Govt malware: Why and how it’s used, and is it cyber-war?
By F-Secure Research Labs March 27, 2013
- Governments use malware within and outside of their own countries; the latter to spy on other nations
- What’s going on today is not cyber war; it’s spying, which happens in wartime as well as times of peace
THERE are basically three types of perpetrators in the malware world. There are organized criminal gangs who are out to steal your money. There are hacktivists, who are trying to draw attention to a political or social cause. And there are governments.
Governments use malware within and outside of their own countries. For example, within their countries, law enforcement uses spyware to gather information for criminal investigations. Totalitarian regimes are known to use such malware to monitor the activity of their citizens.
Externally, governments use malware to spy on other nations. Espionage, of course, is nothing new. In the past, when information was stored on paper, you had to be in the same physical location to steal it.
Now information is digital, so it’s possible to steal it through the Internet from across the world. The transition to cyber espionage is a natural progression that goes along with technology’s advancements.
China is of course lately the biggest suspect of cyber espionage, allegedly stealing research and development secrets from US corporations to build up their technology and advance their economy. But many other nations also engage in cyber espionage to gather intelligence on their rivals: Israel, Russia, India, Pakistan and the United States are just a few alleged perpetrators.
How is governmental cyber espionage carried out? Usually, attackers use an exploit to drop a backdoor onto a targeted computer within an organization. The exploit gains entry by taking advantage of some weakness in the computer’s software, and the backdoor gives the attacker access to the computer, the organization’s network and its confidential information.
Attackers use two different methods to plant the malware. One method involves sending an email with an exploit-infected attachment to someone in the organization. To trick the recipient into opening the attachment, the sender often appears to be someone known and trusted, and the content of the email seems relevant. If the recipient clicks on the attachment, the damage is done.
The other method, called a watering hole attack, involves figuring out which websites the targeted person is likely to visit. The attacker breaks into one of those websites and infects it so that when the target visits the website, they will be infected. Of course anyone else visiting the website may also be infected, but they are just collateral damage.
Often in the media we hear the term “cyber war.” But what’s going on today is not cyber war. It’s spying – and spying happens during wartime and peacetime. Sometimes there are cases of sabotage, such as with Stuxnet. But again, it’s not war.
When the day comes that there is a war between two technologically advanced nations, there certainly will be a cyber element as well. We should reserve the term “cyber war” for the real thing.
Related Stories:
Mikko’s world: Governments, factories and washing machines
Stuxnet, Flame and the new world disorder
Cyber-war: Time for our agencies to step up
Kaspersky discovers ‘miniFlame,’ designed for highly targeted cyber-espionage
For more technology news and the latest updates, follow @dnewsasia on Twitter or Like us on Facebook.
