The Growing Risk
Large-scale cyber espionage is not new - it is the methods behind it which are becoming more complex and sophisticated, reports Kate O'Flaherty.
Lare-scale cyber espionage is becoming more sophisticated
The ability to remain anonymous – or at least to raise doubt over the identity of the perpetrator – is seeing cyber attacks take increasing preference over physical means. One incident in March saw Ukraine reported to be under cyber attack following the initial physical takeover of the Autonomous Republic of Crimea.
Separately, a group of hackers calling themselves the Russian Cyber Command initiated a true domestic cyber war on Russian military enterprises, threatening that critical infrastructure would be next.
In February 2011, the then-director of the CIA was quoted saying that “the next Pearl Harbour could very well be a cyber attack”. And, in late 2012, Mike McConnell, George W Bush's director of national intelligence, said the nation was waiting “for the cyber equivalent of the collapse of the World Trade Centres”.
Closer to home, it emerged last year that Britain is seeing around 70 sophisticated cyber espionage operations a month against government or industry networks. GCHQ director Sir Iain Lobban told the BBC that business secrets were being stolen on an “industrial scale” and that foreign hackers have penetrated some firms for up to two years. Foreign intelligence services are behind many of these attacks, according to Britain's security service MI5.
A brief history
Cyber espionage and state-sponsored attacks aim to steal secrets and gain knowledge, as well as to bring networks down. In 2007 and 2008, Russia launched cyber attacks against Estonia, pre-empting military intervention in Georgia with massive DDoS attacks.
In 2009, researchers unearthed a large-scale cyber spying operation associated with an advanced persistent threat attack originating from China, codenamed Ghostnet. It infiltrated more than a hundred countries, targeting high-value political, economic and media locations.
Then in 2010, Operation Aurora targeted Google and many other companies to steal intellectual property. Later in 2011, Operation Shady RAT attacked hundreds of governments and companies globally, with a special focus on defence contractors.
But recently, Snowden's revelations have shown that intelligence agencies are fighting back and, like their attackers, they are using malware. This is no surprise, says Calum Macleod, VP of EMEA at Lieberman Software. “You have the minor regional stuff, such as Israel, Hezbollah, Hamas and the Syrian Electronic Army, using botnets, compromised websites, DDoS and whatever they can lay their hands on to get at each other. Throw in Stuxnet, Duqu, Flame, Uroburos, Careto and the many other variants and revelations that the NSA was complicit in cyber espionage is not exactly a ground-breaking revelation.”
Espionage, whether cyber or otherwise, has been part of society for centuries. There is no doubt that cyber espionage hits state and industry; the two are closely aligned, says Andy Crocker, founder of Protect2020. He says China, which aims to be the world's leading economic power by 2020, is the “biggest threat”.
The industry has been predicting a move away from traditional warfare towards cyber for some time, says Jamal Elmellas, technical director at consultancy Auriga. “What's really driving this is China,” he says. “They are by far the biggest advocate for cyber espionage and clearly it's for economic purposes.”