Next wave of security attacks to target governments | Security | News | PC Pro

Quote:

State-sponsored espionage will power the “third wave” of hacking and security threats, according to a report from security firm Sophos. The company's mid-year Security Threat Report found that security experts were remarkably matter-of-fact about the likelihood of state-sponsored web-based espionage and sabotage, with 7% of respondents believing it was acceptable for governments to launch crippling denial of service attacks against another country's communication or financial websites during peace time. There's a third wave of attacks that appear to be written with the express purpose of breaking into specific government departments “The first round of computer hacking and cyber crime was driven by hobbyists, then, where we are now, is the hacking for financial gain,” said Graham Cluley, senior technology consultant at Sophos. “But there's a third wave of attacks that appear to be written with the express purpose of breaking into specific government departments or key companies within foreign governments." “They are certainly increasing and we have seen plenty in the last year, but it's hard to prove that they are state sponsored because they could also be driven by political activists, but it would be naive to think that countries wouldn't be doing this,” he added. The report cited several recent cases of state involvement in cyber disruption, and measures to protect against it, including India imposing strict controls on telecom equipment made in China due to fears that hardware could be compromised with data-stealing components or software. The report also highlighted the UK's intention to form its own equivalent of the US Cyber Command, to be known as the Office for Cyber Security, and the fact that the government has refused to deny that it attacks other countries in cyberspace. What surprised Sophos most about the research – which surveyed 1,000 security professionals on its website – was the attitude of acceptance among respondents, who are normally vocal in their criticism of any form of hacking. “These are people that work in and understand security and are normally miffed about any sort of security threat, so their attitude was a real surprise,” said Cluley. Yet 23% of respondents thought it was acceptable to spy on foreign powers during peace time, with a further 40% feeling internet spying or disruption was fine, but only during war time. However, respondents were less relaxed about spying on foreign companies for economic gain; only 9% of security pros thought this was fair game in peace time, a figure that surged to 68% during a conflict.

We're going to get our arses handed to us in this field, not because we suck at hacking but because we don't approach it in anything like the right way. Information warfare gives an insanely huge advantage to the attacking side, but we're still putting practically all our energy into defensive measures. If the Chinese decide that they want to carry out DOS attacks against us, they're going to do it and there is nothing we can do to stop it, except prove that we can hurt them just as badly. Which we can't, because they have legions of amateurs ready to go at a moment's notice and we haven't.

__________________
Standard disclaimer: the disgusting statements contained in this post are the views of the poster, and unless specified do not represent the views of the moderators or the site's owners.

Eh, so we think. Democracies gotta keep that stuff in the dark, so they can pretend to have the moral high ground over countries like China.

Like "omg china stop exploiting ur workforce"

China "if u dont like it dont outsource ur labor 2 us k?"

US/UK "stfu or ima get u banned from UN"

China "lol noobs w/e"

Actually they do get caught out from time to time. Germany got caught out doing some cyber-espionnage a while back and it's an open secret in France that we've got a big economic intelligence programme going on.

It's still mainly defensive or neutral work, however, because the strategic vision that our governments (and if it comes to that most of the IT guys as well) have is a defensive one. There are some technical problems (an offensive strategy depends on numbers, and it'd have to be kept discreet for PR/legality reasons: contradictory imperatives in other words), but they're not insurmountable (you could get away with running an offensive inforwars programme by saying that it would only be used in times of war, no one would like it but you wouldn't be breaking and rules really), the real problem is this vision that we have of our webspace as a sort of citadel that must be defended against outsiders.

The Chinese vision of it is far more aggressive, not just in terms of DOS attacks but also in terms of misinformation, which seems to be (depite all the hype that the honkers get) their main focus.

__________________
Standard disclaimer: the disgusting statements contained in this post are the views of the poster, and unless specified do not represent the views of the moderators or the site's owners.

Well, ok, yes, but a large part of that comes from the fact that China doesn't have much that people want to steal. While we have lots of things that they want.

Right conclusion, wrong premise.

But I'm talking about war, not theft.

There's no big difference between countries' economic intelligence programmes, sure some are better than others and everyone's got their own specialisation, but there are no real strategic level decisions to be made beyond "to what extent are we going to participate in this?"

__________________
Standard disclaimer: the disgusting statements contained in this post are the views of the poster, and unless specified do not represent the views of the moderators or the site's owners.