Oct 10, 2007

Red CyberWar Tomorrow - Capitalist CyberInsurgents Now

While we may fret over prospects of a nefariously minded red China cyberattacking the Yahoo out of us tomorrow, there is a growing middle market of domestically based and commercially driven cyberinsurgent (SMC term) entities engaged in personal data theft online and the retailing of such goods to third party cyberinsurgents who deploy these capital goods for further commercialized cyberinsurgent activity.

The U.S. is the country most frequently attacked by commercially driven cyberinsurgents. The U.S. is also where most of these cyberinsurgent attacks originate.

What once perhaps were asymmetric cyberattacks designed to destroy data and collect trophies de chaos have now given way to attacks designed to steal data outright for profit. Not unlike the insurgency raging within Iraq, this cyberinsurgency has progressed to being an amorphous and distributed beast fighting smart and dirty for market share where resources brought to bear against it by the state represent just one more scrapping party (and increasingly marginalized at that) in the maelstrom of market conflict. Settling grudges and collecting scalps simply don't pay enough to keep the production of chaos this long in play.

Based on reports obtained from the FBI, Symantec estimates that commercially driven domestic cyberinsurgent activities, including malicious software development and sales, extortion, and wholesale and retail sales of personal information and credit card data, at present turn over hundreds of millions USD per annum.

As can be said of the technical solutions employed by the IC at large (as Kent's Imperative doth profess), today’s [Cyberinsurgent] activities, even those conducted in the far flung corners of the globe, are more likely to involve commercial off the shelf items and kludged and duct-taped solutions than the things of precision and beauty. To be sure, there is still – and always will be – a certain amount of specialized hardware, and a few new cutting edge platforms. But this new age is a very different one – dominated by Small Stuff, and dual use.

What can and will be said about the resources and strategies needed to counter a commercially driven cyberinsurgency at home? Leave it to Symantec? Time for a domestic cyberCOIN doctrine? Will we need cyberPMCs? Maybe declare a GWOCyT? Rest assured, the odds of knowing somebody adversely, and directly so, affected by commercially driven cyberinsurgents dwarf any reasonable risk of getting bruised by any other spooky entity we're at war with. Or do we perhaps best leave this particular insurgency to the cops and the criminal justice system? Or is this insurgency good for business at large? (Some are) Shallow thoughts tendered for deeper minds to dwell a moment or so upon. Perhaps.

Below are some choice excerpts and conclusions drawn and quartered from Symantec's semiannual Symantec Internet Security Threat Report (ISTR) Volume XII, covering the six-month period from January 1, 2007, through June 30, 2007. According to Symantec, it is based on Symantec data collected from more than 40,000 sensors deployed in more than 180 countries in addition to a database that covers more than 22,000 vulnerabilities affecting more than 50,000 technologies from more than 8,000 vendors. Symantec also reviews more than 2 million decoy accounts that attract e-mail messages from 20 different countries around the world allowing Symantec to gauge global spam and phishing activity.

The latest Internet Security Threat Report (ISTR), Volume XII released today by Symantec Corp. concludes that cyber criminals are increasingly becoming more professional -- even commercial -- in the development, distribution and use of malicious code and services. While cybercrime continues to be driven by financial gain, cyber criminals are now utilizing more professional attack methods, tools and strategies to conduct malicious activity.

During the reporting period of Jan. 1, 2007, through June 30, 2007, Symantec detected an increase in cyber criminals leveraging sophisticated toolkits to carry out malicious attacks. One example of this strategy was MPack, a professionally developed toolkit sold in the underground economy. Once purchased, attackers could deploy MPack's collection of software components to install malicious code on thousands of computers around the world and then monitor the success of the attack through various metrics on its online, password protected control and management console. MPack also exemplifies a coordinated attack, which Symantec reported as a growing trend in the previous volume of the ISTR where cyber criminals deploy a combination of malicious activity.

Phishing toolkits, which are a series of scripts that allow an attacker to automatically set up phishing Web sites that spoof legitimate Web sites, are also available for professional and commercial cybercrime. The top three most widely used phishing toolkits were responsible for 42 percent of all phishing attacks detected during the reporting period.

"In the last several Internet Security Threat Reports, Symantec discussed a significant shift in attackers motivated from fame to fortune," said Arthur Wong, senior vice president, Symantec Security Response and Managed Services. "The Internet threats and malicious activity we are currently tracking demonstrate that hackers are taking this trend to the next level by making cybercrime their actual profession, and they are employing business-like practices to successfully accomplish this goal."

Additional Key Findings

* Credit cards were the most commonly advertised commodity on underground economy servers, making up 22 percent of all advertisements; bank accounts were in close second with 21 percent.

*Malicious code that attempted to steal account information for online games made up 5 percent of the top 50 malicious code samples by potential infection. Online gaming is becoming one of the most popular Internet activities and often features goods that can be purchased for real money, which provides a potential opportunity for attackers to benefit financially.

*Theft or loss of computer or other data-storage medium made up 46 percent of all data breaches that could lead to identity theft. Similarly, Symantec's IT Risk Management Report found that 58 percent of enterprises expect a major data loss at least once every 5 years.

No comments: