BANGALORE, INDIA: The recent spate of cyber attacks have raised questions about the security of government and corporate computer systems, and the ability of law enforcement to track down hackers.
Here’s a breakdown of the different types of cyber assaults, from “hactivists” to serious criminals.
DISSIDENT HACKERS SEEKING MAXIMUM PUBLICITY
The Lulz Security and Anonymous groups have broken into computer servers to steal data that they publish on the Internet to embarrass their targets. Examples of this include LulzSec hacking into Fox TV’s “X Factor” contestant database, or breaking into FBI affiliate Infraguard and publishing its user base.
So-called hactivists also use distributed denial of service (DDOS) attacks, in which they get supporters to crash the websites of their targets by overwhelming the servers with traffic. The Anonymous group launched DOS attacks against Visa and MasterCard because the group thought the companies were hostile to Wikileaks and its founder Julian Assange.
CYBER ATTACKS FOR FINANCIAL GAIN
Primarily based on getting financial information, such as payment card data or bank account details, perpetrators tend to keep their attacks secret because the data is more valuable if victims do not know it has been stolen.
Citigroup disclosed that unknown hackers in May had stolen information from 360,083 credit card accounts in North America, in what was the most significant known direct assault on a financial institution.
These attacks can come from just about anywhere, although Western security experts have said that Russia and China deliberately turn a blind eye to this kind of activity from within their borders, provided it is not targeted domestically.
GOVERNMENT OR STATE-BACKED ATTACKS
Hacking by governments or state-sponsored groups is usually aimed at stealing classified information, such as military secrets or other prized data. Security experts have cited attacks on the International Monetary Fund and Google Inc’s email service as recent examples.
There is often finger-pointing at Russia and China after such attacks, although experts suspect other nations including the United States of using this technique more quietly.
There are also occasional suspected state-backed DDOS attacks, such as on Estonia and Georgia in 2007.
FROM VIRTUAL NETWORKS TO THE REAL WORLD
These are cyber attacks aimed at causing actual physical damage, such as by hacking into industrial computer controls to destroy military assets or public infrastructure.
The Stuxnet virus, which Iran has said was used to attack computers at its Bushehr nuclear reactor, is the only case so far that security experts widely agree fits into this category.
How serendipitous_ Weeks after Microsoft bought Skype for $8.5 billion, Microsoft has also received a patent for technology that lets it eavesdrop on VoIP calls.
Microsoft applied for the patent back in 2009, so it’s unlikely it was already preparing for a Skype acquisition two years later, but perhaps it had in mind similar voice messaging software such as Microsoft Voice and Unified Communications.
The patent, titled “Legal Intercept,” is for an interception software that lets someone surreptitiously record a call on a VoIP network. Microsoft rationalized the patent as a way to answer to government requests for surveillance and wiretapping.
“Sometimes, a government or one of its agencies may need to monitor communications between telephone users,” the patent reads.
“Traditional techniques for silently recording telephone communication may not work correctly with VoIP and other network-based communication technology,” it reads. “For example, VoIP may include audio messages transmitted via gaming systems, instant messaging protocols that transmit audio, Skype and Skype-like applications, meeting software, video conferencing software, and the like.”
Sophos security advisor Chester Wisniewski said the patent would help Skype overcome resistance from foreign governments insisting on the backdoor. Skype itself is no stranger to this. For instance, last year the Indian government has threatened to ban Skype, Google, and Blackberry for not complying to stringent surveillance laws. In 2008, Skype’s reputation in China took a dive after it admitted to monitoring calls on behalf of the government. The Austrian police has also claimed it can bug Skype calls, though Skype has never commented on the matter.
Michael Froomkin, a law professor at the University of Miami, told Computerworld that the patent could be a step back for anti-government efforts, “First, making a communication technology FBI-friendly means also making it dictator-friendly, and in the long run this is not good for movements like the Arab Spring,” he said. “Second, experience shows that building in back doors invites exploits.”
Last fall, reports surfaced that the Obama administration was working on regulations that would make it easier for law enforcers to wiretap communications, which would probably require companies to create backdoors for the government to listen in.
NEW DELHI: In his first remarks on the issue of bugging of Union Finance Minister Pranab Mukherjee’s North Block office, Prime Minister Manmohan Singh on Wednesday said Union Home Minister P. Chidambaram did not know about it.
During his interaction with five senior editors, Dr. Singh replied in the negative when asked if the complaint of bugging went through the Home Minister.
“No. This was on a need-to-know principle,” Dr. Singh said. He admitted that there was a complaint that the office of the Finance Minister was bugged. “I asked the Intelligence Bureau (IB) to do a thorough check. The IB reported back to me that there was nothing of the sort,” Dr. Singh said.
The Prime Minister’s reply comes as a surprise because the Home Ministry which exercises control over IB had been completely kept out of the loop. Though both Mr. Mukherjee and Mr. Chidambaram have dismissed insinuations about any mistrust between them, it is surprising why Mr. Mukherjee, number two in the UPA government, chose to keep the Home Minister in the dark and went straight to the Prime Minister last year.
As part of the routine exercise also, the Home Minister was entitled to know about the sensitive issue rather than being kept out.
Mr. Chidambaram, in a recent interview to NDTV, had said that he came to know about the bugging incident from newspaper reports.
