Information security watch – Cyber Espionage
‘Cyberspace’ is the electronic medium of digital networks used to store, modify and communicate information. It includes the Internet and other information systems that support businesses, infrastructure and services. However, some individuals and groups use cyberspace for malicious purposes are known as ‘hostile actors’ and they exploit cyberspace to conduct espionage operations or launch damaging computer network attacks. The hostile actors include foreign states, criminals, ‘hacktivist’ groups and terrorists who use cyberspace to target various countries. The resources and capabilities of hostile actors vary. Hostile actors conducting cyber
espionage can target government, military, business and individuals. The foreign states are generally equipped to conduct the most damaging cyber espionage and computer network attacks. The cyber espionage is an extension of traditional espionage. They use computer networks to steal large volumes of sensitive data undetected over a prolonged period of time remotely, cheaply and on an industrial scale with relatively little risk to a hostile actor’s intelligence officers or agents overseas exploiting the Computer Network.
They also use malicious software to disrupt and damage cyber infrastructure. This includes taking a website offline to manipulate the industrial process command and control systems which is known as a Computer Network Attack. These collectively present a real risk to the economic well-being of the countries and pose a direct threat to national security as well. Advanced Persistent Threats (ATPs) affect all types of sectors where the hostile actors maintain a foothold in corporate and governmental networks for months or years, smuggling out terabytes of sensitive and indiscriminate information in a more automated fashion and did not always bother to wipe away their fingerprints. Espionage activity carried out in cyberspace by a small group of criminal hackers for hire began in 2011 and has expanded in scope and size over the last few years. They sometimes do this on behalf of state-owned or sponsored companies in their own countries. Recently, the security researchers found malicious software ‘Icefog’ infecting targets via emails with malicious links or attachments. Once a victim clicked the link or opened the attachment, the ‘Icefog’ programme displayed a decoy document as it inserted a “backdoor” into the system, through which the hostile actors processed victims one-by-one and manually stole specific files that it seemed to know about in advance such as company plans, address books, account passwords and other material that were not easily monetized. These attacks usually lasted for a few days or weeks, the hostile actors cleaned up and left after collecting the information they were looking for. Many countries have become victims of ‘Icefog’ and the target also includes governmental institutions, military contractors, maritime and ship-building groups, telecom and satellite operators, industrial and high technology companies and mass media.
Espionage against a country’s interests continues and is widespread, insidious and potentially very damaging. In the past, espionage activity was typically directed towards obtaining political and military intelligence. These targets remain of high value but in today’s technology-driven world, the intelligence requirements of a number of countries are wider than before. They now include communications technologies, IT, genetics, defense, aviation, electronics and many other fields. Intelligence services, therefore, are targeting commercial as well as government – related organizations. Foreign intelligence services increasingly use the Internet and cyber techniques to conduct espionage against a country’s interests. As we become more reliant on the Internet in our everyday lives the threat from cyber espionage will only increase.
There are many simple steps that business and the public can take to improve their cyber security. Good cyber security depends on a combination of both technical measures and human behaviour. For example, an anti-virus system will prevent malicious activity on computer networks but will become ineffective if the user does not ensure signatures are not kept up to date. Similarly, if staff in an organization is educated not to open suspicious emails, this can help to minimize the risk of their organization becoming a victim of cyber espionage. However, the governmental and commercial organizations should invest in situational awareness technologies to monitor the network and security infrastructure in real-time and adopt intelligence driven security – a new capability to defend against the unknown.
(The writer is a Governance, Risk and Compliance professional. He is the founding member and charter secretary of the (ISC)2 Chennai Chapter and founder/President of Information Security Professional Associates (iSPA) and a board member of the (ISC)2 Colombo Chapter. He can be emailed at sujit@layers-7.com)
comments powered by Disqus