Cyber espionage:- Definition:- Cyber espionage (also spelled cyber espionage) “ | involves the unauthorized probing to test a target computer’s configuration or evaluate its system defenses, or the unauthorized viewing and copying of data files. | ” | “ | uses computer or related systems to collect intelligence or enable certain operations, whether in cyberspace or the real world. ” | Cyber spying, or cyber espionage, is the act or practice of obtaining secrets without the permission of the holder of the information (personal, sensitive, proprietary or of classified nature), from individuals, competitors, rivals, groups, governments and enemies for personal, economic, political or military advantage using methods on the Internet, networks or individual computers through the use of cracking techniques and malicious software including Trojan horses and spyware.
It may wholly be perpetrated online from computer desks of professionals on bases in far away countries or may involve infiltration at home by computer trained conventional spies and moles or in other cases may be the criminal handiwork of amateur malicious hackers and software programmers.
Cyber spying typically involves the use of such access to secrets and classified information or control of individual computers or whole networks for a strategic advantage and forpsychological, political and physical subversion activities and sabotage.
More recently, cyber spying involves analysis of public activity on social networking sites like Face book and Twitter. Such operations, like non-cyber espionage, are typically illegal in the victim country while fully supported by the highest level of government in the aggressor country. The ethical situation likewise depends on one’s viewpoint, particularly one’s opinion of the governments involved. Crime and espionage form a dark underworld of cyberspace. Whereas crime is usually the first to seek out new opportunities and methods, espionage usually follows in its wake, borrowing techniques and tradecraft.
The Shadows in the Cloud report illustrates the increasingly dangerous ecosystem of crime and espionage and its embeddedness in the fabric of global cyberspace. Today, data is transferred from laptops to USB sticks, over wireless networks at cafe hot spots, and stored across cloud computing services whose servers are located in far-off political jurisdictions. These new modalities of communicating de-concentrate and disperse the targets of exploitation, multiplying the points of exposure and potential compromise.
Paradoxically, documents and data are probably safer in a file cabinet, behind the bureaucrat’s careful watch, than they are on the PC today. The ecosystem of crime and espionage is also emerging because of opportunism on the part of actors. Cyber espionage is the great equalizer. Countries no longer have to spend billions of dollars to build globe-spanning satellites to pursue high-level intelligence gathering, when they can do so via the web. We have no evidence in this report of the involvement of the People’s Republic of China (PRC) or any other government in the Shadow network.
But an important question to be entertained is whether the PRC will take action to shut the Shadow network down. Doing so will help to address long-standing concerns that malware ecosystems are actively cultivated, or at the very least tolerated, by governments like the PRC who stand to benefit from their exploits though the black and grey markets for information and data. Finally, the ecosystem is emerging because of a propitious policy environment — or rather the absence of one — at a global level.
Governments around the world are engaged in a rapid race to militarize cyber space,to develop tools and methods to fight and win wars in this domain. This arms race creates an opportunity structure ripe for crime and espionage to flourish. In the absence of norms, principles and rules of mutual restraint at a global level, a vacuum exists for subterranean exploits to fill. Cyber-Espionage Platform Red October Is Already Pulling Its Tendrils Back Into the Dark Earlier this week, a sophisticated, capable, and seemingly freelance cyber-spying operation called Red October burst onto the scene.
Well, it’s probably been around for years, but we all only just found out about it. Now, it’s already disappearing. After having the light shined on it, it’s darting back into the shadows. It looks like Red October is a bit bashful. After the big reveal, Red October’s infrastructure started going offline. Domain names associated with the project have begun to disappear, as well as hosting for command and control servers. It’s like the whole project is packing up and going home now that the secret’ is out. While that could be the case, to a certain extent, Red October is known for being resilient and having layers upon layers of proxy defense.
The “mothership” has not been located, so there’s still a juicy core of stolen intel somewhere out there. The retraction of recently discovered feelers only makes sense as a move to protect it. The question is: has Red October been thwarted by being found out, or is it just pulling into hibernation until everyone forgets about it, only to come back with new tools and now proxies? My money is on the latter. [Threatpost via Ars Technica] Operation Red October fuels debate over cyber espionage Security experts at Kaspersky Lab — a Russian anti-virus firm — disclosed the existence of a large-scale cyber espionage operation in January 2013.
