The governments are playing the hacking game, too. This got me thinking: what are the possible implications of law backing up the bad guys? Are we granting them to access sensitive data of the government to perform activities targeting the other (nations) bad guys? Where do we draw the line of the good and bad with hacking? These are just some of the questions arising from the fact that governments around the world are in fact engaging in hacking movements for reasons we may or may not be able to decipher. Gmail accounts were also purportedly hijacked by state-sponsored attackers in June. We’ll never know why, unless we try to examine the gazillion email addresses involved.
Piecing reports together for the last 6 months, it appears that China already has formed a hacking army that wages war against other governments. In July, U.S. intelligence researchers discovered that the critical data and e-mail belonging to the president of the European Union Council, Herman Van Rompuy, were stolen by a Chinese hacker group named ‘Comment/ Byzantine Candor’. Earlier that month, malicious activities within the Indian Naval computers were traced to IP addresses from China and Chinese-codes. The severity of hacking issues has prompted U.S. President Obama to endorse Cybersecurity Bill.
The top global hotspot for nation-sponsored hacking activities, it has apparently been involved not only in infiltrating government online fences, but also linked in both mainstream and downstream security breaches of various enterprises over the last few years. The cyber espionage scheme on enterprises has not hit the headlines until four years ago when Google, irked by massive hacking, pointed to “the Chinese” as the culprits. From that point on, it was like an avalanche of admittance from other companies, that they have been breached too by perhaps the same group or same plot. In his Infoworld interview, Fidelis CEO Peter George relates a story that one of their partners experienced with a client complaining, “We believe the Chinese are stealing our designs for these handbags and mass producing them because the knockoffs are making it to market before we can get out the original.” After using Fidelis’ security tool, they traced the activity to a plant in China. George agrees that this act is both organized and state-sponsored.
With China seemingly unstoppable in funding hacking spree, what are the consequences of the failure to pass the Cybersecurity Act? George answers,
“We thought the Cybersecurity Act was really important because it would bring the federal government, which has threat intelligence about the adversary, together with commercial enterprises. [The latter] were fighting the hacker down the street. Now they’re fighting nations that have their own national security intelligence agencies. That’s who they have to keep out of their network, and they need our country to help them. The federal government has insight into that threat vector that commercial CSOs don’t have. They have been battling this adversary and protecting classified information for a long time, so they know how to do that.”
He added, “But a framework for formalizing that, I think, would be really important. I think this bill was an attempt to move that agenda forward, and now we probably won’t hear about it again until the other side of the election, which isn’t good.”
In an AlienVault Open Threat Exchange™ (OTX)-generated inforgraphic interpreted by Isha Suri of SiliconANGLE revealed that the top five sources of malicious IP addresses are China, United States, South Korea, Russian Federation and Taiwan. It seems like Asia is on a roll when it comes to hacking with three out of the top 5 came from the region. The same report identified widespread malevolent activities such as host scanning, malware domain, malware IP, spamming and malicious host. The primary forms of malicious content include Executable files (.exe), HTML content, Zip/RAR compresses, PDF, and Flash.
Flame, Stuxnet and Gauss
Reports have mentioned countries like Iran are building cyber defense headquarters, following Stuxnet and Flame attacks. The story of United States and Israel’s conspiracy to take down nuclear Iranian nuclear material centrifuges and sabotage the country’s nuclear program was first seen in New York Times. While the U.S. government has not confirmed or denied this, the Pentagon seemed to be piling up efforts to support the nation’s defense should cyber warfares come to pass, with Flame as the campaign’s primary tool. Flame is believed to be the greatest cyber weapon discovery of recent times and is far more sophisticated than Duqu and Stuxnet.
An allegedly distant relative of Stuxnet and Flame, Gauss becomes the next big thing in nation-state cyber surveillance with its banking Trojan links. According to a report, this malware could permeate online banking systems and payment methods and steal passwords and can intercept cookies from the likes of PayPal, Citibank, Mastercard, VISA, Ebay, Amex, Amazon and tons more. The tracks of Gauss was traced in Lebanon.
Security provider Kapersky wrote:
“Gauss is a nation state sponsored banking Trojan which carries a warhead of unknown designation. The payload is run by infected USB sticks and is designed to surgically target a certain system (or systems) which have a specific program installed. One can only speculate on the purpose of this mysterious payload.”
“After looking at Stuxnet, Duqu and Flame, we can say with a high degree of certainty that Gauss comes from the same ‘factory’ or ‘factories.’ All these attack toolkits represent the high end of nation-state sponsored cyber-espionage and cyberwar operations, pretty much defining the meaning of ‘sophisticated malware’.”
Hacking comes in different shapes and sizes. The activity is not entirely tantamount to malicious acts. For a company, security software makers for example—they test the vulnerability, efficiency and agility of the program by hacking. This is like a bug test before launching their product in the market. But, there are of course the headline-philic hacktivists who denounce ideological, social or political message by using technology and compromising data and intellectual properties.
Anonymous is perhaps the most recognized group that falls under this category. And, there are those who clearly take advantage of companies’ security weaknesses to gain profit for themselves.
For enterprises, the R&D, marketing and finance departments are the common targets—these are where vital information are kept and can seriously cause sudden power shifts in the market. The similar ideas could have fuelled a number of countries to fund such activities and hack into the sensitive data and properties of another nation’s. When something like hacking goes inter-national, it the scope of damage could be, without exaggeration, immeasurable.
The cyberwarfare units of states are getting tougher, smarter and nastier. Thinking like the enemy is the key and cheating could be as fundamental.
Bottom line is: a nation will protect its interest at all costs. But, how are they going to ensure that the bad guys may turn into good guys for national interest? We’ll have to watch and see.