Daily Management Review

As Spying And Crime Tools Mix, Blame Game For Cyber Attacks Grows Murkier


05/31/2017




As Spying And Crime Tools Mix, Blame Game For Cyber Attacks Grows Murkier
On the face of it looked like a menacing new industrial espionage attack by Russian cyber spies and Veteran espionage researcher Jon DiMaggio was hot on its trail three months ago.
 
clues in the programming code indicating its authors were Russian speakers, covert communication channels for grabbing documents, an advanced Trojan horse for stealing data from inside organizations, and targeted phishing emails common to government espionage were all the hallmarks that were there.
 
He found out that he was tracking a lone-wolf cyber criminal and it took weeks before the lead cyber spying investigator at Symantec, a top U.S. computer security firm, figured it out.
 
Saying the case is a run-of-the-mill example of increasing difficulties in separating national spy agency activity from cyber crime, DiMaggio won't identify the name of the culprit, whom he has nicknamed Igor. He said that Transdniestria, a disputed, Russian-speaking region of Moldova, was the place of origin of the hacker.
 
"The malware in question, Trojan.Bachosens, was so advanced that Symantec analysts initially thought they were looking at the work of nation-state actors," DiMaggio told Reuters in a phone interview on Wednesday. "Further investigation revealed a 2017 equivalent of the hobbyist hackers of the 1990s."
 
As tools once only available to government intelligence services find their way into the computer criminal underground, the example highlights the dangers of jumping to conclusions in the murky world of cyber attack and defense.
 
"The attribution problem", using technical evidence to assign blame for cyber attacks in order to take appropriate legal and political responses, id what it is referred to by security experts.
 
Whether Moscow may be attempting to disrupt national elections taking place in coming months across Europe and whether Russia used cyber attacks to influence last year's U.S. presidential elections were the questions that echo through the debate.
 
At the International Conference on Cyber Conflict in Tallin this week, the topic is a big talking point for military officials and private security researchers.
 
"Attribution is almost never a clean, smoking-gun," said Paul Vixie, creator of the first commercial anti-spam service, whose latest firm, Farsight Security, helps firms track down cyber attackers to identify and block them.
 
Cyber security threats were ratcheted to a whole new level after credit for leaking cyber-spying tools that are now being turned to criminal use, including ones used in the recent WannaCry global ransomware attack, were taken by a mystery group calling itself ShadowBrokers which has raised the stakes.
 
And to enable hacking into the world's most used computers, software and phones, ShadowBrokers has threatened to sell more such tools, believed to have been stolen from the U.S. National Security Agency, in recent weeks.
 
"The bar for what's considered advanced is lowered as time goes by," said Sean Sullivan, a security researcher with Finnish cyber firm F-Secure.
 
Last year, at a major airline, an online gambling firm and a Chinese automotive software maker, which are all customers of Symantec products used to secure their business networks, infections popped up and the Moldovan hacker's campaign to steal data and resell it on the web came to light only after such incidents.
 
“Considering the audacity of this attack, the financial rewards for Igor are pretty low,” DiMaggio wrote in a blog post on his findings to be published on Wednesday.
 
In part because the attack singles out only a handful of specific firms rather than the wide-ranging, random attacks used by many cyber criminals to scoop up the greatest number of victims, Symantec rates Trojan.Bachosens as a very low risk virus as a threat.
 
"I think those days are over when we can say in black and white: We know this is an espionage group," DiMaggio said.
 
Calculating that exposing the methods of the attack will be enough to neutralize them, the Symantec researcher has not reported Igor to local authorities.
 
(Source:www.reuters.com) 






Science & Technology

Top ten hi-tech events of the year

Tesla Considering Designing And Developing AI Chips On Its Own To Support Its Auto-Pilot Project

Verizon to introduce 5G in five American cities in 2018

Airbus, Rolls-Royce, Siemens to create an electric aircraft

Study Finds Treatment Efficacy Could Be Sacrificed For Reduced Side Effects In Cancer Therapies By Patients

Some Information About Their Self-Driving Car Research Has Been Disclosed By Apple Scientists For The First Time

A Massive Data Breach Was Covered Up By Uber By Paying Up Hackers

A City Is Can Be Converted To A Living Organism, Showcases China’s Huawei

Workers Would Be Helped To Lift More By These Robotic Vests

British Parliament to assess impact of e-cigarettes

World Politics

World & Politics

15 countries with the highest level of organized crime

Athens agreed with international lenders

EU Pressure Reportedly Forces UK To Bow Down, Could Agree To Pay £50bn For Brexit Divorce

$1 Billion Is The Price For Freedom For Arrested Saudi Prince In Corruption Crackdown: Reports

U.S. Capital Washington Appears To Be In Range Of The Latest Missile Launched By North Korea

Ten biggest fears of millennials

Ireland Cancels The Need Of A Veto For Brexit Summit With Its Solidarity

Separatists of Catalonia are divided over the political course