| |
| |
![]() |
| |
|
| |
|
| |
|
SINGAPORE: They go by names such as GhostNet and botnets but they have nothing to do with harmless computer games. Instead, they are associated with something more dangerous - spying in cyberspace which, in the worst-case scenario, can undermine a country's national interests.
Earlier this year, Canadian researchers uncovered a cyber-espionage operation involving GhostNet, an electronic spying network that uses malware, or malicious software, The New York Times (NYT) reported in March.
Through the network, the camera and audio-recording functions in an infected PC can be activated, enabling a stranger to see and hear what is going on in the room where the computer is located.
According to the NYT, GhostNet had stolen documents from hundreds of government and private offices, including those of the Dalai Lama. It had infiltrated at least 1,295 computers in 103 countries.
The researchers believed that its targets included the governments of South Asian and South-east Asian countries.
The threat posed by GhostNet is just one of the many serious forms of cyber attacks that have led governments worldwide to set up special agencies to counter them.
On Wednesday, the creation of Singapore Infocomm Technology Security Authority (Sitsa), a special agency to protect Singapore from cyber attacks, was announced.
The threat from cyber attacks, which can be politically or criminally motivated, is apparently relentless.
"Every quarter of a second, there is an attack somewhere on the Internet," said Mr Ilias Chantzos, director of government relations at Symantec Corporation, maker of Norton security products.
Cyber attacks can present problems for general Internet users.
"Roughly, you're looking at an attack rate of one (out of) every five persons... connected on the Internet right now," claimed Mr Chantzos, who added that this did not mean that the computer attacked would necessarily be compromised, as that would depend on whether it had adequate protective safeguards.
The ascendency of broadband, following the dark ages of slow, dial-up connections to the Internet, ironically increases cyber security risks.
"It's not that the broadband is vulnerable... we leave the computer always on, the computer is always connected, therefore by definition, it's more susceptible to attacks," said Mr Chantzos.
Cyber attacks can take place via "botnets", which are networks of "zombie" or "Web robot" computers infected with a virus that lets criminals remotely control these innocent machines.
These "bots" could number in the tens of thousands, or, Mr Chantzos said, even "1 million" or more.
If your PC has been corralled into a botnet, you could experience significant slowdown but there aren't always obvious signs that your computer has been infected.
According to Mr Tan Wei Ming, Symantec's senior manager for government relations, possible signs of infection include your computer "(sending) out spam, sometimes it could receive some strange emails, and your friend calls you and says, 'did you send that out?' You say no".
Dr Godfrey Gaston, director of Queen's University Belfast's Centre for Secure Information Technologies, said that home computers would be more vulnerable than corporate computers to being used as part of a botnet as the latter tend to be better protected.
Zombie computers are often programmed to launch denial-of-service attacks, blitzing targets with data, sometimes forcing them to shut down.
Such botnet attacks, targeted at American and South Korean government and commercial websites, were seen in July. Official Estonian and Georgian websites have also been targets in 2007 and 2008, respectively.
More sophisticated forms of hacking include attempts to infiltrate website defences to steal confidential data. In April, a former US government official said that spies had hacked into the US electric grid and left behind computer programmes that would let them disrupt service.
One of the problems in identifying perpetrators is that locations can be masked.
"It's really easy to disguise a cyber attack as coming from another place," said Ms Jena Baker McNeill, an analyst at the Washington-based Heritage Foundation.
A cyber attack targeted at a computer in the US, for example, could be launched by a hacker in Japan, who remotely controls a compromised computer in France.
Cyber attacks are therefore complicated by "the problem of attribution", said Mr Tony Skinner, the features editor of trade journal Jane's Defence Weekly.
Said Mr Chantzos: "What you need to do is... find the PC that was attacked, forensically analyse it, identify the origin of the attack, go to the Internet Service Provider (ISP), then determine from the ISP where the attack is coming from, then follow the chain. This is a job that the police are equipped to do."
Cyber attacks that make the news - and many such attacks go unreported - are often played out along nationalistic lines.
Regarding the massive cyber assault on Estonia in 2007, Dr John Harrison, a terrorism expert at Nanyang Technological University's S Rajaratnam School of International Studies, said: "It wasn't entirely clear if the Russian government was directly behind it, but it was certainly people who were sympathetic to the views that the Russian government held."
Arguably, cyber attacks can be read in some cases as a proxy conflict, even where the protagonists are not unequivocally identified, as in the case of the Georgian-Russian war last year, which was immediately preceded by a wave of cyber attacks.
Another conflict arena for cyber attacks, Dr Harrison said, was "the Israeli-Palestinian conflict, where both Hamas... and the Israeli government are attacking each other's... websites".
The researchers of GhostNet, which was accused of spying on the Dalai Lama, said the computers used were based almost exclusively in China, though the Chinese denied the allegations of spying.
Last month, the US' intelligence director Dennis Blair grouped China, Iran, North Korea and Russia as nations with the ability to "challenge US interests in traditional and emerging ways".
His report, the National Intelligence Strategy, noted that China "is very aggressive in the cyber world".
Dr Harrison noted that these four countries have also been accused of "attempting to develop offensive cyber capabilities particularly targeting the US and Western militaries".
While nations like America are taking steps to combat cyber threats (in the case of the US, with its US Cyber Command agency), there is a recognition by some that offensive cyber capabilities are the flip side to such defensive efforts.
Jane's Mr Skinner said that "people outside of the (US) cyber command have pointed out that a cyber attack capability is effectively part of cyber defence ... part of the whole deterrence aspect of it".
When asked if this was similar to the concept of nuclear deterrence, he agreed.
In this respect, the generals perhaps need to learn from the bankers. Said Mr Skinner, "the militaries are in a lot of ways catching up" with banking institutions, the traditional targets of cyber attacks and criminal hackers.
- TODAY/yb
|
