Conflict in the Digital Age
As a veteran, I think back to times when the enemy was easily recognized. Sometimes by headgear, others by uniform, but mostly by position. “The enemy is over there” soldiers would say as the pointed to some spot or general locale.
Today, it is not so easy as we fight two fronts, the war on the citizens and the war on our governments.
In the early days of cyber-crime, the enemy was like us, just another faceless name as we read a missal from joesmith7642@aol.com inviting us to look at thei great site!
Then came the dreaded “What the hell is happening to my computer? Why can’t I get away from this page?” And the dreaded “Oh Crap!” as the system would not boot up and the message that track zero was not to be found displayed prominently in the middle of the monitor screen.
Luckily, many of us have become more astute in detecting something that is “not quite right” with an email from a friend(?). Many are just scams for all our money, but others are extremely malicious, and in the overall scheme of things, we are under attack from our own governments, sworn to protect us.
Cyber war has no blood and guts, no coffins to be unloaded, no real generals. Government and corporate America, have departments dedicated to communication security, but when it comes right down to it, there are only two. Two hackers sitting with their computers, slugging it out, toe to toe (metaphorically speaking) to find out just how good the other person is and how well they know their software and hardware.
According to the most recent report (October 2011) from SECURELIST website1,
Monthly Malware Statistics: October 2011
October in figures
The following statistics were compiled in October using data collected from computers running Kaspersky Lab products:
161,003,697 network attacks were blocked;
72,207,273 web-borne infections were prevented;
205,822,404 malicious programs were detected and neutralized on user computers;
80,900,079 heuristic verdicts were registered.
SECURELIST is an interesting website to be sure. However, there is more than just statistics to consider. Consider the following bullets on their page:
The cybercriminals’ new bag of tricks
Duqu – the new Stuxnet
The month’s top story was the detection of the Duqu Trojan and its apparent connection with Stuxnet, the first well-known example of a cyber-weapon. Experts at Hungary’s Crysys research lab found numerous similarities in the coding of Duqu and Stuxnet. These striking parallels suggest that they were both written by the same group of people, or that the Stuxnet source code was used. Despite many rumors to the contrary, the Stuxnet code has not been made publically available.
Attacks on individual users
Bundestrojan: permissible limits
This section describes one of the newest war, German police against Joe and Jane Citizen.
A major scandal erupted in Germany in October following the discovery of a backdoor used by the German police to intercept voice traffic and messages from suspects’ computers. There was an outcry not only because five federal states confirmed the use of the Trojan but also because the country’s federal laws only allow law enforcement agencies to intercept suspects’ Skype traffic, while the Trojan was capable of spying on many other types of programs.
Mobile threats: Android leads the way
Statistics
October also saw some major incidents in the world of mobile threats. According to our statistics, the total number of malicious programs for Android has now outstripped that for Java 2 Micro Edition (it had already done so with regards to Symbian by mid-summer). Over the last two years malware for J2ME has been the most prevalent among mobile threats. We’ve written several times about the reasons for this, so won’t go into the details here. However, this dramatic growth suggests that virus writers are likely to concentrate on Android malware – at least for the foreseeable future.
By the close of the month we had detected 1,916 malicious programs for Android belonging to 92 malware families. 1,610 variations from 60 families were detected for J2ME.
This last bullet hit very close to home as I have an Android and I use it extensively for web browsing, and email.
I recently went into my carrier’s place of business because I had a problem I could not undo. The sales person, a sweet young thing, in early twenties, buxom and almost dressed, told me that I “did not need this virus checker on my phone, as the system does it’s own. Luckily, being a somewhat older male and for the most part, not intimidated either by voice or by bodily parts, I informed her that I had been using computers longer than she had been on the earth and I’ll keep it on there.” As of the end of October, the total number of mobile threats detected stood at 4,053 variations from 289 families and 46.9 percent hit Android, 40 percent for J2ME and the rest scattered over Symbian, Windows Mobile and others
On the war against our government front, an article by Kendra Srivastava, dated Mon November 07, 2011 at 5:11 pm on the website Mobiledia2 discusses the plans of the Pentagon to “stress the importance of offensive tactics in the emerging realm of cyber-attacks, as they struggle to set guidelines for online warfare.”
In its first-ever symposium, according to Srivastava ,the Defense Advanced Research Projects Agency, or DARPA, discussed how the U.S. military can better protect itself from foreign-backed hackers.
Putting the problem in perspective, DARPA's director, Regina Dugan, said “the agency will work to develop offensive cyber capabilities as well as maintaining defensive lines as modern warfare will demand cyber and kinetic, bullets, bombs and troops, defenses.”
“No one has yet said exactly what the term "offensive" may mean in cyberspace. But the U.S. government and computer experts will likely continue to discuss the complicated matter for some time as they outline a comprehensive strategy” writes Srivastava.
So, as a veteran with a 2-oak-leaf-cluster GCM, Good Conduct Medal, why should I be concerned about my government and the [ab]use of cyberspace?
Because today, everyone is a suspect, even me.
Bibliography
1. http://www.securelist.com/en/analysis/204792200/Monthly_Malware_Statistics_October_2011
2. http://www.mobiledia.com/news/115529.html
No comments:
Post a Comment