Whilst consumers are electing the next major political
leader via crowdsourced populism, governments and companies begin developing
This cyberwarfare is already rife, with a host of malware targeting
middle eastern nations (see end of blog entry).
What is obvious from these developments is that cyberattacks
are the new form of warfare that evades direct hand-to-hand or nuke-to-nuke
Like the classic 1983 film War
Games, you don’t need to have war with weapons anymore, just cyberweapons.
And no nation is immune from attack.
For example, the US was under attack from a Chinese
originating cyberworm in 2010.
Although China denied that this was state funded, this was
slightly undermined by a news report on China Central Television a year later,
which showed a military computer program selecting a “target” — in this
case, a website based in Alabama — and hitting a button labelled “attack.”
It doesn't take much
to imagine the consequences of a successful cyber attack. In a future conflict,
an adversary unable to match our military supremacy on the battlefield might
seek to exploit our computer vulnerabilities here at home. Taking down vital
banking systems could trigger a financial crisis. The lack of clean water or
functioning hospitals could spark a public health emergency. And as we've seen
in past blackouts, the loss of electricity can bring businesses, cities and entire
regions to a standstill. This is the future we
have to avoid. That's why my administration has made cybersecurity a priority,
including proposing legislation to strengthen our nation's digital defenses.
Obama is acutely aware of cyber vulnerabilities because he
got hacked himself.
In May 2012, Barack Obama is quoted as saying: “Between August and October
(2011), hackers gained access to e-mails and a range of campaign files, from
policy position papers to travel plans.
It was a powerful reminder in this information age (that) one of your
greatest strengths — in our case, our ability to communicate to a wide range of
supporters through the Internet — could also be one of your greatest
And there’s the rub.
We continually try to be one step ahead of hackers,
hacktivists, cybercriminals and cyberthreats, but we are actually always one
Like the regulatory conundrum – you can only fix the system
with regulation once you’ve seen it go wrong – the cyber conundrum is very
similar – you can only block the attack once you’ve realised you’re under
Sure, you can protect yourself against possible attacks, but
knowing every nuance of every possibility of every attack?
Can any company claim to be bulletproof?
I don’t think so, especially when it is clear that the
financial system manages the economic viability of nations and is therefore
going to be one of the first lines of attack in national cyberwars.
That was made clear to me when NYSE’s CIO presented at a conference
I chaired a couple of years ago, and said that they had been targeted in a cyberattack at the same time as the
US Department of Defence. The US
Department of Defence had a security breach, NYSE did not.
But were they lucky?
In the latest developments in the Middle East for example,
Kapersky found that the latest malware system attack, Gauss, was specifically
developed by the same people who developed Stuxnet – the system targeted to
breach Iran’s uranium plants. The difference
this time is that Gauss targets bank accounts rather than nuclear plants.
According to Kapersky’s chief security expert Alexander
Gostev: “Gauss targets multiple users in select countries to steal
large amounts of data, with a specific focus on banking and financial
When governments engage in cyberwars that focus upon the
bank system first, there’s going to be a meltdown at some point, and potentially
these developments are far more threatening ot our system than those of the paltry
I’ll let you make your own mind up.
From CNET , a who’s who of malware targeting Middle Eastern nations:
Discovered in June 2010, Stuxnet
is believed to be the first malware targeted specifically at critical
infrastructure systems. It's thought to have been designed to shut down
centrifuges at Iran's Natanz uranium enrichment plant, where stoppages and
other problems reportedly occurred around that time.
worm emerged in September 2011, and researchers say it shares a lot of
code with Stuxnet but is designed for a different purpose: stealing data for
surveillance or other intelligence efforts. It hit computers in Iran but did
not appear to be directed at industrial or critical infrastructures
discovered in May 2012 during Kaspersky Lab's investigation into a virus that
had hit Iranian Oil Ministry computers in April. Kaspersky believes the
malware, which is designed for intelligence gathering, had been in the wild
since February 2010, but CrySyS Lab in Budapest says it could have been around
as far back as December 2007. Most of
the infections were in Iran, but other countries hit were Israel, Sudan, Syria,
Lebanon, Saudi Arabia, and Egypt.
malware was launched around September 2011 and was discovered in June 2012. The
malware was found on computers mostly in Lebanon, Israel, and Palestine,
followed by the U.S. and the United Arab Emirates. Kaspersky says it comes from
the same nation-state "factories" that produced Stuxnet, Duqu, and
There were reports in April about a malware attack shutting down computer
systems at companies in Iran, including the Oil Ministry,
and mentions of a virus called "Wiper". The malware wipes data from
hard drives, placing high priority on those with a .pnf extension, which are
the type of files Stuxnet and Duqu used, and has other behavioural similarities.
