Skip Navigation

Close and don't show again.

Your browser is out of date.

You may not get the full experience here on National Journal.

Please upgrade your browser to any of the following supported browsers:

Governments' Favorite Cyberweapons Don't Look Anything Like Stuxnet Governments' Favorite Cyberweapons Don't Look Anything Like Stuxnet

This ad will end in seconds
 
Close X

Not a member? Learn More »

Forget Your Password?

Don't have an account? Register »

Reveal Navigation
 

 

Tech

Governments' Favorite Cyberweapons Don't Look Anything Like Stuxnet

Think more along the lines of "criminal enterprise."

(Sebastian Widmann/AP)

photo of Brian Fung
April 23, 2013

The term “cyberwarfare” conjures images of hackers developing nasty scripts and viruses to be used by state militaries as an instrument of foreign policy. Stuxnet, the malware that disabled thousands of Iranian nuclear centrifuges, was all but confirmed as the product of U.S. and Israeli information warriors. But these kinds of sophisticated weapons are hard to cover up, harder to build and still harder to keep from getting out of control. Sexy as they are, tools like Stuxnet only make sense some of the time.

The rest of the time, according to an annual study of data breaches released today, state-affiliated attacks draw inspiration from a more common, though no less effective, source: the criminal world. The weapon of choice for most governments? Phishing, or the sending of fake emails that try to get targets to click malware-laden links or attachments.

Ninety-five percent of all data breaches that can be connected to a government IP address involve phishing attacks, per the study, which was conducted by Verizon’s RISK team. The yearly report looks at tens of thousands of reported attacks and examines the subsequent investigations by law enforcement and private cybersecurity firms.

 

How do we know that governments are deploying phishing attacks? A lot of it is based on educated guesswork, Ostertag admitted. Still, the RISK team doesn't make a determination on the culprit unless the circumstantial evidence is fairly strong.

“When we’re able to make a conclusion as to attribution,” he said, “it’s more through the use of MD5 hashing, and looking for a hard-coded IP address inside a piece of malware that’s affiliated with a known IP.” Known IP addresses often come in via government authorities who’ve been monitoring the addresses themselves. In all, Verizon’s partnered with 18 agencies around the world to gather its data, from the U.S. Secret Service to the Australian Federal Police.

Since the project began nearly a decade ago, Verizon’s data breach investigations report has tallied 2,500 confirmed penetrations that resulted in a loss of data. Over a billion personal records have been compromised. Not all of those were the result of government actions. But state-affiliated hacking attempts last year accounted for almost a fifth of all data breaches. Good thing some companies have started phishing their own employees to practice their defense.

LIKE THIS STORY? Sign up for Tech Edge

Sign up for our daily newsletter and stay on top of tech coverage.

Sign up form for Tech Edge
Job Board
Search Jobs
Biomedical Service Internship Position
American Society of Civil Engineers | Flint, MI
Fire Sprinkler Inspector
American Society of Civil Engineers | Charlotte, NC
Professional Development Program Engineer
American Society of Civil Engineers | Farmington Hills, MI
Deputy Director of Transit Operations
American Society of Civil Engineers | San Jose, CA
Transportation Planner
American Society of Civil Engineers | Salinas, CA
Assistant Professor - Water Resources/Ecological Engineering
American Society of Civil Engineers | Auburn, AL
Product Manager - Chemical Development and Supply - Tulsa, OK
American Society of Civil Engineers | Tulsa, OK
Commissioning Intern
American Society of Civil Engineers | Chicago, IL
Assessment and Remediation Team Lead
American Society of Civil Engineers | Regina, SK
Business Development Manager
American Society of Civil Engineers
Sr. Controls Systems Engineer
American Society of Civil Engineers | Grand Island, NE
Senior Project Manager- Transportation
American Society of Civil Engineers | San Antonio, TX
Materials Engineer 2
American Society of Civil Engineers | IL
Land Surveyor
American Society of Civil Engineers
Quality Engineer
American Society of Civil Engineers | Attica, IN
 
Comments
comments powered by Disqus