Cyber espionage: The Spy Who Hacked Me…

by June 20, 2017 0 comments

Cyber espionage, a term that describes the stealing of secrets stored in digital formats or on computers and IT networks. Cyber espionage is an unauthorized spying by computer.

The term generally refers to the deployment of viruses that destroy data in the computer systems of government agencies and large enterprises.

Cyber spying is the act of engaging in an attack or series of attacks that let an unauthorized user or users view classified material.

The goal is typically to acquire intellectual property or government secrets. Attacks can be motivated by greed or profit, and can be used in conjunction with a military operation or as an act of terrorism. Consequences can range from loss of competitive advantage to loss of materials, data, infrastructure, or loss of life.

The traditional methods of espionage are things of the past. Now most of the crucial and sensitive information and data are stored on computers and electronic devices. Naturally, computers and information and communication technology (ICT) associated with government and companies are the primary target of those seeking espionage in the modern era. This process of infiltration and breach of sensitive and top secret government and corporate computers is known as cyber espionage.

Cyber espionage in India is not a new concept but has been in existence since last decade. Further, cyber espionage may be done by an insider or an outsider by exploiting the vulnerabilities in the cyber security of an organization. The real problem is that cyber espionage is inexpensive and relatively easy to commit and it is also very difficult to prove with absolute certainty.

Protection against Cyber Espionage

Cyber espionage attacks can result in damaged reputations and stolen data, including personal and private information. Cyber attacks targeted at the government may cause military operations to fail, and can also result in lives lost due to leaked classified information. What exactly is it that cyber-criminals look for when planning an attack?

Common targets include:

*Internal data – Operations, salaries, research and development.

*Intellectual property – Top-secret projects, formulas, plans or other kinds of private data. Anything an attacker could sell or use to their own benefit.

*Client and customer information – Who are the clients of this organization; How much are they paying, and for what services?

*Marketing and competitive intelligence – Short and long-range marketing goals and competitor knowledge.

Businesses often consider loss of data as a primary concern, but a damaged reputation can be just as troubling. If an organization allows its infrastructure to be used to enable or foster cyber espionage, they can put themselves at risk – not just from the attackers, but from clients and shareholders, as well.

Organizations are responsible for protecting their client’s data. An attack, even a small one, could have a negative impact on future clientele.

Did they (the organization) follow the best security practices? Do they have the necessary records to support their claims? If not, there could be legal consequences. They could even become the target of scarring viral social media campaigns. Damage to a company’s reputation could take years to repair.

If we analyze the cyber attacks trends against India for the past few years it would be apparent that the frequency and sophistication of various cyber attacks has significantly increased. This has been well analyzed and documented by the cyber security developments of India 2015 and cyber security trends in India 2016 by Perry4Law Organisation (P4LO). Sophisticated cyber espionage malware like Uroburos/Snake, FinFisher, etc are easily defeating the cyber security safeguards.

The global cyber espionage operation named SafeNet was discovered in the year 2013 that infected computers across the globe.

Another area of concern is the absence of adequate cyber security of e-governance services in India. Indian government is pushing its Digital India project without any civil liberties and cyber security safeguards. For instance, we have inadequate cyber security for smart grids, smart cities, critical infrastructures, nuclear facilities, satellites, governmental informatics infrastructures, defense networks, etc and Digital India cannot succeed in the absence of a robust and resilient cyber security for these critical infrastructures.

We do not have an implementable cyber attacks crisis management plan of India that can be relied upon in case of a sophisticated cyber attack.

Factors for avoiding cyber espionage attacks

First off, the attacks that are targeted are usually invisible to current security measurements and undetectable by even the most up-to-date anti-malware solutions.

This is, of course, not a reason to stop using anti-malware software, as it continues to be a line of defense that can still help you identify and remove threats.

Also, anti-malware software is getting smarter and new(er) versions may be able to detect the threats purely based on behavioral detection, but even if it doesn’t, when the signature database is updated with entries covering the threat, you may suddenly find that your network has been affected. Even though the system was compromised, and data may have been leaking, at least you now know you have a problem and you can start a proper damage assessment and begin issuing remediation protocols.

More often than not, these attacks have been built with information from the inside, which allows hackers to smoothen the point of entry into your environment.

So, to properly protect your company and its assets in the best ways possible against these potential espionage attacks that are trying to steal your intellectual property, it is imperative that you will have to take additional actions and precautions.

1. Data Policy: You need to look at who is allowed to access to critical information.

In many cases the data holding the intellectual property is readily available on the network for many people and is easily accessible.

2. Bring Your Own Device (BYOD): an entire topic by itself. BYOD may seem like an inexpensive solution, but in the end it may cause you more problems than it is worth.

