Black Hat: Cyber-espionage operations vast yet highly focused, researcher claims

Wednesday, July 25th 2012. | Software News

LAS VEGAS — Cyber-espionage operations across the Internet are extensive yet highly targeted, says a malware researcher speaking this week at the Black Hat Conference in Las Vegas. And it’s not just governments targeting other governments or trying to steal corporate secrets — private security companies also are involved in these break-ins even while claiming to offer “ethical hacking services.”

BLACK HAT DEMO: Google Bouncer can be beaten

SLIDESHOW: Security industry all-stars

In today’s cyber-espionage, “there are hundreds of tiny little botnets,” says Joe Stewart, research director at Dell SecureWorks. These command-and-control systems do one thing — compromise targeted networks of business and government in order to learn about important information worth stealing, and then swipe it.

Unlike other types of cybercrime botnets, such as those used to perform financial theft or generate spam via many compromised machines, cyber-espionage botnets seem to be aimed only to hit certain valued targets — such as the Japanese Ministry of Finance, which recently disclosed a data breach.

There is widespread targeting of Japan, notes Stewart in his paper released Wednesday titled “Chasing APT, ” which pinpoints 200 unique families of custom malware used in cyber-espionage campaigns that many refer to as “advanced persistent threats.” In fact, says Stewart, the code called “HTran” that Dell SecureWorks believes was employed by Chinese attackers in the infamous attack against RSA last year is still in use, and has been linked to attacks against entities in Japan.

Stewart says he thinks two of the largest groups involved in cyber-espionage that “share a large infrastructure” are coming out of China. But China is hardly alone, as the U.S. and Israel are also being tied to the Flame virus for cyber-espionage. And there’s also the growing sense that it’s not just “government-backed actors” conducting cyber-espionage.

“As it becomes increasingly revealed that more and more governments are involved in cyber-espionage and cyber-sabotage, it has the effect of legitimizing this type of activity for certain private companies,” says Stewart in his “Chasing APT” report. “Other research we have conducted has uncovered a sizable cyber-espionage operation carried out by a private computer security company in an Asian country (not China) against a foreign military, presumably on behalf of the government of the country in which that company resides. This type of outsourcing of offensive hacking to contractors is to be expected given that the market demand for such skills often precludes governments from possessing that talent for very long — however, we have discovered the scope of that company’s operations also extend to using backdoors and spear-phishing to spy on companies in the U.S. and Europe, and even journalists in the same country. Ironically, this same company offers ethical hacking courses as part of their services lineup.”

Related For Black Hat: Cyber-espionage operations vast yet highly focused, researcher claims