Whilst consumers are electing the next major political leader via crowdsourced populism, governments and companies begin developing cyberarms.
This cyberwarfare is already rife, with a host of malware targeting middle eastern nations (see end of blog entry).
What is obvious from these developments is that cyberattacks are the new form of warfare that evades direct hand-to-hand or nuke-to-nuke combat.
Like the classic 1983 film War Games, you don’t need to have war with weapons anymore, just cyberweapons.
And no nation is immune from attack.
For example, the US was under attack from a Chinese originating cyberworm in 2010.
Although China denied that this was state funded, this was slightly undermined by a news report on China Central Television a year later, which showed a military computer program selecting a “target” — in this case, a website based in Alabama — and hitting a button labelled “attack.”
It doesn't take much to imagine the consequences of a successful cyber attack. In a future conflict, an adversary unable to match our military supremacy on the battlefield might seek to exploit our computer vulnerabilities here at home. Taking down vital banking systems could trigger a financial crisis. The lack of clean water or functioning hospitals could spark a public health emergency. And as we've seen in past blackouts, the loss of electricity can bring businesses, cities and entire regions to a standstill. This is the future we have to avoid. That's why my administration has made cybersecurity a priority, including proposing legislation to strengthen our nation's digital defenses.
Obama is acutely aware of cyber vulnerabilities because he got hacked himself.
In May 2012, Barack Obama is quoted as saying: “Between August and October (2011), hackers gained access to e-mails and a range of campaign files, from policy position papers to travel plans. It was a powerful reminder in this information age (that) one of your greatest strengths — in our case, our ability to communicate to a wide range of supporters through the Internet — could also be one of your greatest vulnerabilities.”
And there’s the rub.
We continually try to be one step ahead of hackers, hacktivists, cybercriminals and cyberthreats, but we are actually always one step behind.
Like the regulatory conundrum – you can only fix the system with regulation once you’ve seen it go wrong – the cyber conundrum is very similar – you can only block the attack once you’ve realised you’re under attack.
Sure, you can protect yourself against possible attacks, but knowing every nuance of every possibility of every attack?
Can any company claim to be bulletproof?
I don’t think so, especially when it is clear that the financial system manages the economic viability of nations and is therefore going to be one of the first lines of attack in national cyberwars.
That was made clear to me when NYSE’s CIO presented at a conference I chaired a couple of years ago, and said that they had been targeted in a cyberattack at the same time as the US Department of Defence. The US Department of Defence had a security breach, NYSE did not.
But were they lucky?
In the latest developments in the Middle East for example, Kapersky found that the latest malware system attack, Gauss, was specifically developed by the same people who developed Stuxnet – the system targeted to breach Iran’s uranium plants. The difference this time is that Gauss targets bank accounts rather than nuclear plants.
According to Kapersky’s chief security expert Alexander Gostev: “Gauss targets multiple users in select countries to steal large amounts of data, with a specific focus on banking and financial information.”
When governments engage in cyberwars that focus upon the bank system first, there’s going to be a meltdown at some point, and potentially these developments are far more threatening ot our system than those of the paltry hacktivists.
I’ll let you make your own mind up.
From CNET , a who’s who of malware targeting Middle Eastern nations:
Discovered in June 2010, Stuxnet is believed to be the first malware targeted specifically at critical infrastructure systems. It's thought to have been designed to shut down centrifuges at Iran's Natanz uranium enrichment plant, where stoppages and other problems reportedly occurred around that time.
The Duqu worm emerged in September 2011, and researchers say it shares a lot of code with Stuxnet but is designed for a different purpose: stealing data for surveillance or other intelligence efforts. It hit computers in Iran but did not appear to be directed at industrial or critical infrastructures specifically.
Flame was discovered in May 2012 during Kaspersky Lab's investigation into a virus that had hit Iranian Oil Ministry computers in April. Kaspersky believes the malware, which is designed for intelligence gathering, had been in the wild since February 2010, but CrySyS Lab in Budapest says it could have been around as far back as December 2007. Most of the infections were in Iran, but other countries hit were Israel, Sudan, Syria, Lebanon, Saudi Arabia, and Egypt.
