Cyber spies can practice ‘clean espionage’ to extract information: analyst
MONTREAL – Stealing secrets through cyber espionage may not have enough action for a spy like James Bond, but there can be less risk and “your own guys don’t get hurt,” a global security expert says.
Cyber spying is going to get more sophisticated and governments and businesses will continue to be targeted, said Steve Durbin, global vice-president of the Information Security Forum.
“If you go back to the original James Bond era, you used to have guys slugging around the streets trying to steal secrets,” Durbin said from New York.
“You don’t have that problem any more because you can set up a laptop or a computer in a living room and try to crack into systems around the world.”
Spying has always been around and now it’s just making use of the technology that’s out there,” he said.
Durbin calls it “clean espionage” and said more often than not it is state sponsored.
“This isn’t about blowing things up, although you can do that, clearly. It’s clean espionage rather than some of the dirtier elements of people slugging it out in Afghanistan, for example.”
This kind of espionage can use computer malware or exploit technology such as close-captioned TV cameras, GPS data, satellite feeds and telecom traffic, in addition to “feet on the street,” he said.
Durbin cites the Stuxnet virus as an example of clean espionage.
Stuxnet was tailored to disrupt Iran’s nuclear centrifuges and caused some setbacks within its uranium enrichment labs. It infected thousands of employees’ computers at the nuclear power reactor, Iranian officials have said. The United States and Israel are believed to be suspects.
An attack like that has more impact on the people being targeted than on your own forces, he said.
“So that’s attractive because not only is it effective, it is lower cost and your own guys don’t get hurt.”
China also has been accused by cyber security analysts of computer-based attacks focused on American oil, gas and other energy companies.
The U.K.-based Information Security Forum deals with security challenges that its corporate and public sector members are facing. It’s considered a global authority on information risk management and cyber security.
Durbin said infrastructure such as transportation, government national defence programs and networks, and energy and defence companies can all be targets.
Canada’s auditor general has said the federal government has been slow to boot up an effective response to the threat of cyber attacks on crucial systems.
The auditor general’s report said the shortcomings have left key networks — such as the one that ensures employment insurance benefits are delivered on time — exposed to attack.
Associate professor Tom Dean of Queen’s University said governments need to worry about what’s called advanced persistent threats.
They aren’t a standard virus or botnet that’s sending out spam email, said Dean, who teaches in the electrical and computer engineering faculty at Queen’s in Kingston, Ont.
“Advanced persistent threats from the more sophisticated actors, quite a few of which are state sponsored, are basically camping out and gathering information,” he said.
“That’s the biggest deal.”
China, Russia, areas in the Balkans, and former Soviet republics are considered suspects in state-sponsored cyber spying, he said.
Dean said there is potential for a destructive cyber attack but that would be “an act of war.”