June 30, 2011: During the last three years, China has opened eight National Intelligence Colleges in major universities. In effect, each of these is an “Espionage Department” at these universities, where, each year, about 300 carefully selected applicants are accepted, to be trained as spies and intelligence operatives. China has found that espionage is an enormously profitable way to steal military and commercial secrets. While Chinese Cyber War operations in this area get a lot of publicity, the more conventional spying brings in a lot of stuff that is not reachable on the Internet.
One indicator of this effort is the fact that American counter-intelligence efforts are snagging more Chinese spies. But this is largely due to increased spying effort by China, rather than more success by the FBI and CIA. This use of industrial espionage has played a large part in turning China into the mightiest industrial and military power on the planet.
For over two decades, China has been attempting to do what the Soviet Union never accomplished; steal Western technology, then use it to move ahead of the West. The Soviets lacked the many essential supporting industries found in the West (most founded and run by entrepreneurs), and was never able to get all the many pieces needed to match Western technical accomplishments. Soviet copies of American computers, for example, were crude, less reliable and less powerful. Same with their jet fighters, tanks and warships.
China gets around this by making it profitable for Western firms to set up factories in China, where Chinese managers and workers can be taught how to make things right. At the same time. China allows thousands of their best students to go to the United States to study. While most of these students will stay in America, where there are better jobs and more opportunities, some will come back to China, and bring American business and technical skills with them. Finally, China energetically uses the “thousand grains of sand” approach to espionage. This involves China trying to get all Chinese going overseas, and those of Chinese ancestry living outside the motherland, to spy for China, if only a tiny bit.
This approach to espionage is nothing new. Other nations have used similar systems for centuries. What is unusual is the scale of the Chinese effort. Backing it all up is a Chinese intelligence bureaucracy back home that is huge, with nearly 100,000 people working just to keep track of the many Chinese overseas, and what they could, or should, be to trying to grab for the motherland. This is where many of the graduates of the National Intelligence College program will work.
It begins when Chinese intelligence officials examine who is going overseas, and for what purpose. Chinese citizens cannot leave the country, legally, without the state security organizations being notified. The intel people are not being asked to give permission. They are being alerted in case they want to have a talk with students, tourists or business people before they leave the country. Interviews are often held when these people come back as well.
Those who might be coming in contact with useful information are asked to remember what they saw, or bring back souvenirs. Over 100,000 Chinese students go off to foreign universities each year. Even more go abroad as tourists or on business. Most of these people were not asked to actually act as spies, but simply to share, with Chinese government officials (who are not always identified as intelligence personnel) whatever information obtained. The more ambitious of these people are getting caught and prosecuted. But the majority, who are quite casual, and, individually, bring back relatively little, are almost impossible to catch.
Like the Russians, the Chinese are also employing the traditional methods, using people with diplomatic immunity to recruit spies, and offering cash, or whatever, to get people to sell them information. This is still effective, and when combined with the “thousand grains of sand” methods, brings in lots of secrets. The final ingredient is a shadowy venture capital operation, sometimes called Project 863, that offers money for Chinese entrepreneurs who will turn the stolen technology into something real. No questions asked. If you can get back to China with the secrets, you are home free and potentially very rich.
But there are some legal problems. When the Chinese steal some technology, and produce something that the Western victims can prove was stolen (via patents and prior use of the technology), legal action can make it impossible, or very difficult, to sell anything using the stolen tech, outside of China. For that reason, the Chinese like to steal military technology. This kind of stuff rarely leaves China. And in some cases, like manufacturing technology, there’s an advantage to not selling it outside of China. Because China is still a communist dictatorship, the courts do as they are told, and they are rarely told to honor foreign patent claims.
A Garden City businessman and former vice president of the USD 457 Board of Education has been accused of placing and using a concealed camcorder to eavesdrop in the women’s bathroom at his business.
John Scheopner, 56, was arrested at 8:30 a.m. Wednesday in Finney County on allegations he used a concealed camcorder to eavesdrop on a 53-year-old Garden City woman, a 28-year-old Lakin woman and a 32-year-old Garden City woman in the women’s bathroom at Scheopner’s Water Conditioning, 2203 East Fulton Plaza, according to Garden City Police Sgt. Michael Reagle. Scheopner allegedly eavesdropped on the 32-year-old woman twice, Reagle said. The incidents allegedly occurred on April 30.
Scheopner, whose resignation from the school board was accepted on May 23 after 14 years on the board, also is accused of two counts of intimidation of a witness or victim for allegedly attempting to deter the 53-year-old woman and 28-year-old woman from testifying, Reagle said.
Scheopner could not be reached for comment.
Scheopner made his first court appearance Wednesday and was released on his own recognizance, according to the Finney County Jail log. He has been charged with four counts of use of a concealed camcorder to eavesdrop and two counts of intimidation of a witness or victim, according to the Finney County Attorney’s Office. All are misdemeanors.
Scheopner is scheduled for a case management hearing at 1:15 p.m. July 28.
Reagle said that while the incident occurred April 30, the investigation continued after that. An arrest affidavit was filed requesting Scheopner be charged. The arrest warrant was issued, and he was arrested when he made his first appearance, Reagle said.
Lawyer Lara Bors was appointed Monday to Scheopner’s seat on the board in a unanimous vote by the board.
The term to which Bors was named expires on June 30, 2013.