"Gauss" malware was launched around September 2011 and was discovered in June 2012. The malware was found on computers mostly in Lebanon, Israel, and Palestine, followed by the U.S. and the United Arab Emirates. Kaspersky says it comes from the same nation-state "factories" that produced Stuxnet, Duqu, and Flame.
There were reports in April about a malware attack shutting down computer systems at companies in Iran, including the Oil Ministry, and mentions of a virus called "Wiper". The malware wipes data from hard drives, placing high priority on those with a .pnf extension, which are the type of files Stuxnet and Duqu used, and has other behavioural similarities. It also deletes all traces of itself. As a result, researchers have not been able to get a sample, but they've reviewed mirror images left on hard drives. The discovery of Wiper led to the discovery of Flame, which led researchers to Gauss, according to Schouwenberg.
The data-stealing Mahdi Trojan, discovered in February 2012 and publicly disclosed in July, is believed to have been used for espionage since December 2011. Mahdi records keystrokes, screenshots, and audio and steals text and image files. It has infected computers primarily in Iran, Israel, Afghanistan, the United Arab Emirates, and Saudi Arabia, including systems used by critical infrastructure companies, government embassies, and financial services firms.
There are many more instances of such attacks globally.
More than 79 banks have been breached, claimed a hacker on Twitter. Following a data release on Tuesday, he said he has more than 50 gigabytes of U.S. and foreign bank data in his hands.
First, he warned of the security flaw in Iran's banking system. Then he provided them with 1,000 bank account details. When they didn't listen, he hacked 3 million accounts across at least 22 banks.
Global Payments, the credit and debit card processor that disclosed a breach of its systems late Friday, said in a statement Sunday that the incident involved at least 1.5 million accounts. The news comes hours ahead of a planned conference call with investors, and after Visa said it had pulled its seal of approval for the company.
Heartland, a Princeton, N.J.-based provider of credit and debit card processing services, said that unknown intruders had broken into its systems sometime last year and planted malicious software to steal card data carried on the company's networks.
Thieves may have the credit and debit card details of a million TK Maxx customers. The American firm which owns the cutprice designer goods store said details from about 45.7million cards have been stolen in total in the world's biggest card theft.
A cyber fiction: a story of a cyberattack on Wall Street from the Finanser, March 2012:
Shaiming Zheng had finally finished his masterpiece. He had created a worm that would infiltrate the heart of the American dream: Wall Street.
NYSE claim that their servers are bullet proof, and can survive attacks that are even more viral and malevolent than those that would target the US defence systems.
But they were wrong and Shaiming had the means to prove it.
His program would not only find its way into the NYSE system through the back door, via what would appear to be an official trade by Goldman Sachs on their high frequency trading platform, but it would worm its way into the DTCC clearing system.
Once in the clearing system, it would bring down America.
Shaiming was using a shadow trade to allow his worm to work its evil magic.
First, the system would create a request for quote via Goldman Sachs.
Once the order was filled by a reciprocal trade fill on the NYSE exchange, the shadow trade would be passed through for clearing via the DTCC.
At this point, the shadow would unleash the worm, which would then begin to infiltrate every settlement of trades on the DTCC systems thereafter.
It is something that was unthinkable as, until discovered, it would mean that all trading in the American stock exchange systems – not just NYSE, but NASDAQ and more – would be disrupted and potentially forever flawed as the DTCC carry all the payments and settlement for all trading in American stocks and derivatives.
It would bring down the system.
That was the intention and that was what Shaiming believed he had built.
And it had been so easy to achieve as he was not attacking the DTCC or the NYSE system, but Goldman Sachs and, thanks to the powers that be, it had been easy when he found his ally, Serby Alyenko.
Serby had been convicted of stealing proprietary information from Goldman Sachs about their trading platform in 2010.
This conviction had been overturned in 2012 but, what the court didn’t know, is that Shaiming and his paymasters had paid Serby $10 million to get the information they needed.
Serby had not been stealing trade secrets about Goldmans trading platforms at all.
What he had really been doing was to create the gateway on the platform for Shaiming to plant his worm on their system.
Thank you Sergey.
Shaiming pressed the button and held his breath.
The worm was on its way.
Would it reach its target?
This is the fourth entry in a series about Hacktivism: