Cyber spying explained

Cyber spying, cyber espionage, or cyber-collection is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information using methods on the Internet, networks or individual computers through the use of proxy servers,[1] cracking techniques and malicious software including Trojan horses and spyware.[2] [3] Cyber espionage can be used to target various actors- individuals, competitors, rivals, groups, governments, and others- in order to obtain personal, economic, political or military advantages. It may wholly be perpetrated online from computer desks of professionals on bases in far away countries or may involve infiltration at home by computer trained conventional spies and moles or in other cases may be the criminal handiwork of amateur malicious hackers and software programmers.

History

Cyber spying started as far back as 1996, when widespread deployment of Internet connectivity to government and corporate systems gained momentum. Since that time, there have been numerous cases of such activities.[4] [5] [6]

Details

Cyber spying typically involves the use of such access to secrets and classified information or control of individual computers or whole networks for a strategic advantage and for psychological, political and physical subversion activities and sabotage.[7] More recently, cyber spying involves analysis of public activity on social networking sites like Facebook and Twitter.[8]

Such operations, like non-cyber espionage, are typically illegal in the victim country while fully supported by the highest level of government in the aggressor country. The ethical situation likewise depends on one's viewpoint, particularly one's opinion of the governments involved.[7]

Platforms and functionality

Cyber-collection tools have been developed by governments and private interests for nearly every computer and smart-phone operating system. Tools are known to exist for Microsoft, Apple, and Linux computers and iPhone, Android, Blackberry, and Windows phones.[9] Major manufacturers of Commercial off-the-shelf (COTS) cyber collection technology include Gamma Group from the UK[10] and Hacking Team from Italy.[11] Bespoke cyber-collection tool companies, many offering COTS packages of zero-day exploits, include Endgame, Inc. and Netragard of the United States and Vupen from France.[12] State intelligence agencies often have their own teams to develop cyber-collection tools, such as Stuxnet, but require a constant source of zero-day exploits in order to insert their tools into newly targeted systems. Specific technical details of these attack methods often sells for six figure sums.[13]

Common functionality of cyber-collection systems include:

the device microphone can be activated in order to record audio. Likewise, audio streams intended for the local speakers can be intercepted at the device level and recorded.

Infiltration

There are several common ways to infect or access the target:

A carefully crafted e-mail is sent to the target in order to entice them to install the malware via a Trojan document or a drive by attack hosted on a web server compromised or controlled by the malware owner.[18]

Cyber-collection agents are usually installed by payload delivery software constructed using zero-day attacks and delivered via infected USB drives, e-mail attachments or malicious web sites.[20] [21] State sponsored cyber-collections efforts have used official operating system certificates in place of relying on security vulnerabilities. In the Flame operation, Microsoft states that the Microsoft certificate used to impersonate a Windows Update was forged;[22] however, some experts believe that it may have been acquired through HUMINT efforts.[23]

Examples of operations

See also

Sources

External links

Notes and References

  1. Web site: Residential proxy network use cases. GeoSurf. 28 September 2017.
  2. Web site: Cyber Espionage. PC Magazine.
  3. Web site: Cyberspying. Techopedia.
  4. Pete Warren, State-sponsored cyber espionage projects now prevalent, say experts, The Guardian, August 30, 2012
  5. Nicole Perlroth, Elusive FinSpy Spyware Pops Up in 10 Countries, New York Times, August 13, 2012
  6. Kevin G. Coleman, Has Stuxnet, Duqu and Flame Ignited a Cyber Arms Race? , AOL Government, July 2, 2012
  7. Web site: Messmer. Ellen. Cyber Espionage: A Growing Threat to Business. Jan 21, 2008. January 26, 2021. https://web.archive.org/web/20210126055427/https://www.pcworld.com/article/141474/article.html. dead.
  8. Web site: Five Ways the Government Spies on You. 7 November 2011. The LockerGnome Daily Report. 9 February 2019. 18 October 2019. https://web.archive.org/web/20191018234113/https://lockergnome.com/2011/11/07/five-ways-the-government-spies-on-you/. dead.
  9. Vernon Silver, Spyware Matching FinFisher Can Take Over IPhones,, Bloomberg, August 29, 2012
  10. Web site: FinFisher IT Intrusion . 2012-07-31 . https://wayback.archive-it.org/all/20120731073430/http://www.finfisher.com/FinFisher/en/index.php . 2012-07-31 . dead .
  11. Web site: Hacking Team, Remote Control System . 2013-01-21 . https://web.archive.org/web/20161215165754/http://www.hackingteam.it/index.php/remote-control-system . 2016-12-15 . dead .
  12. Mathew J. Schwartz, Weaponized Bugs: Time For Digital Arms Control, Information Week, 9 October 2012
  13. Ryan Gallagher, Cyberwar’s Gray Market, Slate, 16 Jan 2013
  14. Daniele Milan, The Data Encryption Problem, Hacking Team
  15. Robert Lemos, Flame stashes secrets in USB drives , InfoWorld, June 13, 2012
  16. https://www.youtube.com/watch?v=elgj2ZFMZDE how to spy on a cell phone without having access
  17. Pascal Gloor, (Un)lawful Interception , SwiNOG #25, 07 November 2012
  18. Mathew J. Schwartz, Operation Red October Attackers Wielded Spear Phishing, Information Week, January 16, 2013
  19. FBI Records: The Vault, Surreptitious Entries, Federal Bureau of Investigation
  20. Kim Zetter, "Flame" spyware infiltrating Iranian computers, CNN - Wired, May 30, 2012
  21. Anne Belle de Bruijn, Cybercriminelen doen poging tot spionage bij DSM, Elsevier, July 9, 2012
  22. Mike Lennon, Microsoft Certificate Was Used to Sign "Flame" Malware , June 4, 2012
  23. Paul Wagenseil, Flame Malware Uses Stolen Microsoft Digital Signature, NBC News, June 4, 2012
  24. "Red October" Diplomatic Cyber Attacks Investigation, Securelist, January 14, 2013
  25. Kaspersky Lab Identifies Operation Red October , Kaspersky Lab Press Release, January 14, 2013
  26. Dave Marcus & Ryan Cherstobitoff, Dissecting Operation High Roller , McAfee Labs
  27. Web site: the Dukes, timeline. 2015-10-13. https://web.archive.org/web/20151013095556/https://campaigns.f-secure.com/dukes-timeline/index.html. 2015-10-13. dead.
  28. Web site: The Dukes Whitepaper. https://web.archive.org/web/20151209123302/https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf. 2015-12-09. live.
  29. Web site: F-Secure Press Room - Global.