Dubbed Operation Red October, it targeted over 39 different countries across multiple regions and exfiltrated confidential information from both public and private organizations over a five-year timeframe. Diplomatic missions, government agencies and energy research centers are among the many groups affected. The operation adds to a growing list of prominent cases in the last decade that have been labeled ‘cyber espionage’. But one question has not yet been addressed: do Operation Red October and other similar cases prove that cyber espionage has become the new platform from which to project national power?
The answer? They do not. While there is no doubt as to Red October’s complexity, cyber espionage cannot project a country’s power like other uses of cyberspace, such as the Stuxnet worm launched against Iran that was attributed to the United States and/or Israel, or the cyber attacks launched against the Philippines that were attributed to the People’s Republic of China (PRC). Unlike these examples, cyber espionage enshrouds the culprit in such a high level of uncertainty that it defeats the purpose of using cyberspace to visibly demonstrate national cyber capability and, in turn, power.
In most cases, this ambiguity helps to limit the possible escalation of conflict. But while the goal of conducting operations in cyberspace is to instill doubt in the mind of the target, a balance must be struck between hiding the source of the attack and providing enough information to intimidate and consequently discourage the victim from conducting retaliatory action. Take, for example, the defacement of Filipino government websites at the height of the Philippines’ South China Sea dispute with the PRC in 2012.
It was difficult for the Philippines to attribute the action to the PRC (whether conducted by the government directly or indirectly by elements of its citizenry) because the attack may have simply been routed through the PRC rather than originating in it. But, considering the same tactics were used by the PRC in previous conflicts and owing to the escalating situation in the South China Sea, the Philippines concluded that the attack was intentionally launched by the PRC. While this did not discourage Filipino nationals from retaliating, their response did not equal the PRC’s initial attacks.
Hence, while this incident and those like it may not be as devastating as conventional strategies, they can still demonstrate a country’s relative strength, while also mitigating a possible escalation of conflict by intentionally limiting one’s actions. In contrast, Operation Red October has employed techniques to make attribution difficult and cannot be pinned to a single on-going conflict. Researchers have suggested either Chinese or Russian origins because Cyrillic text is used, as well as techniques pioneered by the PRC.
But these do not provide any conclusive link or connect the incident to an on-going conflict, particularly given the range of affected states. This raises the possibility that a non-state actor is behind the operation, possibly with the motive of selling the stolen information. Researchers involved with the investigation have also proposed this theory. The low cost of entry into cyberspace, coupled with the broad range of targets, supports the idea that Red October was not necessarily instigated by a state. Yet the possibility that it was endorsed by a state or that information will be sold to various states is quite feasible.
Studies have suggested a link between the cyber underground in the PRC and government activity, for example. Red October could well be a product of this arrangement. However, all these scenarios can at best be viewed as mere supposition; as yet there is no ‘smoking gun’ that would provide the necessary clarity. Despite that fact that cyber espionage may not have the same power and appeal as other forms of cyber attack, its value in supporting other instruments of national power in a highly interconnected global society should not be underestimated.
That is to say, while cyber espionage itself cannot visibly project national power, the information that can be obtained through such activities can be used to support other cyber operations or traditional forms of power projection. The growing prominence of the ASEAN region as an economic hub for European and American firms will increase the likelihood of cyber espionage operations to obtain proprietary information. This vulnerability is already evident insofar as several ASEAN member states are on the list of countries affected by Red October and other operations.
While there is no way to accurately predict the rate at which events such as these will occur, affected countries must take steps to proactively address these threats. Initiatives such as information sharing between different law enforcement organizations and robust legislation, while not perfect, should help to blunt the effects of activities like Operation Red October. Example Cyber espionage describes the stealing of secrets stored in digital formats or on computers and IT networks.
In 2012, European security researchers report that a cyber espionage virus found on personal computers in several countries in the Middle East is designed to eavesdrop on financial transactions and perhaps disable industrial control systems. Researchers at Kaspersky Lab, a Russian IT security company, in Moscow identified the surveillance virus, dubbed Gauss, on PCs in Lebanon and other countries in the region and say it appears to have been developed by the same team or ‘factory’ that built the Stuxnet and Flame computer viruses.
Stuxnet, which was first discovered in 2010, is widely believed to have been used by the US and Israel to attack computer-controlled centrifuges at a uranium enrichment facility in Iran which disrupted the country’s nuclear programme. Similarly, Flame, which was discovered in 2012, has been implicated in an attack on a computer system at Iran’s main oil export terminal and its oil ministry. Analysis of the Gauss virus has revealed that it contains multiple modules designed to collect information and send detailed data about the infected machines back to its creators.
Kaspersky said it is also capable of stealing data from the clients of several Lebanese banks. Espionage carried out by means of the Internet or in cyberspace. 2012 – The Year of Cyber Espionage:- By Dovell Bonnett Lucian Constantin’s recent article “Expect more cyber-espionage, sophisticated malware in ’12, experts say” states that cyber-attacks in 2012 will increase with more sophisticated malware. Certainly companies like MicroTrend, Symantec and others have their work cut out for them to eradicate these attacks once they are launched.
But taking a step back, the question arises as to how malware is first getting into the networks. Answer: employee’s carelessness. Using social engineering attacks are still the best and cheapest way to distribute malware. Spam emails, phishing, spearfishing, etc. , all utilize attachments that can hide the malware. It still is amazing that such an and old and simple method is still the most effective. An according to some experts, educating the employees about information security is a waste of time.
I disagree since even if one person is helping by being educated and aware it is better than having none. But education alone is not the solution. Technology applications, networks and operating systems have to incorporate security as one of their key design components. Stop the patching and all the backward compatibility design concerns and start create an entirely new OS from scratch. We don’t run DOS and Windows 98 anymore. Software applications also need to incorporate high security standards like integration with multi-factor credentials.
Using a smartcard that first authenticates the user to the card, then the card to the computer, then authenticates the card and server to each other, and finishes up with the user to the application can greatly improve a company’s security. Public cloud services are still scary at best. Do you really know how and where your data is being stored? Plus, when some of the biggest public cloud companies are “sidestepping security” with protection clauses in their contracts should tell you something.
Private clouds can have more security safeguards but it requires knowledgeable people to build and manage. Security is only as strong as the weakest link and that link is the employee. I would wager that majority of the employee caused breaches are done through carelessness. Employees have to get their jobs done and will often circumvent security protocols so as to increase convenience and efficiencies. That is why any security plan has to take into account the user. Otherwise, corporate officers are lulled into a false sense of security.
A 25-character random password that has to be changed every 7 days is super security but don’t be surprised when there is an increase in Post-it Note supplies because these passwords simply cannot be memorized by most employees. First documented case of cyber espionage:- There have been so many examples of cyber espionage that it is now the norm to just accept that it is rampant. MI5 in the UK, the German Chancellery, Titan Rain, GhostNet, the Pentagon email hack, Google Aurora – all are examples of cyber espionage, most on the part of China.
But to date no evidence has been put forth other than claims from the injured parties. Thanks to reporting from Anthony Freed of InfoSecIsland we have learned over the past few days that a group of Indian hackers that align themselves with Anonymous (the catch all movement for hackers these days) have breached several Indian government servers and uncovered gold. If taken at face value their hacking has revealed 1. The Indian government has source code for Symantec’s AV software, albeit of 2006 vintage. 2. The Indian government is strong arming cell phone manufacturers to provide back doors into their handsets. . The Indian government is in possession of confidential internal communications from the US-China Economic and Security Review Commission (USCC). And now in a new development we learn from Freed: “Now YamaTough has provided potentially damning evidence that the Indian government is actively engaged in espionage efforts targeting not only the USCC, but potentially thousands of US government networks, ranging from those of federal agencies to systems used by state and municipal entities. ” YamaTough is part of The Lords of Dharmaraja hacking group in India.
You can see the difference between these unfolding events and previous claims of cyber espionage. The exfiltration of terabytes of data on the US Joint Strike Fighter or last March’s theft of “24,000 documents” has never been proved. They are just claims from admittedly credible sources. Thanks to a hacker group in India, InfosecIsland has source material that demonstrates wide spread cyber espionage on the part of the Indian Government which the hackers may publish. This is a historically significant development for those of us who track cyber espionage.
World’s Biggest Cyber-Espionage Case Uncovered:- A new report from McAfee unearths the world’s largest hacking operation. On Wednesday, August 3, computer security company McAfee, Inc. , published a 14-page report detailing the largest hacking operation unearthed to date. Dubbed “Operation Shady RAT” (Remote-Access Tool, a program that allows users to access distant networks) by Dmitri Alperovitch, McAfee’s vice president of threat research, this barrage of attacks involves over 70 international organizations, including two Canadian government agencies. This is further evidence that we need a strong cyber-defense system in this country. ” “With the goal of raising the level of public awareness today we are publishing the most comprehensive analysis ever revealed of victim profiles from a five-year targeted operation by one specific actor,” writes Alperovitch in his report. McAfee uncovered evidence that suggests the operation began as early as July 2006, although they may well have started before then. Dmitri Alperovitch, McAfee VP of Threat Research McAfee was able to identify 72 targets of security breaches.
Many more compromised parties were found on the server’s logs but could not be identified due to a lack of accurate information. Of the many victims, more than half are U. S. -based, and 22 are government institutions from other various countries. Shady RAT targeted a total of 14 countries and states. “This is further evidence that we need a strong cyber-defense system in this country, and that we need to start applying pressure to other countries to make sure they do more to stop cyber hacking emanating from their borders,” wrote Senator Dianne Feinstein (D-CA) in an e-mail toVanity Fair.
Evidence of Operation Shady RAT was first uncovered in 2009, when a McAfee client – a US military contractor – detected questionable programs on its network. An investigation of the network showed that the military contractor had been infiltrated by an unknown malware, classified as a Remote-Access Tool or RAT. This RAT allowed the hackers access to the military contractor’s network and therefore any valuable information stored on the network. Eventually, Alperovitch located one of the Command & Control servers used by the intruders to operate the RAT and immediately blocked McAfee lients from communicating with that server. Though McAfee proposed that a single “state actor” is responsible for the operation, the firm declined to make any accusations due to company policy. However, many experts in the field of cyber-espionage and security have already arrived at a general conclusion given the circumstances of the hacking campaign. Cyber Espionage: The Chinese Threat Experts at the highest levels of government say it’s the biggest threat facing American business today.
Hackers are stealing valuable trade secrets, intellectual property and confidential business strategies. Government officials are calling it the biggest threat to America’s economic security. Cyber spies hacking into U. S. corporations’ computer networks are stealing valuable trade secrets, intellectual property data and confidential business strategies. The biggest aggressor? China. CNBC’s David Faber investigates this new wave of espionage, which experts say amounts to the largest transfer of wealth ever seen —draining America of its competitive advantage and its economic edge.
Unless corporate America wakes up and builds an adequate defense strategy, experts say it may be too late. Limitless boundaries:- In cases of cyber espionage, traditional or real-world limitations, such as cost of execution and/or exposure are irrelevant. A victim organization is unprotected because there are no international norms. Why? Essentially, no consensus exists on the issue of illegality since large numbers of countries may be actively engaged in such acts. Preventions:-
Cyber espionage is prevalent because it often has no or few consequences. These activities may get support from the home countries from which these criminals or criminate; however due to the nature of the Internet, itis sometimes difficult to tell from where the true source of an attack may be coming. Cyber espionage is not confined by traditional regional borders and comprises a wide array of attack techniques that can be used against target-rich organizations 10 tips for protecting against cyber espionage Since IT has become such a critical component of national infrastructures which support government, commerce and the military activities, any cyber-attack that disrupts the flow of information, or successfully combines a physical and electronic assault on the system, could effectively compromise an nations’ ability to operate. As a result, nations have debated the need for a national ‘intranet’ that would support critical infrastructures such as finance, utilities, health and transportation. ” Said Jon Ramsey, CTO of Secure Works.
To ensure nations are fully protected against any type of attack, SecureWorks recommends the following measures are implemented: 1. Partner with information security experts to fully understand the threat landscape while leveraging their visibility across their entire client base. 2. Know which assets need to be protected and the associated operational risk of each. 3. Know where your vulnerabilities lie. 4. Fix or mitigate vulnerabilities with a defense-in-depth strategy. 5. Understand the adversaries evolving tactics, techniques, and procedures allowing you to reshape your defensive countermeasures as required. . Be prepared to prevent an attack or respond as quickly as possible if you are compromised. 7. While prevention is preferred; rapid detection and response is a must. 8. Have a fall-back plan for what you will do if you are victim of cyber war. 9. Ensure critical infrastructure suppliers have not been compromised and have safeguards in place to ensure the integrity of systems provided by these suppliers. 10. A nation’s critical IT infrastructure should not be totally reliant on the internet but have the ability to operate independent if a cyber security crisis arises.
Cite this Cyber Espionage
Cyber Espionage. (2016, Nov 14). Retrieved from https://graduateway.com/cyber-espionage/