Government-sponsored cyberattacks on the rise

Governments and allied groups worldwide are using the Internet to spy and launch cyberattacks on their enemies, targeting critical systems including electricity, air traffic control, financial markets, and government computer networks, according to McAfee's annual report examining global cybersecurity.

This year, China has been accused of launching attacks against the United States, India, Germany, and Australia, but the Chinese are not alone: 120 countries including the United States are said to be launching Web espionage operations, according to McAfee's Virtual Criminology Report, issued today and developed with input from NATO, the FBI, the U.K.'s Serious Organized Crime Agency, and various groups and universities.

"Cyber assaults have become more sophisticated in their nature, designed to specifically slip under the radar of government cyber defenses," McAfee states. "Attacks have progressed from initial curiosity probes to well-funded and well-organized operations for political, military, economic, and technical espionage."

One attack against Estonia, allegedly carried out by Russia, disrupted government, news, and bank servers for several weeks in April, McAfee notes. In the United States, a Pentagon computer network allegedly was hacked by China-based perpetrators in June, the McAfee report states.

The Internet is simply a great tool for gathering intelligence, both for world powers like the United States and China and small countries with limited resources, says David Marcus, security research and communications manager at McAfee Avert Labs.
He doesn't think cyberattacks will replace conventional warfare, but says they are becoming an important augmentation, with countries using technology to spread disinformation and disrupt communications. He also predicts it will be common for governments to license cybercriminals to attack enemies in a sort of privatized model. "We're already starting to see that with state-sponsored malware," he says. "I only think you're going to start seeing more than that because it's easier to attack government X's database than it is to nuke their troops."

McAfee said its research also found an increasing threat to banking and other online services, and "the emergence of a complex and sophisticated market for malware." Malware today is more complex than ever before, capable of acting as if it were genetically modified. "These 'super-strength' threats are more resilient, are modified over and over again like recombinant DNA," McAfee writes. "Nuwar [Storm Worm] was the first example, and experts say there will be more examples in 2008."

VoIP is a new target of cybercriminals, and such social-networking applications as MySpace and Facebook are sure to be exploited more often, going forward, McAfee says. NATO insiders say many governments are unaware of the Web espionage threats and have left themselves open to cyberattack.

One aspect that might be overlooked is the economy that distributes the tools of cybercrime. Software flaws are sold for as much as $75,000, and criminals can buy custom-written Trojans designed to steal credit card data. Additionally, McAfee says an "underground economy already includes specialized auction sites, product advertising, and even support services, but now competition is so fierce that 'customer service' has become a specific selling point."

Network World is an InfoWorld affiliate.