Cyber spying

Last updated

Cyber spying, cyber espionage, or cyber-collection is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information using methods on the Internet, networks or individual computers through the use of proxy servers, [1] cracking techniques and malicious software including Trojan horses and spyware. [2] [3] Cyber espionage can be used to target various actors- individuals, competitors, rivals, groups, governments, and others- in order to obtain personal, economic, political or military advantages. It may wholly be perpetrated online from computer desks of professionals on bases in far away countries or may involve infiltration at home by computer trained conventional spies and moles or in other cases may be the criminal handiwork of amateur malicious hackers and software programmers. [2]

Contents

History

Cyber spying started as far back as 1996, when widespread deployment of Internet connectivity to government and corporate systems gained momentum. Since that time, there have been numerous cases of such activities. [4] [5] [6]

Details

Cyber spying typically involves the use of such access to secrets and classified information or control of individual computers or whole networks for a strategic advantage and for psychological, political and physical subversion activities and sabotage. [7] More recently, cyber spying involves analysis of public activity on social networking sites like Facebook and Twitter. [8]

Such operations, like non-cyber espionage, are typically illegal in the victim country while fully supported by the highest level of government in the aggressor country. The ethical situation likewise depends on one's viewpoint, particularly one's opinion of the governments involved. [7]

Platforms and functionality

Cyber-collection tools have been developed by governments and private interests for nearly every computer and smart-phone operating system. Tools are known to exist for Microsoft, Apple, and Linux computers and iPhone, Android, Blackberry, and Windows phones. [9] Major manufacturers of Commercial off-the-shelf (COTS) cyber collection technology include Gamma Group from the UK [10] and Hacking Team from Italy. [11] Bespoke cyber-collection tool companies, many offering COTS packages of zero-day exploits, include Endgame, Inc. and Netragard of the United States and Vupen from France. [12] State intelligence agencies often have their own teams to develop cyber-collection tools, such as Stuxnet, but require a constant source of zero-day exploits in order to insert their tools into newly targeted systems. Specific technical details of these attack methods often sells for six figure sums. [13]

Common functionality of cyber-collection systems include:

Infiltration

There are several common ways to infect or access the target:

Cyber-collection agents are usually installed by payload delivery software constructed using zero-day attacks and delivered via infected USB drives, e-mail attachments or malicious web sites. [20] [21] State sponsored cyber-collections efforts have used official operating system certificates in place of relying on security vulnerabilities. In the Flame operation, Microsoft states that the Microsoft certificate used to impersonate a Windows Update was forged; [22] however, some experts believe that it may have been acquired through HUMINT efforts. [23]

Examples of operations

See also

Related Research Articles

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

Spyware is any software with malicious behavior that aims to gather information about a person or organization and send it to another entity in a way that harms the user by violating their privacy, endangering their device's security, or other means. This behavior may be present in malware and in legitimate software. Websites may engage in spyware behaviors like web tracking. Hardware devices may also be affected.

Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program. A keystroke recorder or keylogger can be either software or hardware.

<span class="mw-page-title-main">Timeline of computer viruses and worms</span> Computer malware timeline

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

Secure USB flash drives protect the data stored on them from access by unauthorized users. USB flash drive products have been on the market since 2000, and their use is increasing exponentially. As both consumers and businesses have increased demand for these drives, manufacturers are producing faster devices with greater data storage capacities.

<span class="mw-page-title-main">Kaspersky Lab</span> Russian multinational cybersecurity and anti-virus provider

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

GhostNet is the name given by researchers at the Information Warfare Monitor to a large-scale cyber spying operation discovered in March 2009. The operation is likely associated with an advanced persistent threat, or a network actor that spies undetected. Its command and control infrastructure is based mainly in the People's Republic of China and GhostNet has infiltrated high-value political, economic and media locations in 103 countries. Computer systems belonging to embassies, foreign ministries and other government offices, and the Dalai Lama's Tibetan exile centers in India, London and New York City were compromised.

Gh0st RAT is a Trojan horse for the Windows platform that the operators of GhostNet used to hack into many sensitive computer networks. It is a cyber spying computer program. The "RAT" part of the name refers to the software's ability to operate as a "Remote Administration Tool".

An advanced persistent threat (APT) is a stealthy threat actor, typically a state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.

Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.

Cyber crime, or computer crime, refers to any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Netcrime refers, more precisely, to criminal exploitation of the Internet. Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking, copyright infringement, identity theft, child pornography, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise.

Flame, also known as Flamer, sKyWIper, and Skywiper, is modular computer malware discovered in 2012 that attacks computers running the Microsoft Windows operating system. The program is used for targeted cyber espionage in Middle Eastern countries.

Cyberweapons are commonly defined as malware agents employed for military, paramilitary, or intelligence objectives as part of a cyberattack. This includes computer viruses, trojans, spyware, and worms that can introduce malicious code into existing software, causing a computer to perform actions or processes unintended by its operator.

Agent.BTZ, also named Autorun, is a computer worm that infects USB flash drives with spyware. A variant of the SillyFDC worm, it was used in a massive 2008 cyberattack on the US military, infecting 300,000 computers.

The following outline is provided as an overview of and topical guide to computer security:

The Shadow Network is a China-based computer espionage operation that stole classified documents and emails from the Indian government, the office of the Dalai Lama, and other high-level government networks. This incident is the second cyber espionage operation of this sort by China, discovered by researchers at the Information Warfare Monitor, following the discovery of GhostNet in March 2009. The Shadow Network report "Shadows in the Cloud: Investigating Cyber Espionage 2.0" was released on 6 April 2010, approximately one year after the publication of "Tracking GhostNet."