You do not know where the device has been, what kinds of software have been installed on it, if copied material has been downloaded to it, etc. If you do support

BYOD, at the very least you need to enforce that management/maintenance software has to be installed. Also make sure that some kind of Device Control Mechanism

is in place that will safeguard against data leakage. Not only can it only allow certain (USB) devices to be inserted, it will also encrypt the data.

When the data is later used on another system inside the company’s environment, the data will automatically be decrypted 7mdash; and thus usable but when copied to a system that does not have the Device Control Mechanism installed, it will be useless.

3. Protect your critical infrastructure: separate the network with the intellectual property from the corporate network and only allow access to that network to individuals who need to have access. But you will have to go further than that. Documenting and deciding who is allowed to work on that network and have physical access to locations that can reach that network needs to be determined. Even if you have security clearance screening for employees that can access to these areas, are you sure external companies do the same (e.g. employees of the company cleaning the office)? Or the mechanic of specialized hardware company you hired who is coming from the supplier to perform maintenance? And how about the laptop he connects to the hardware to monitor the proper working order of the hardware (getting back to BYOD)?

 

4. Monitor for unexpected behavior. This is by far the most difficult one as you never know what to look for.

In a recent case (ACAD/Medre.A) where industrial espionage is suspected, the malware was sending copies of blueprints via SMTP to an email address in China.

There is no reason for ANY code to have mail-sending capabilities other than to the corporate Mail Transfer Agent. With the correct firewall settings (and alert-system), the transmissions should have been noted and prevented. Given the tens of thousands of leaked blueprints we can safely assume that implementation of basic monitoring measurements is not in place in many organizations. In other situations, frequent connections on weird ports to a single (or a small set of) IP address(es) again may indicate something is wrong.

 

Pavan Duggal, Cyber Law Expert in talking to PC Quest said, “There are many risks associated with Cyber espionage. There is risk of leaving behind the electronic foot prints because when you do cyber espionage you are hiking into other’s system, so the very first challenge will be not to leave behind the footprints”.

On Cyber espionage challenges

“There are challenges. The biggest one is how do you get the investigations done in these cases?

The proceedings and things like that, as many of the times you will not get the exact evidence to showcase or to lead the investigation for the same. It’s getting difficult in convictions”.

Seriousness of Cyber espionage cases

“It’s a very serious problem for the government, also anybody can be the target of cyber espionage apart from country level attacks, Corporate, government sectors and even individuals. There is need for everyone to realize this as soon as possible”.

Be Aware

“We need to talk about cyber espionage more and more as this has been under the carpet so far. This should be the priority now”.

Motivations behind hacking

“Motivation to these attacks could be access to data, access to confidential information, misusing the same for the variety of misusage”.

The increasing volume

“Volume of these attacks will keep on increasing, laws are very weak here, conviction on this matter also takes time”.

What about Cyber arms?

“The technology has to develop more. Cyber interest should be improved and increased. Cyber arm development is still under process may be in the country”.

Preventions on the matter

“Preventions could be people have to constantly update security levels. Consistency should be there. Corporate sector also needs to take care about the preventions and yes these has to be simple”.

Famous cyber-attack in recent years:

  1. The most famous cyber-attack in recent years has been the Stuxnet virus, which was discovered in 2010. Stuxnet specifically targeted Iranian nuclear facilities and was designed to take over computer systems that control and monitor physical hardware in these facilities. Stuxnet was a surprise because it was highly sophisticated and because it was the first major cyber-attack that could inflict damage on the physical world as well as the digital world.
  2. Russia has also been using cyber espionage against the United States for many years. One example of this is the Moonlight Maze virus, discovered in late 1999. This virus had spent two years stealing confidential information from the Department of Defense, the Department of Energy, NASA, and military contractors. This may seem like ancient history, but another attack, the so-called “Red October” malware, was discovered as recently as 2012. This malware exploited vulnerabilities in Microsoft Word and Excel to infiltrate computer systems of foreign nations and gather secure data.
  3. Canadian researchers in late March, 2009 revealed that a cyber-spy network had broken into diplomatic computer systems involving 103 different countries.  Beijing denied any official involvement, but the investigation had begun when the Dalai Lama, Tibet’s leader-in-exile, noticed that sensitive documents from his own PCs had turned up in Chinese hands.
  4. In early April, 2009 unnamed government officials told a local Journal that cyberspies from China and Russia had broken into computer systems used by companies maintaining the three North American electrical grids. Even worse, the spies had left behind software that could be used to disrupt the grids or take control of nuclear power plants. Chinese and Russian officials denied their governments were involved.

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

<