It also deletes all traces of itself. As a result, researchers have not been
able to get a sample, but they've reviewed mirror images left on hard drives.
The discovery of Wiper led to the discovery of Flame, which led researchers to
Gauss, according to Schouwenberg.
Mahdi Trojan, discovered in February 2012 and publicly disclosed in July,
is believed to have been used for espionage since December 2011. Mahdi records
keystrokes, screenshots, and audio and steals text and image files. It has
infected computers primarily in Iran, Israel, Afghanistan, the United Arab
Emirates, and Saudi Arabia, including systems used by critical infrastructure
companies, government embassies, and financial services firms.
There are many more instances of such attacks globally.
More than 79 banks have been breached, claimed a hacker on Twitter. Following a data release on Tuesday, he said he has more than 50 gigabytes of U.S. and foreign bank data in his hands.
First, he warned of the security flaw in Iran's banking system. Then he provided them with 1,000 bank account details. When they didn't listen, he hacked 3 million accounts across at least 22 banks.
Global Payments, the credit and debit card processor that disclosed a breach of its systems late Friday, said in a statement Sunday that the incident involved at least 1.5 million accounts. The news comes hours ahead of a planned conference call with investors, and after Visa said it had pulled its seal of approval for the company.
Heartland, a Princeton, N.J.-based provider of credit and debit card processing services, said that unknown intruders had broken into its systems sometime last year and planted malicious software to steal card data carried on the company's networks.
Thieves may have the credit and debit card details of a million TK Maxx customers. The American firm which owns the cutprice designer goods store said details from about 45.7million cards have been stolen in total in the world's biggest card theft.
A cyber fiction: a story of a cyberattack on Wall Street from the Finanser, March 2012:
Shaiming Zheng had finally finished his masterpiece. He had created a worm that would infiltrate the heart of the American dream: Wall Street.
NYSE claim that their servers are bullet proof, and can survive attacks that are even more viral and malevolent than those that would target the US defence systems.
But they were wrong and Shaiming had the means to prove it.
His program would not only find its way into the NYSE system through the back door, via what would appear to be an official trade by Goldman Sachs on their high frequency trading platform, but it would worm its way into the DTCC clearing system.
Once in the clearing system, it would bring down America.
Shaiming was using a shadow trade to allow his worm to work its evil magic.
First, the system would create a request for quote via Goldman Sachs.
Once the order was filled by a reciprocal trade fill on the NYSE exchange, the shadow trade would be passed through for clearing via the DTCC.
At this point, the shadow would unleash the worm, which would then begin to infiltrate every settlement of trades on the DTCC systems thereafter.
It is something that was unthinkable as, until discovered, it would mean that all trading in the American stock exchange systems – not just NYSE, but NASDAQ and more – would be disrupted and potentially forever flawed as the DTCC carry all the payments and settlement for all trading in American stocks and derivatives.
It would bring down the system.
That was the intention and that was what Shaiming believed he had built.
And it had been so easy to achieve as he was not attacking the DTCC or the NYSE system, but Goldman Sachs and, thanks to the powers that be, it had been easy when he found his ally, Serby Alyenko.
Serby had been convicted of stealing proprietary information from Goldman Sachs about their trading platform in 2010.
This conviction had been overturned in 2012 but, what the court didn’t know, is that Shaiming and his paymasters had paid Serby $10 million to get the information they needed.
Serby had not been stealing trade secrets about Goldmans trading platforms at all.
What he had really been doing was to create the gateway on the platform for Shaiming to plant his worm on their system.
Thank you Sergey.
Shaiming pressed the button and held his breath.
The worm was on its way.
Would it reach its target?
This is the fourth entry in a series about Hacktivism: