Home / Case Studies / Cyberwars: a far bigger threat than hacktivists

Cyberwars: a far bigger threat than hacktivists

Whilst consumers are electing the next major political
leader via crowdsourced populism, governments and companies begin developing
cyberarms.

This cyberwarfare is already rife, with a host of malware targeting
middle eastern nations (see end of blog entry).

What is obvious from these developments is that cyberattacks
are the new form of warfare that evades direct hand-to-hand or nuke-to-nuke
combat.

Like the classic 1983 film War
Games
, you don’t need to have war with weapons anymore, just cyberweapons.

And no nation is immune from attack. 

For example, the US was under attack from a Chinese
originating cyberworm in 2010.

Although China denied that this was state funded, this was
slightly undermined by a news report on China Central Television a year later,
which showed a military computer program selecting a “target” — in this
case, a website based in Alabama — and hitting a button labelled “attack.”

Maybe that’s why Hillary Clinton now wants the US
and China to collaborate on cybersecurity for the future and why Barack Obama took time out to write this in the Wall Street Journal in July 2012:

It doesn't take much
to imagine the consequences of a successful cyber attack. In a future conflict,
an adversary unable to match our military supremacy on the battlefield might
seek to exploit our computer vulnerabilities here at home. Taking down vital
banking systems could trigger a financial crisis. The lack of clean water or
functioning hospitals could spark a public health emergency. And as we've seen
in past blackouts, the loss of electricity can bring businesses, cities and entire
regions to a standstill.  
This is the future we
have to avoid. That's why my administration has made cybersecurity a priority,
including proposing legislation to strengthen our nation's digital defenses.

Obama is acutely aware of cyber vulnerabilities because he
got hacked himself.

In May 2012, Barack Obama is quoted as saying: “Between August and October
(2011), hackers gained access to e-mails and a range of campaign files, from
policy position papers to travel plans. 
It was a powerful reminder in this information age (that) one of your
greatest strengths — in our case, our ability to communicate to a wide range of
supporters through the Internet — could also be one of your greatest
vulnerabilities.”

And there’s the rub.

We continually try to be one step ahead of hackers,
hacktivists, cybercriminals and cyberthreats, but we are actually always one
step behind.

Like the regulatory conundrum – you can only fix the system
with regulation once you’ve seen it go wrong – the cyber conundrum is very
similar – you can only block the attack once you’ve realised you’re under
attack.

Sure, you can protect yourself against possible attacks, but
knowing every nuance of every possibility of every attack?

Can any company claim to be bulletproof?

I don’t think so, especially when it is clear that the
financial system manages the economic viability of nations and is therefore
going to be one of the first lines of attack in national cyberwars.

That was made clear to me when NYSE’s CIO presented at a conference
I chaired a couple of years ago, and said that they had been targeted in a cyberattack at the same time as the
US Department of Defence.  The US
Department of Defence had a security breach, NYSE did not.

But were they lucky?

In the latest developments in the Middle East for example,
Kapersky found that the latest malware system attack, Gauss, was specifically
developed by the same people who developed Stuxnet – the system targeted to
breach Iran’s uranium plants.  The difference
this time is that Gauss targets bank accounts rather than nuclear plants.

According to Kapersky’s chief security expert Alexander
Gostev:
“Gauss targets multiple users in select countries to steal
large amounts of data, with a specific focus on banking and financial
information.”

When governments engage in cyberwars that focus upon the
bank system first, there’s going to be a meltdown at some point, and potentially
these developments are far more threatening ot our system than those of the paltry
hacktivists.

I’ll let you make your own mind up.

 

From CNET , a who’s who of malware targeting Middle Eastern nations:

Stuxnet

 Discovered in June 2010, Stuxnet
is believed to be the first malware targeted specifically at critical
infrastructure systems
. It's thought to have been designed to shut down
centrifuges at Iran's Natanz uranium enrichment plant, where stoppages and
other problems reportedly occurred around that time. 

Duqu

 The Duqu
worm
 emerged in September 2011, and researchers say it shares a lot of
code with Stuxnet but is designed for a different purpose: stealing data for
surveillance or other intelligence efforts. It hit computers in Iran but did
not appear to be directed at industrial or critical infrastructures
specifically.

Flame

Flame was
discovered in May 2012 during Kaspersky Lab's investigation into a virus that
had hit Iranian Oil Ministry computers in April. Kaspersky believes the
malware, which is designed for intelligence gathering, had been in the wild
since February 2010, but CrySyS Lab in Budapest says it could have been around
as far back as December 2007.  Most of
the infections were in Iran, but other countries hit were Israel, Sudan, Syria,
Lebanon, Saudi Arabia, and Egypt.

Gauss

"Gauss"
malware was launched around September 2011 and was discovered in June 2012. The
malware was found on computers mostly in Lebanon, Israel, and Palestine,
followed by the U.S. and the United Arab Emirates. Kaspersky says it comes from
the same nation-state "factories" that produced Stuxnet, Duqu, and
Flame.

Wiper

There were reports in April about a malware attack shutting down computer
systems at companies in Iran, including the Oil Ministry,
and mentions of a virus called "Wiper". The malware wipes data from
hard drives, placing high priority on those with a .pnf extension, which are
the type of files Stuxnet and Duqu used, and has other behavioural similarities.
It also deletes all traces of itself. As a result, researchers have not been
able to get a sample, but they've reviewed mirror images left on hard drives.
The discovery of Wiper led to the discovery of Flame, which led researchers to
Gauss, according to Schouwenberg.

Mahdi

The data-stealing
Mahdi Trojan
, discovered in February 2012 and publicly disclosed in July,
is believed to have been used for espionage since December 2011. Mahdi records
keystrokes, screenshots, and audio and steals text and image files. It has
infected computers primarily in Iran, Israel, Afghanistan, the United Arab
Emirates, and Saudi Arabia, including systems used by critical infrastructure
companies, government embassies, and financial services firms.

There are many more instances of such attacks globally.

 


June 2012

Hacker claims mass bank breach; releases Visa, Mastercard data

More than 79 banks have been breached, claimed a hacker on Twitter. Following a data release on Tuesday, he said he has more than 50 gigabytes of U.S. and foreign bank data in his hands.

April 2012

3 million bank accounts hacked in Iran

First, he warned of the security flaw in Iran's banking system. Then he provided them with 1,000 bank account details. When they didn't listen, he hacked 3 million accounts across at least 22 banks.

April 2012

Global Payments: 1.5MM Cards ‘Exported’

Global Payments, the credit and debit card processor that disclosed a breach of its systems late Friday, said in a statement Sunday that the incident involved at least 1.5 million accounts. The news comes hours ahead of a planned conference call with investors, and after Visa said it had pulled its seal of approval for the company.

January 2009

Heartland data breach could be bigger than TJX's

Heartland, a Princeton, N.J.-based provider of credit and debit card processing services, said that unknown intruders had broken into its systems sometime last year and planted malicious software to steal card data carried on the company's networks.

March 2007

TK Maxx card hackers target 45m customers in 'biggest ever' heist 

Thieves may have the credit and debit card details of a million TK Maxx customers.  The American firm which owns the cutprice designer goods store said details from about 45.7million cards have been stolen in total in the world's biggest card theft.

 

A cyber fiction: a story of a cyberattack on Wall Street from the Finanser, March 2012:

Shaiming Zheng had finally finished his masterpiece.  He had created a worm that would infiltrate the heart of the American dream: Wall Street.

Like the Israeli Stuxnet attack on the Iranian nuclear facilities in 2010, Shaiming had been hired to achieve the same result on the New York Stock Exchange (NYSE).

NYSE claim that their servers are bullet proof, and can survive attacks that are even more viral and malevolent than those that would target the US defence systems.

But they were wrong and Shaiming had the means to prove it.

His program would not only find its way into the NYSE system through the back door, via what would appear to be an official trade by Goldman Sachs on their high frequency trading platform, but it would worm its way into the DTCC clearing system.

Once in the clearing system, it would bring down America.

Shaiming was using a shadow trade to allow his worm to work its evil magic.

First, the system would create a request for quote via Goldman Sachs.

Once the order was filled by a reciprocal trade fill on the NYSE exchange, the shadow trade would be passed through for clearing via the DTCC.

At this point, the shadow would unleash the worm, which would then begin to infiltrate every settlement of trades on the DTCC systems thereafter.

It is something that was unthinkable as, until discovered, it would mean that all trading in the American stock exchange systems – not just NYSE, but NASDAQ and more – would be disrupted and potentially forever flawed as the DTCC carry all the payments and settlement for all trading in American stocks and derivatives.

It would bring down the system.

That was the intention and that was what Shaiming believed he had built.

And it had been so easy to achieve as he was not attacking the DTCC or the NYSE system, but Goldman Sachs and, thanks to the powers that be, it had been easy when he found his ally, Serby Alyenko.

Serby had been convicted of stealing proprietary information from Goldman Sachs about their trading platform in 2010.

This conviction had been overturned in 2012 but, what the court didn’t know, is that Shaiming and his paymasters had paid Serby $10 million to get the information they needed.

Serby had not been stealing trade secrets about Goldmans trading platforms at all.

What he had really been doing was to create the gateway on the platform for Shaiming to plant his worm on their system.

Thank you Sergey.

Shaiming  pressed the button and held his breath.

The worm was on its way.

Would it reach its target?

 

This is the fourth entry in a series about Hacktivism:

About Chris M Skinner

Chris M Skinner
Chris Skinner is best known as an independent commentator on the financial markets through his blog, the Finanser.com, as author of the bestselling book Digital Bank, and Chair of the European networking forum the Financial Services Club. He has been voted one of the most influential people in banking by The Financial Brand (as well as one of the best blogs), a FinTech Titan (Next Bank), one of the Fintech Leaders you need to follow (City AM, Deluxe and Jax Finance), as well as one of the Top 40 most influential people in financial technology by the Wall Street Journal’s Financial News. To learn more click here...

Check Also

Ben Milne 2

An interview with Ben Milne, Founder and CEO of Dwolla

As my readers will know, I regularly interview innovators of start-ups and banks of how …

3 comments

  1. How would we know when government and industry are working together on cyber-crime? A realistic comparison would be burglary insurance. People contract with insurers in commercial terms they understand, with contracts they know and financial risks and rewards they can analyse. A realistic economic goal for government is to create a framework where insurers want to write cyber-crime business, because they know it pays.
    Readers may be interested to note that Z/Yen has produced a UK proposal for cyber reinsurance in order to provide market impetus for improvement – http://www.zyen.com/PDF/Cyber%20Reinsurance.pdf

  2. Chris, your blogg is becoming essential reading, excellent. Peter

  3. You’re too kind Peter

Click on a tab to select how you'd like to leave your comment

Leave a Reply

Your email address will not be published. Required fields are marked *