Regin is a sophisticated malware and hacking toolkit used by United States' National Security Agency (NSA) and its British counterpart, the Government Communications Headquarters (GCHQ). It was first publicly revealed by Kaspersky Lab, Symantec, and The Intercept in November 2014. The malware targets specific users of Microsoft Windows-based computers and has been linked to the US intelligence-gathering agency NSA and its British counterpart, the GCHQ. The Intercept provided samples of Regin for download, including malware discovered at a Belgian telecommunications provider, Belgacom. Kaspersky Lab says it first became aware of Regin in spring 2012, but some of the earliest samples date from 2003. Among computers infected worldwide by Regin, 28 percent were in Russia, 24 percent in Saudi Arabia, 9 percent each in Mexico and Ireland, and 5 percent in each of India, Afghanistan, Iran, Belgium, Austria, and Pakistan.

<span class="mw-page-title-main">Vault 7</span> CIA files on cyber war and surveillance

Vault 7 is a series of documents that WikiLeaks began to publish on 7 March 2017, detailing the activities and capabilities of the United States Central Intelligence Agency (CIA) to perform electronic surveillance and cyber warfare. The files, dating from 2013 to 2016, include details on the agency's software capabilities, such as the ability to compromise cars, smart TVs, web browsers including Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera, the operating systems of most smartphones including Apple's iOS, and Google's Android, and computer operating systems including Microsoft Windows, macOS, and Linux. A CIA internal audit identified 91 malware tools out of more than 500 tools in use in 2016 being compromised by the release. The tools were developed by the Operations Support Branch of the C.I.A.

This is a list of cybersecurity information technology. Cybersecurity is security as it is applied to information technology. This includes all technology that stores, manipulates, or moves data, such as computers, data networks, and all devices connected to or included in networks, such as routers and switches. All information technology devices and facilities need to be secured against intrusion, unauthorized use, and vandalism. Additionally, the users of information technology should be protected from theft of assets, extortion, identity theft, loss of privacy and confidentiality of personal information, malicious mischief, damage to equipment, business process compromise, and the general activity of cybercriminals. The public should be protected against acts of cyberterrorism, such as the compromise or loss of the electric power grid.

References

  1. "Residential proxy network use cases". GeoSurf. Retrieved 28 September 2017.
  2. 1 2 "Cyber Espionage". PC Magazine.
  3. "Cyberspying". Techopedia.
  4. Pete Warren, State-sponsored cyber espionage projects now prevalent, say experts , The Guardian, August 30, 2012
  5. Nicole Perlroth, Elusive FinSpy Spyware Pops Up in 10 Countries , New York Times, August 13, 2012
  6. Kevin G. Coleman, Has Stuxnet, Duqu and Flame Ignited a Cyber Arms Race? Archived 2012-07-08 at the Wayback Machine , AOL Government, July 2, 2012
  7. 1 2 Messmer, Ellen. "Cyber Espionage: A Growing Threat to Business". Archived from the original on January 26, 2021. Retrieved Jan 21, 2008.
  8. "Five Ways the Government Spies on You". The LockerGnome Daily Report. 7 November 2011. Archived from the original on 18 October 2019. Retrieved 9 February 2019.
  9. Vernon Silver, Spyware Matching FinFisher Can Take Over IPhones ,, Bloomberg, August 29, 2012
  10. "FinFisher IT Intrusion". Archived from the original on 2012-07-31. Retrieved 2012-07-31.
  11. "Hacking Team, Remote Control System". Archived from the original on 2016-12-15. Retrieved 2013-01-21.
  12. Mathew J. Schwartz, Weaponized Bugs: Time For Digital Arms Control , Information Week, 9 October 2012
  13. Ryan Gallagher, Cyberwar’s Gray Market , Slate, 16 Jan 2013
  14. Daniele Milan, The Data Encryption Problem Archived 2022-04-08 at the Wayback Machine , Hacking Team
  15. Robert Lemos, Flame stashes secrets in USB drives Archived 2014-03-15 at the Wayback Machine , InfoWorld, June 13, 2012
  16. how to spy on a cell phone without having access
  17. Pascal Gloor, (Un)lawful Interception Archived 2016-02-05 at the Wayback Machine , SwiNOG #25, 07 November 2012
  18. Mathew J. Schwartz, Operation Red October Attackers Wielded Spear Phishing , Information Week, January 16, 2013
  19. FBI Records: The Vault, Surreptitious Entries , Federal Bureau of Investigation
  20. Kim Zetter, "Flame" spyware infiltrating Iranian computers , CNN - Wired, May 30, 2012
  21. Anne Belle de Bruijn, Cybercriminelen doen poging tot spionage bij DSM , Elsevier, July 9, 2012
  22. Mike Lennon, Microsoft Certificate Was Used to Sign "Flame" Malware Archived 2013-03-07 at the Wayback Machine , June 4, 2012
  23. Paul Wagenseil, Flame Malware Uses Stolen Microsoft Digital Signature , NBC News, June 4, 2012
  24. "Red October" Diplomatic Cyber Attacks Investigation , Securelist, January 14, 2013
  25. Kaspersky Lab Identifies Operation Red October Archived 2016-03-04 at the Wayback Machine , Kaspersky Lab Press Release, January 14, 2013
  26. Dave Marcus & Ryan Cherstobitoff, Dissecting Operation High Roller Archived 2013-03-08 at the Wayback Machine , McAfee Labs
  27. "the Dukes, timeline". Archived from the original on 2015-10-13. Retrieved 2015-10-13.
  28. "The Dukes Whitepaper" (PDF).
  29. "F-Secure Press Room - Global".

Sources

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.