http://www.guardian.co.uk/technology/2007/nov/29/hacking.news By Rachel Williams The Guardian November 29 2007 A "cyber cold war" is developing as international web espionage and cyber-attacks become the biggest threats to internet security, according to a report. The computer security firm McAfee said governments and government-allied groups were engaging in increasingly sophisticated cyber spying, with many attacks originating from China. Some 120 countries could be developing the capacity for such activities. What started as probes to see what was possible have become well-funded and well-organised operations for political, military, economic and technical espionage, the report said, with perpetrators aiming to cause havoc by disrupting critical national infrastructure systems. Targets include air traffic control, financial markets, government computer networks and utility providers. In September, the Guardian reported that Chinese hackers, including some believed to be from the state military, had been attacking the computer networks of British government departments, including the Foreign Office. China has spelled out in a white paper that "informationised armed forces" are part of its military strategy. McAfee, whose report was compiled with input from Nato, the FBI, and the Serious Organised Crime Agency, said that according to Nato insiders, the wave of cyber attacks that hit Estonia earlier this year, disrupting government, news and bank servers for weeks, was the tip of the iceberg. In May, the Baltic state said that at least 1m computers had been used in the cyber warfare, which saw hundreds of thousands of hits bombarding Estonian websites to jam them and make them unusable. The method used was known as distributed denial of service. The attack coincided with the climax of a dispute between Moscow and Tallinn over a Soviet second world war memorial in the Estonian capital, but officials there backed away from accusing the Kremlin directly. Russian officials have denied any state responsibility. In the past 12 months there have been reports of cyber attacks against government targets in the US, Germany, India, New Zealand and Australia. China has denied any involvement. "We have seen attempts by a variety of state and non-state-sponsored organisations to gain unauthorised access to, or otherwise degrade,department of defence information systems," a Pentagon spokesman told researchers. Nato experts said attackers were using trojan horse software to focus on specific government offices, and 99% of cases were probably still undetected. "The complexity and coordination seen during the Estonia attacks was new," a Nato insider said. "There was a series of attacks with careful timing using different techniques and specific targets. The attackers stopped deliberately rather than being shut down." James Mulvenon, an expert on China's military, who is also director of the Centre for Intelligence and Research in Washington, said the Chinese were the first to jump "feet first" into 21st-century cyber-warfare technology. Peter Sommer, a computer crime expert and visiting fellow at the London School of Economics, who contributed to the report, said: "There are signs that intelligence agencies around the world are constantly probing other governments' networks, looking for strengths and weaknesses and developing new ways to gather intelligence." Jeff Green, senior vice-president of McAfee Avert Labs, said: "Cyber crime is now a global issue. It has evolved significantly and is no longer just a threat to industry and individuals but increasingly to national security. We're seeing emerging threats from increasingly sophisticated groups attacking organisations around the world." The report also highlighted new threats to consumers, with cyber criminals targeting internet-based telephone networks in what has become known as "vishing". There is also "phreaking" - or hacking into telephone networks to make long-distance phone calls - and the problem of the growing "white market", where software flaws are bought and sold for tens of thousands of pounds. Users of social networking sites such as Facebook and MySpace are also vulnerable. __________________________________________________________________ Visit InfoSec News http://www.infosecnews.org/
This archive was generated by hypermail 2.1.3 : Wed Nov 28 2007 - 23:40:47 PST