Ads by TechWords

See your link here
Receive the latest technology news and information.
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Are nations paying criminals for botnet attacks?

November 17, 2009 01:03 AM ET

Active Comments
Anonymous says: Ellen Messmer's revelations regarding the business ethics of botnet operators were met with skepticism and denials from key players today...
Anonymous says: The next President needs to say that a cyber attack against our infrastructure would be treated as an act of...


Network World - Nations that want to disrupt their enemies' banking, media and government resources don't need their own technical skills;  they can simply order botnet attack services from cybercriminals.

That's a point made in McAfee's new report "Virtually Here: The Age of Cyber Warfare," which draws from the opinions of about 20 experts, including William Crowell, former deputy director of the U.S. National Security Agency.

U.S. cyber war policy needs new focus, experts say

There have been several larger denial-of-service attacks over the past few years that raised suspicions about whether they were initiated by nations in conflict against their adversaries. Such incidents include cyberattacks that hit Estonia and Georgia, which some viewed as traceable to Russia. More recently, many were tempted to blame North Korea for this year's July 4th cyberattacks on South Korea and U.S. resources (though others disagreed). 

The McAfee report, prepared by Paul B. Kurtz, an analyst at Good Harbor Consulting, presents the opinions of diplomats, researchers and others about the nature of cyberattacks that seem concentrated on a specific country but where it's hard, if not impossible, to determine whether or not another nation-state initiated the attack.

One reason it may be hard to tell is simply because a nation state may go to the criminal underground to secretly pay for a massive botnet attack against its enemy. In this case, it's conceivable that the criminals themselves would not fully understand what they're being asked to do since the request and payment of botnet attack services are typically carried out as anonymously as possible, says Dmitri Alperovitch, vice president of threat research at McAfee.

"There is an overlap between cyberwar and cybercrime," Crowell points out in the report. "For instance, anyone can go to a criminal group and rent a botnet. We've reached a point where you only need money to cause disruption, not know-how, and this is something that needs to be addressed." The hacking skills of a criminal group may make them natural allies for nation states looking for a way to deny involvement in cyberattacks, it's noted.

The cyber warfare report points out that this year's July 4th cyberattacks against South Korea and the United States., in which North Korea was the suspected aggressor, showed that high-profile cyber events can have significant political repercussions. The report notes that by the end of that week, Rep. Peter Hoekstra (R-Mich.) "was stating publicly that the U.S. should conduct 'a show of force or strength' against North Korea for its alleged role in the attacks." The congressman expressed concern that unless the United States and allies "stood up to North Korea" there could be a next time when "they will go in and shut down a banking system or they will manipulate financial data" or that people could even get killed.


Originally published on www.networkworld.com. Click here to read the original story.

Jump to comments

Industry Verticals

Additional Resources

Microsoft
Here are some of the key reasons why you would want to run Unified Access Gateway with DirectAccess.
Microsoft
Review how one energy firm tightened protection and simplified IT work using business-ready security solutions.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

What People Are Saying

White Papers & Webcasts

FISMA Prescriptive Guide
A Tactical Guide Enabling you to take Action and Achieve Operational Excellence  

The Workday User Experience Video
Watch Workday's Creative Director, Scott Lietzke, discuss the business-centered design philosophy at Workday.

Business Process Framework Demo
Learn about Configurable Business Processes and Calculated Fields. Watch Now!

Manager Experience Demo
Go beyond self-service solutions to perform more effectively. Watch Now.


IT Jobs