India 16 August 2016: Cyber Terrorism sends shivers down the spine to the best of the best CISOs, however when we look into the murky world of Exploit Kits, Malwares and APTs, we find that this is not just the playground for cyber criminals but also for Governments.
For the past few years, since the discovery of Stuxnet, Government Sponsored Cyber Attacks were nothing more than a fairy tale. However, this changed soon.
Exploit-kits, Botnets and others catered to a market of cyber-criminals, a market-place was created where exploits, vulnerabilities, log in credentials were traded and cyber-criminals were given the technical know-how on how to implement and carry-on with their nefarious activities.
However, unknown too many, there were many organizations who officially invested and traded into finding exploits and vulnerabilities and their clientele were none other than the Governments. A different kind of market has now emerged, which caters to the Governments, Law Enforcement Agencies, and the Intelligence agencies whose primary task is spying.
The first known instance of such a service being made available to the Law enforcement Agencies was D.I.R.T. – Data Interception by Remote Transmission and was exposed by the media way back in 2002. However, according to the reports this service has been in existence since the late 90’s, which if summarized correctly, almost since the boom of internet. Moreover, DIRT was nothing more than a RAT (Remote Access Trojan) and the only way in were through emails. Spear-Phishing / Water Holing attacks are the terms used now-a-days however, during those days, no such terminology existed.
Late 90’s was the time when Internet was gaining its foothold and was still considered in its nascent stages, however, as surprising as it may sound, Governments were the first to understand the power which comes from controlling and spying on Internet and Internet connected devices. It has been alleged that
“A closely-held software package designed to allow law enforcement agencies to secretly monitor a suspect’s computer turned up on an anonymous Web site in the Netherlands Wednesday, along with user manuals, financial information, contracts and invoices apparently stolen from the company that makes the surveillance tool.” A1
Moreover, the stash of documents also included
“But files included in the Netherlands stash appear to identify several organizations that received price quotes from Codex, including the Egyptian and Ukrainian governments, and the U.S. District Court of New Jersey’s Pretrial Services Division, responsible for supervising criminal defendants as they await trial.” A2
The year was 2002, and there was a bleak reminder of the services which Governments are willing to invest the tax-payers money, in order to conduct an espionage operation.
Coming back to present times, Hacking TeamA3 , a private intelligence contractor which develops and sells hacking tools to governments around the world, was hacked by a hacker and all their emails, source codes , almost 400GB of data was siphoned off and is now available for public scrutiny on WikiLeaks A4.
Up till now we have discussed the evolution of tools and organization which cater specifically to Governments and Law Enforcement Agencies. Why do Governments want to control Internet and spy on devices attached to it, is a question which crops up in our minds.
The best case-study to answer this question is Stuxnet. Stuxnet was designed to attack nuclear reactors of Iran and its job was to ensure that the telemetry devices and other devices critical for smooth functioning of the reactor malfunctioned randomly, which will effectively slow down the scientific advancements.
This act is nothing less than a terrorist attack and it has been alleged that Stuxnet was created by a Government to attack another country’s infrastructure. There have been many such instances wherein it is virtually impossible for a waylaid hacker to carry out attacks on Water Plants, Electricity Grids without being sponsored by a State.
It’s not just the finances which are of concern, but also the technicality involved and the complexity of carrying out these attacks are of prime importance. Numerous governments have been using malwares to attack the activists, journalists and all those who, according to the government, are working against them.
There is a very thin line between State Sponsored Cyber Terrorism and the terrorists themselves and from a holistic point of view, the line itself is blurred, when we treat a malware as a malware and an APT as an APT and not segregate these attacks as State sponsored or an activity by a Cyber Criminal.
Whether a malware is created by a Law Enforcement Agency or by a Criminal, it still remains a malware, whose primary task is to steal your data and control your devices.