we’re not big fans of loose ends, and the problem with many of these stories is that the proof that an attack was sponsored by a foreign country’s government or military agency has always been hard to find.
After all, we all know that over 99% of all spam is sent from compromised computers, under the control of remote hackers. If hackers can instruct an innocent person’s PC to spew out bulk email, they could also use it as a springboard for a hack or a denial-of-service attack.
To put it most simply: a hacker can be based in Birmingham, but use a computer in Beijing to break into another country’s government network, deface a website, or spread malware. If your computer is poorly protected, a cybercriminal could take advantage of it to assist them in a economic/political/military attack.
But lets not be naive. I find it impossible to believe that countries would consider the internet and spyware “off-limits” as a tool for espionage. Countries are spying on each other all across the world for political, commercial and military advantage – and they would be crazy not to exploit the power of the internet to increase their chances of success.
Regular visitors to the Clu-blog will no doubt remember reading about “GhostNet”, which examined claims that the Chinese spied against organisations including the Tibetan government-in-exile and the private office of the Dalai Lama.
The same researchers published a new white paper this week, entitled “Shadows In The Cloud: Investigating Cyber Espionage 2.0”, which claims to have uncovered a “complex cyber-espionage” network that penetrated a number of organisations, including the United Nations, embassies, and the Office of the Dalai Lama once more.
The white paper claims that at least 1500 emails were stolen from the Dalai Lama’s office, in an attack said to have originated from the Chinese city of Chengdu.
Once again, it’s hard to prove that these attacks were sponsored by the Chinese government or military – proving that would probably require physical access to the computers in Chengdu at the very least.
What I would be interested in, however, is hearing your views of cyberwarfare. Do you think it’s acceptable for a country to spy and attack another via the internet? How about a DDoS attack? Is your country doing enough to protect itself from cyberwarfare attacks? Who do you think poses the biggest threat?
Thanks for responding!