Information Warfare: The Secret Menace

Archives

April 9, 2009: In the United States, the FBI deals with computer crime. Last year, the FBI received 275,000 reports of computer crimes, involving losses of $265 million. Actual losses, and incidents, are believed to be several times larger. The reported incidents were up 33 percent from the previous year. Most of the losses were due to credit card and bank fraud. There was also a lot of information theft and corporate (and military) espionage. A lot of the hacking, and fraud, is facilitated by email. Currently, about 94 percent of all email is spam, seeking to run scams or infect PCs with software that will take them over.

The extent and effectiveness of this Internet based crime has military implications, because the same tools used by criminal hackers, are employed by Cyber War specialists. For military users, the key tactic is building a large arsenal of Cyber War weapons. It works like this. Cyber War weapons consist of freshly discovered, and exploitable, defects in software that runs on the Internet. You want to be the first person to find one of these defects, because these flaws enable a hacker to get into other peoples networks. Called "Zero Day Exploits" (ZDEs), in the right hands, these flaws can enable criminals to pull off a large online heist, or Cyber Warriors can do enormous damage to enemy networks.

China, for example, obtains these ZDEs the same way they have become the place where software manufacturers go to get their software (especially game software) tested cheaply, and thoroughly. In China, you can fill up a large hall hundreds of bright, but otherwise unemployed, Chinese guys, equip them with PCs, and instructions on what to do to test software. Offer bonuses for those who find flaws, and off you go. Finding ZDEs is basically the same drill, except it takes a week or so of on-the-job training to familiarize your searchers with the testing and searching tools (some of them available at hacking sites) used to dig around in software for flaws.

Every time a publisher patches software (Windows, WORD, email software, various browsers, and so on), they create new flaws. As soon as the publisher finds an exploitable flaw, they patch them. So there's never a lack of work for the ZDE crews. Some of these exploit research operations work for criminal gangs, that quickly use the ZDE for some scam, or auction the ZDE off to someone who can, or thinks they can, make a buck with it.

It's unclear what the relationship is between the government supported (Cyber War) ZDE search operations, and those run by criminal gangs. Because ZDEs are perishable, maintaining an arsenal of them is expensive. But apparently the military sells of some of those that appear to have more criminal than military value. At the same time, the Chinese Cyber War organization may be buying those with more military than criminal value.

Another way to make the most of ZDEs is to use them, when it appears they are about to be neutralized by a software patch. The ZDEs can be used to infiltrate lots of PCs, especially government or military ones, or in civilian organizations that have military potential, and install secret control software. This turns the compromised PCs into "zombies" that can be taken over whenever you want (or at least those that don't get dezombified, which often happens the longer the zombie software is in place.)

Even before ZDEs became a valuable commodity, there were individuals, and small groups, that sought them out. But apparently the Chinese approach is much more productive. The Chinese criminal gangs are becoming much more active in Internet related crime as a result. There has also been an upsurge in known attacks on American government sites, that appear to emanate from China. Governments find that they can use the Internet criminal techniques for espionage, and this has become a major activity with military Cyber War organizations.

 

X

ad

Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contribute. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   contribute   Close