Not a day goes by without new headlines regarding the continuing economic war. Many of those headlines are about cyber means to achieve economic objectives. Just to catch up, here are a few of those headlines with some commentary. Perhaps the most significant story is the documentation of a 5-Year spy operation targeting governments and businesses. From Wired Magazine:
BY KIM ZETTER 01.14.13
An advanced and well-orchestrated computer spy operation that targeted diplomats, governments and research institutions for at least five years has been uncovered by security researchers in Russia.
The highly targeted campaign, which focuses primarily on victims in Eastern Europe and Central Asia based on existing data, is still live, harvesting documents and data from computers, smartphones and removable storage devices, such as USB sticks, according to Kaspersky Lab, the Moscow-based antivirus firm that uncovered the campaign. Kaspersky has dubbed the operation “Red October.”
While most of the victims documented are in Eastern Europe or Central Asia, targets have been hit in 69 countries in total, including the U.S., Australia, Ireland, Switzerland, Belgium, Brazil, Spain, South Africa, Japan and the United Arab Emirates. Kaspersky calls the victims “high profile,” but declined to identify them other than to note that they’re government agencies and embassies, institutions involved in nuclear and energy research and companies in the oil and gas and aerospace industries.
“The main purpose of the operation appears to be the gathering of classified information and geopolitical intelligence, although it seems that the information-gathering scope is quite wide,” Kaspersky notes in a report released Monday. “During the past five years, the attackers collected information from hundreds of high-profile victims, although it’s unknown how the information was used.”
Although the attackers appear to be Russian speakers, to get their malware onto systems they have been using some exploits — against Microsoft Excel and Word — that were created by Chinese hackers and have been used in other previous attacks that targeted Tibetan activists and military and energy-sector victims in Asia.
“We can assume that these exploits have been originally developed by Chinese hackers, or at least on Chinese code page computers,” Raiu says. But he notes that the malware that the exploits drop onto victim machines was created by the Red October group specifically for their own targeted attacks. “They’re using outer shells that have been used against Tibetan activists, but the malware itself does not appear to be of Chinese origin.”
…With Red October, “the attackers managed to stay in the game for over 5 years and evade detection of most antivirus products while continuing to exfiltrate what must be hundreds of Terabytes by now.”
The sheer scope and longevity of this operation is what is most disconcerting. And, the fact that there are possible ties to Russia and China raises the alarm further.
Now, add to this the idea of holding business data for ransom with the concept of financial jihad by radicalized Islamic terrorists (like the Al Qaeda group that took hostages and killed them in Algeria). Consider the following from Money Jihad based on a CNN report:
January 11, 2013
The cyber-attacks originate “overseas,” often from Russia, but can Iranian-backed hackers or groups like “Izz ad-Din al-Qassam” be far behind? Surely they can get a mullah to declare fatwa saying that holding data for ransom is permissible under Islamic law, yes? As long as the purpose is to destroy the “infidel” Western financial system, and especially if the ransom money is used to advance jihad. From CNN Money:
The article accompanying this video in December also said that “Security firm McAfee on Thursday released a report warning that a massive cyberattack on 30 U.S. banks has been planned, with the goal of stealing millions of dollars from consumers’ bank accounts.”
In addition, there is the ongoing economic war with Iran that has exploded the concept of direct cyber warfare between nation states:
How The US Invited Iranian Hackers To Attack America’s Banks
In a world where you can watch cyberattacks happen in real-time, it’s no wonder that nation-states are doing little to hide the cyber arms race and low-grade cyberwar that’s taking place.
However, what’s surprising is that the country leading the charge — the U.S. — may also be the one with the most to lose.
“There is a world of bytes and a world of atoms, and increasingly the world of bytes is driving the world of atoms,” Dr. Jarno Limnell, director of cyber security at Stonesoft, told us. “This is a whole new capability for these state-actors — previously there was no way to touch the U.S.”
Siobhan Gorman of WSJ reports that a government-backed group of Iranian hackers called the Qassam Cyber Fighters have sustained an assault on U.S. banks for five weeks—even after announcing its plans to attack in advance.
The Iranian hackers are using a new cyberweapon called “itsoknoproblembro” that has disrupted the websites of America’s largest banks. U.S. officials claim the attacks are in response to the crippling sanctions being imposed on Iran, but it could be as simple as the fact that the U.S. attacked them first.
In June one of Barack Obama’s aides told The New York Times that the president “repeatedly expressed concerns that any American acknowledgment that it was using cyberweapons … could enable other countries, terrorists or hackers to justify their own attacks.”
Now, add to all of that concern the increasing dependence of our financial markets on overcomplicated and under-tested systems and you can see a major recipe for disaster. Even without any apparent cyber attacks, our stock market systems appear prone to error (although we really can never be certain the errors are natural and not an attack). Here are excerpts from an article from The New York Times detailing just a few of the problems so far in the New Year:
Thursday, 10 Jan 2013 | 10:44 PM ET
Confidence-shaking technology mishaps have been an almost daily occurrence at the nation’s stock exchanges in the new year.
The latest example came Wednesday night when the nation’s third-largest stock exchange operator, BATS Global Markets, alerted its customers that a programming mistake had caused about 435,000 trades to be executed at the wrong price over the last four years, costing traders $420,000.
A day earlier, the trading software used by the National Stock Exchange stopped functioning properly for nearly an hour, forcing other exchanges to divert trades around it. The New York Stock Exchange, the nation’s largest exchange, has had two similar, though shorter-lived, breakdowns since Christmas and two separate problems with its data reporting system. And traders were left in the dark on Jan. 3 after the reporting system for stocks listed on the Nasdaq exchange, the second-biggest exchange, broke down for nearly 15 minutes.
The stream of errors has occurred despite the spotlight on the exchanges since a programming mishap nearly derailed Facebook’s initial public offering on Nasdaq last May and BATS’s fumbling of its own I.P.O. two months earlier. At the end of 2012, a number of exchange executives said they were increasing efforts to reduce the problems. But market data expert Eric Hunsader said that the technology problems have become, if anything, more frequent in recent weeks.
Matt Samelson, the founder of the industry consultancy Woodbine Associates, said, “Now that the world is watching, everyone is trying to be more rigorous. Their increased rigor is not yielding the benefits they hoped.”
Joe Ratterman, the chief executive of BATS, said Thursday that he viewed the firm’s announcement this week as a sign of markets that were functioning well, given his firm’s ability to find a problem that he called an “extreme edge-case scenario.”
(Read More: Latest Market Glitch Shows ‘Trading Out of Control‘)
“We discovered this problem and reported it — it’s a positive thing,” Mr. Ratterman said. “It’s being covered as if it’s a negative issue, and a continuation of a series of problems. “Call me an optimist, but I see positive indications of the markets moving forward,” he said.
Regulators and traders have said that malfunctions are inevitable in any complex computer system. But many of these same people say that such problems were less frequent before the nation’s stock exchanges were thrown into a technological arms race in the middle of the last decade as a host of upstart exchanges like BATS challenged incumbents like the New York Stock Exchange.
There can be little doubt that a global economic war is already underway with major combatants including terrorists, rogue nation states, criminals, and even major military operations. The means to conduct such warfare includes but is not limited to cyber. It’s time we face these facts and address them.