State-sponsored cybercrime on "industrial scale" says MI5 chief

Filed Under: Data loss, Denial of Service, Featured, Law & order, Malware, Vulnerability

MI5The Director General of MI5, Jonathan Evans, has given a speech discussing the growth of organised cybercrime targeting UK businesses and government.

In a rare public speech, the head of the British Secret Service described how "one major London listed company" estimated that it had lost "some £800m as a result of hostile state cyber attack - not just through intellectual property loss but also from commercial disadvantage in contractual negotiations."

The MI5 chief described the extent of the problem as "astonishing – with industrial-scale processes involving many thousands of people lying behind both state sponsored cyber espionage and organised cybercrime", and called upon the private sector and government to improve its information-sharing about cyber attacks.

I presume Jonathan Evans meant "astonishing" to the man in the street, and not to himself or those involved in computer security, as the last few years have shown a clear indication of a new pillar of cybercrime.

We started off with the hobbyists, hacking systems or coding malware for fun or for the intellectual challenge. Much of what they did would fall foul of computer misuse laws about unauthorised access or modification, but the motivation was often to show off to their pals rather than to make money.

Some of these hobbyists still exist, although their numbers have depleted as they have realized that it can be a dangerous game to play if the authorities take a dim view of their activities.

Then we saw the financially-motivated cybercriminals - stealing banking passwords, installing keyloggers, hijacking computers to display adverts for money-making schemes, recruiting compromised computers into botnets in order to send spam. These remain a considerable force to be reckoned with, and account for the majority of the attacks that we see.

More recently we have seen the rise of hacktivism, with more hackers breaking into systems to expose what they view as corporate hypocrisy or lax security or to spread a political message. Hackers waving the banners of Anonymous and LulzSec have engaged in crippling denial-of-service attacks, data breaches, and defacements with often no obvious financial motivation in mind.

And then there's state-sponsored cybercrime and internet espionage. This area of cybercrime is shrouded in the deepest, thickest fog - and attribution continued to be a monumental problem - but speculation about government and military use of the internet to spy continues to grow.

Britain in crosshairsWhether it be the USA and Israel building malware to infiltrate Iranian nuclear systems, the mystery of who would want to break into computers at Japanese submarine manufacturing plants, or the British speaking bullishly about its willingness to launch a pre-emptive strike across the internet against aggressors, it would be naive to think that countries are not using the net for such purposes.

And why shouldn't they? After all, it's probably cheaper and less dangerous to spy on another state's government or a foreign company using malware than to use the old-fashioned method of planting a physical agent there.

So, yes, I'm not astonished to read that UK businesses and governments are believed to be under internet attacks from other states. But I also acknowledge that my own country is likely to be doing the very same thing.

That means that all of us, wherever we are in the world, should be working hard to maximise our computers' security.

Keep your protection software and patches up-to-date, educate your staff about threats and how their systems can be compromised, make sure that computers are only connected to the systems that they need to be connected to, and ensure that your sensitive data is properly encrypted and safely hidden behind a layered defence.

, , , , , , ,

You might like

5 Responses to State-sponsored cybercrime on "industrial scale" says MI5 chief

  1. Michael · 1197 days ago

    Depends what he means by 'cyber attacks'. Is he referring to actual network intrusions, footprinting, or just the large number of automated (pretty normal) port scans against his network? Governments should drop the 'cyber attack' label, and start giving us a break-down of what's actually happening, so we'd have a much better picture of the real threats.

    I don't think the problem's going away either, for a long time. For the average bloke in the street, groups like LulzSec (who I've lost patience and sympathy for) are a huge threat. They have no reservations about disclosing personal information on thousands of innocent people, and one of those leaks will lead to bank accounts being emptied, or even worse if criminals started using that to commit identity fraud. Too many businesses aren't taking precautions against that.

    Thankfully our own government appears to have kept its hands clean of the STUXNET thing and instead concentrated on network defence, so it's moving in the right direction.

  2. Dan · 1197 days ago

    Ok a few things about this 1. Can we please stop calling these script kiddie criminals "hactivists"?! They rarely have an actual cause, and when they do they are simply using it as justification for their "hacking". And how was this industrial scale hacking "state-sponsored"? It seems it was for monetary gain - suggesting personal malicious motives...not government. And as far as implications that suxnet and flame were US and Israel built...this is a pretty drastic claim. It may be true (I believe it isn't since US intel malware would most likely be a smaller payload leaving a hard to trace footprint), but claiming it to be fact in so many articles isn't fair reporting. And if you look at the NY Times report it is based off the man’s book, which he was obviously promoting with the article.

    Sophos should probably stop overusing buzz terms like "state sponsored attackers" - it's quickly becoming "The Onion" of info sec.

    • Delta2 · 1197 days ago

      Dan do you know that flames MIM attack on Microsoft's update mechanism was done by Hash collision. This is apparently achieved with the help of a "super computer" Now I wonder how many script kiddie hackers own a super computer? Also stuxnets PLC rootkit was one of a kind and the only known PLC based rootkit ever built. Besides how many people know the complexities of a nuclear reactor ?

      Flame was large because it had a completely different purpose to stuxnet. It had a main engine and it let malware creators to install different plugins to extend its capabilities. If you ever used a Trojan called "Poison Ivy" you know how it has different modules you can install after the initial infection. Flame was specifically targeted to gather intelligence from specific targets. It wasn't meant to spread world wide hence no 0 day exploits. It was also designed to hide inside systems for a longer period unlike stuxnet which was a one shot weapon.

      Your comment is just absurd. Western governments always involved in cyber espionage and attack/sabotage. Google -> Unit 8200

      • Dan · 1196 days ago


        I never down played the level of sophistication of Flame or Suxtnet - perhaps you should reread the comment. First, I addressed the issue of hacktivists - as did the article. No one (me, Sophos, nor the media) have called the creators of Suxtnet or Flame hactivists, I have no idea why you would even make that correlation.

        And yes, most governments are involved in cyber espionage - undoubtedly this is the US as well. I just questioned the US's involvement in those 2 specific cases. Also I feel reporting on something as if it is fact, in so many articles when you lack concrete evidence, is irresponsible journalism.

        The only "just absurd" thing here is your lack of reading comprehension.

  3. Bogwitch · 1197 days ago

    ..."and called upon the private sector and government to improve its information-sharing about cyber attacks."

    For the past two years running, since leaving the public sector and associated industries, I have asked CESG if they would be willing to talk about sharing intelligence on attacks.

    CESG response? "Not CLAS? Not interested"

    I dropped being CLAS due to the high intake of new CLAS consultants that were in no way proficient and didn't want to be tarnished with the same brush.

    I predict the sharing will be VERY one-way.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley