Daily Management Review

As Spying And Crime Tools Mix, Blame Game For Cyber Attacks Grows Murkier


05/31/2017




As Spying And Crime Tools Mix, Blame Game For Cyber Attacks Grows Murkier
On the face of it looked like a menacing new industrial espionage attack by Russian cyber spies and Veteran espionage researcher Jon DiMaggio was hot on its trail three months ago.
 
clues in the programming code indicating its authors were Russian speakers, covert communication channels for grabbing documents, an advanced Trojan horse for stealing data from inside organizations, and targeted phishing emails common to government espionage were all the hallmarks that were there.
 
He found out that he was tracking a lone-wolf cyber criminal and it took weeks before the lead cyber spying investigator at Symantec, a top U.S. computer security firm, figured it out.
 
Saying the case is a run-of-the-mill example of increasing difficulties in separating national spy agency activity from cyber crime, DiMaggio won't identify the name of the culprit, whom he has nicknamed Igor. He said that Transdniestria, a disputed, Russian-speaking region of Moldova, was the place of origin of the hacker.
 
"The malware in question, Trojan.Bachosens, was so advanced that Symantec analysts initially thought they were looking at the work of nation-state actors," DiMaggio told Reuters in a phone interview on Wednesday. "Further investigation revealed a 2017 equivalent of the hobbyist hackers of the 1990s."
 
As tools once only available to government intelligence services find their way into the computer criminal underground, the example highlights the dangers of jumping to conclusions in the murky world of cyber attack and defense.
 
"The attribution problem", using technical evidence to assign blame for cyber attacks in order to take appropriate legal and political responses, id what it is referred to by security experts.
 
Whether Moscow may be attempting to disrupt national elections taking place in coming months across Europe and whether Russia used cyber attacks to influence last year's U.S. presidential elections were the questions that echo through the debate.
 
At the International Conference on Cyber Conflict in Tallin this week, the topic is a big talking point for military officials and private security researchers.
 
"Attribution is almost never a clean, smoking-gun," said Paul Vixie, creator of the first commercial anti-spam service, whose latest firm, Farsight Security, helps firms track down cyber attackers to identify and block them.
 
Cyber security threats were ratcheted to a whole new level after credit for leaking cyber-spying tools that are now being turned to criminal use, including ones used in the recent WannaCry global ransomware attack, were taken by a mystery group calling itself ShadowBrokers which has raised the stakes.
 
And to enable hacking into the world's most used computers, software and phones, ShadowBrokers has threatened to sell more such tools, believed to have been stolen from the U.S. National Security Agency, in recent weeks.
 
"The bar for what's considered advanced is lowered as time goes by," said Sean Sullivan, a security researcher with Finnish cyber firm F-Secure.
 
Last year, at a major airline, an online gambling firm and a Chinese automotive software maker, which are all customers of Symantec products used to secure their business networks, infections popped up and the Moldovan hacker's campaign to steal data and resell it on the web came to light only after such incidents.
 
“Considering the audacity of this attack, the financial rewards for Igor are pretty low,” DiMaggio wrote in a blog post on his findings to be published on Wednesday.
 
In part because the attack singles out only a handful of specific firms rather than the wide-ranging, random attacks used by many cyber criminals to scoop up the greatest number of victims, Symantec rates Trojan.Bachosens as a very low risk virus as a threat.
 
"I think those days are over when we can say in black and white: We know this is an espionage group," DiMaggio said.
 
Calculating that exposing the methods of the attack will be enough to neutralize them, the Symantec researcher has not reported Igor to local authorities.
 
(Source:www.reuters.com) 






Science & Technology

Predicting A Patient’s Death Might Be Possible With Google’s Machine Learning Tool

Are online DNA databases dangerous?

Uber will identify drunk passengers

Experts found how automation will change markets

World's First Dedicated XR Platform Launched By Qualcomm

Hamburg becomes the first German city to ban old diesels

Hundreds Of Thousands Of Routers Have Been Hacked By Russians, Warns The FBI

Chinese Study Claims Heart Diseases Can Be Reduced By Having An Egg A Day

Asteroid mining: Reality or fiction?

3D Printing Used For Life Saving Kidney Transplant In Two Year Old At U.K. NHS

World Politics

World & Politics

USA launches the third round of the trade war with China

Italy says No to refugees

German experts: There’s no end to wars

G7 Picture Reveals Tensions Between U.S. And Its Close Allies

Pope Addresses The Oil & Gas Giants To ‘Respect’ COP21 Deal

G7 Does Not Welcome Russia: German Official

Trump-Kim Jong Un Meeting To Take Place, Confirms US President

US Official Claims Over 5,000 Tips Received On H-1B Visa Fraud