Monday, October 17, 2011

Nation state activity

Wanted to write about the increasing pace of "hacking" or "cyber-attack/exploitation" activities associated with nation-state actors. I'm not going to discuss the "hacktivist" activities or web page defacement that have been lingering for a while, only concerted theft of data or attacks (rather than annoyances)

Here are a couple of good articles and publicized nation-state attacks. Of course, it's important to note that it's much more fun for companies/people to claim it's a nation-state as it sounds more exciting and Hollywood ready. It's also wonderful for companies, because it removes the obligation to defend themselves ("how could we, they were a nation-state!") That said, just because every claim isn't automatically true doesn't mean that nations really aren't involved.

There is an overwhelming body of data showing that foreign activity to indicating that some nations (see, China) are actively involved in acquiring military and economic advantage by compromising foreign entities at a rapid rate. Short article on Wikipedia has some more information on that topic. There's a good article at the Economist discussing the topic as well, which reflects the increasing recognition by the main stream media about what's happening. Lots of material here, but strongly encourage you to take a look if you aren't already familiar with that data set.

Shady Rat (Multiple corporate compromises for IP, China)
McAfee writeup
Vanity fair article

SecurID compromise (?, presumably China)
Attacks on RSA

Attack on Iranian Nuclear Centrifuges (Israel)
See Stuxnet writeup here.

International Monetary Fund Attack (?)
Multiple articles, here's one.

DigiNotar Attack (Iran)
Iranian certificate attack post-mortem

United States/Iraq
Contemplated US attack

Writeup on possible past, future

North/South Activity

Russian attack on Estonia
NANOG presentation

Writeup on some of their activities

Would be interesting to expand these and track activities/capabilities by nation. Too much work for me unfortunately, but if anyone knows of something like that that's published I'd love to reference it.

Bottom line is it's clear that movement is on a significant uptick and the trend doesn't appear to be abating any time soon. Would recommend increased investment/attention by the defensive community and look at how to secure the user, supply chain, and remote attacks through training, technology and wise deployment. And try to stay out of the crossfire...