The latest Cyber Conflict news out the People’s Republic of China is very curious indeed and firmly supports the fact that Chinese State Sponsored hackers are targeting other international governments – including intelligence, military, and political objectives…
Earlier today here in Asia the alleged Chinese People’s Liberation Army (PLA) hacking unit of PuDong neighborhood in the City of Shanghai has resumed cyber targeting see the Foreign Policy article (http://www.foreignpolicy.com/node/1426054)…and yet today the People’s Republic of China demonstrated a new form of Internet Control for disaffected bloggers who disagree with the Communist Party of China (CPC)…death – you can see the story here; http://www.foreignpolicy.com/node/1426054.
Remember that with the Golden Shield Project (colloquially known as the Great Firewall of China), a Chinese State Sponsored DNS cache poisoning policy, the Internet the Western world enjoys is not what the average Chinese experiences in the People’s Republic of China…So, with the renewed Chinese hacking someone in Beijing must have approved certain Chinese state sponsored hacking activity through the Great Firewall of China…otherwise why would the CPC be putting to death those Chinese bloggers who would challenge the legitimacy of the current Chinese political regime? Hmmm….
I read two interesting articles today that reinforced how the underground economy associated with cyber-crime is still growing. The first, an article from Breech Security, talked about their analysis of web-hacking from 2007. Not surprisingly, they found that the majority of web hacking incidents they worked last year were geared towards theft of confidential information.
This has been true for the majority of incident response cases MSI has worked for a number of years now. The majority are aimed at gaining access to the underlying database structures and other corporate data stores of the organization. Clearly, the target is usually client identity information, credit card info or the like.
Then, I also read on darknet this morning that Finjin is saying they have been observing a group that has released a small P2P application for trading/sale of compromised FTP accounts and other credentials. Often, MSI has observed trading and sale of such information on IRC and underground mailing lists/web sites. Prices for the information are pretty affordable, but attackers with a mass amount of the data can make very good incomes from the sale. Often, the information is sold to multiple buyers – making the attacker even more money from their efforts.
Underground economies have been around since the dawn of capitalism. They exist for almost every type of contraband and law enforcement is usually quite unsuccessful at stamping them out. Obviously, they have now become more common around cyber-crime and these events that have “bubbled to the surface” are only glimpses of the real markets.
It is critical that information security teams understand these motivations and the way attackers think, target victims and operate. Without this understanding, they are not likely to succeed in defending their organizations from the modern attacker. If your organization still spends a great deal of time worrying about web page defacements and malware infections or if your security team is primarily focused around being “net cops”, it is pretty likely that they will miss the real threat from today’s cyber-criminals and tomorrow’s versions of organized crime.