Daily Management Review

As Spying And Crime Tools Mix, Blame Game For Cyber Attacks Grows Murkier


05/31/2017




As Spying And Crime Tools Mix, Blame Game For Cyber Attacks Grows Murkier
On the face of it looked like a menacing new industrial espionage attack by Russian cyber spies and Veteran espionage researcher Jon DiMaggio was hot on its trail three months ago.
 
clues in the programming code indicating its authors were Russian speakers, covert communication channels for grabbing documents, an advanced Trojan horse for stealing data from inside organizations, and targeted phishing emails common to government espionage were all the hallmarks that were there.
 
He found out that he was tracking a lone-wolf cyber criminal and it took weeks before the lead cyber spying investigator at Symantec, a top U.S. computer security firm, figured it out.
 
Saying the case is a run-of-the-mill example of increasing difficulties in separating national spy agency activity from cyber crime, DiMaggio won't identify the name of the culprit, whom he has nicknamed Igor. He said that Transdniestria, a disputed, Russian-speaking region of Moldova, was the place of origin of the hacker.
 
"The malware in question, Trojan.Bachosens, was so advanced that Symantec analysts initially thought they were looking at the work of nation-state actors," DiMaggio told Reuters in a phone interview on Wednesday. "Further investigation revealed a 2017 equivalent of the hobbyist hackers of the 1990s."
 
As tools once only available to government intelligence services find their way into the computer criminal underground, the example highlights the dangers of jumping to conclusions in the murky world of cyber attack and defense.
 
"The attribution problem", using technical evidence to assign blame for cyber attacks in order to take appropriate legal and political responses, id what it is referred to by security experts.
 
Whether Moscow may be attempting to disrupt national elections taking place in coming months across Europe and whether Russia used cyber attacks to influence last year's U.S. presidential elections were the questions that echo through the debate.
 
At the International Conference on Cyber Conflict in Tallin this week, the topic is a big talking point for military officials and private security researchers.
 
"Attribution is almost never a clean, smoking-gun," said Paul Vixie, creator of the first commercial anti-spam service, whose latest firm, Farsight Security, helps firms track down cyber attackers to identify and block them.
 
Cyber security threats were ratcheted to a whole new level after credit for leaking cyber-spying tools that are now being turned to criminal use, including ones used in the recent WannaCry global ransomware attack, were taken by a mystery group calling itself ShadowBrokers which has raised the stakes.
 
And to enable hacking into the world's most used computers, software and phones, ShadowBrokers has threatened to sell more such tools, believed to have been stolen from the U.S. National Security Agency, in recent weeks.
 
"The bar for what's considered advanced is lowered as time goes by," said Sean Sullivan, a security researcher with Finnish cyber firm F-Secure.
 
Last year, at a major airline, an online gambling firm and a Chinese automotive software maker, which are all customers of Symantec products used to secure their business networks, infections popped up and the Moldovan hacker's campaign to steal data and resell it on the web came to light only after such incidents.
 
“Considering the audacity of this attack, the financial rewards for Igor are pretty low,” DiMaggio wrote in a blog post on his findings to be published on Wednesday.
 
In part because the attack singles out only a handful of specific firms rather than the wide-ranging, random attacks used by many cyber criminals to scoop up the greatest number of victims, Symantec rates Trojan.Bachosens as a very low risk virus as a threat.
 
"I think those days are over when we can say in black and white: We know this is an espionage group," DiMaggio said.
 
Calculating that exposing the methods of the attack will be enough to neutralize them, the Symantec researcher has not reported Igor to local authorities.
 
(Source:www.reuters.com) 






Science & Technology

Porsche, Boeing set to develop flying electric car

Samsung to invest $ 11 billion in new generation displays

US is betting on Nokia and Ericsson to replace Huawei

UPS becomes first to receive full regulatory approval for UAV shipping in USA

NASA orders Lockheed Martin to build spacecraft to fly to the Moon

Hyundai to create joint venture for unmanned vehicles

Bain & Company: E-wallets and cheaper transactions are new payment trends

Is UAV drone industry falling into decay?

UK Scotland Yard employs AI to deal with frauds

US sets to fight robocalls outbreak

World Politics

World & Politics

Dominican Republic lost $ 200 million because of scandal with tourists death

France: We will take measures to protect our military in Syria

Paralyzed Hong Kong: Protests don't fade

Johnson unveils Brexit compromise deal considering Irish issue

African swine fever at Europe’s borders: time for an embargo?

Saudi Crown Prince Says Khashoggi’s Murder Happened Under His Watch

Will Merkel restore her "Climate Chancellor" image?

Venezuelan opposition to receive $ 52 mln from USA