Skip Navigation

Close and don't show again.

Your browser is out of date.

You may not get the full experience here on National Journal.

Please upgrade your browser to any of the following supported browsers:

Governments' Favorite Cyberweapons Don't Look Anything Like Stuxnet Governments' Favorite Cyberweapons Don't Look Anything Like Stuxnet

This ad will end in seconds
 
Close X

Not a member? Learn More »

Forget Your Password?

Don't have an account? Register »

Reveal Navigation
 

 

Tech

Governments' Favorite Cyberweapons Don't Look Anything Like Stuxnet

Think more along the lines of "criminal enterprise."

(Sebastian Widmann/AP)

photo of Brian Fung
April 23, 2013

The term “cyberwarfare” conjures images of hackers developing nasty scripts and viruses to be used by state militaries as an instrument of foreign policy. Stuxnet, the malware that disabled thousands of Iranian nuclear centrifuges, was all but confirmed as the product of U.S. and Israeli information warriors. But these kinds of sophisticated weapons are hard to cover up, harder to build and still harder to keep from getting out of control. Sexy as they are, tools like Stuxnet only make sense some of the time.

The rest of the time, according to an annual study of data breaches released today, state-affiliated attacks draw inspiration from a more common, though no less effective, source: the criminal world. The weapon of choice for most governments? Phishing, or the sending of fake emails that try to get targets to click malware-laden links or attachments.

Ninety-five percent of all data breaches that can be connected to a government IP address involve phishing attacks, per the study, which was conducted by Verizon’s RISK team. The yearly report looks at tens of thousands of reported attacks and examines the subsequent investigations by law enforcement and private cybersecurity firms.

 

How do we know that governments are deploying phishing attacks? A lot of it is based on educated guesswork, Ostertag admitted. Still, the RISK team doesn't make a determination on the culprit unless the circumstantial evidence is fairly strong.

“When we’re able to make a conclusion as to attribution,” he said, “it’s more through the use of MD5 hashing, and looking for a hard-coded IP address inside a piece of malware that’s affiliated with a known IP.” Known IP addresses often come in via government authorities who’ve been monitoring the addresses themselves. In all, Verizon’s partnered with 18 agencies around the world to gather its data, from the U.S. Secret Service to the Australian Federal Police.

Since the project began nearly a decade ago, Verizon’s data breach investigations report has tallied 2,500 confirmed penetrations that resulted in a loss of data. Over a billion personal records have been compromised. Not all of those were the result of government actions. But state-affiliated hacking attempts last year accounted for almost a fifth of all data breaches. Good thing some companies have started phishing their own employees to practice their defense.

LIKE THIS STORY? Sign up for Tech Edge

Sign up for our daily newsletter and stay on top of tech coverage.

Sign up form for Tech Edge
Job Board
Search Jobs
Digital and Content Manager, E4C
American Society of Civil Engineers | New York, NY
PRODUCT REVIEW ENGINEER
American Society of Civil Engineers | CA
Neighborhood Traffic Safety Services Intern
American Society of Civil Engineers | Bellevue, WA
United Technologies Research Fellow
American Society of Civil Engineers | New York, NY
Process Engineering Co-op
American Society of Civil Engineers | Conshohocken, PA
Electrical Engineer Co-op
American Society of Civil Engineers | Findlay, OH
Application Engineer/Developer INTERN - Complex Fluids
American Society of Civil Engineers | Brisbane, CA
Application Engineer - Internships CAE/CFD Metro Detroit
American Society of Civil Engineers | Livonia, MI
Chief Geoscientist
American Society of Civil Engineers
Application Engineer - Internships CAE/CFD Metro Boston
American Society of Civil Engineers | Burlington, MA
Professional Development Program Engineer
American Society of Civil Engineers | Farmington Hills, MI
Civil Enginering Intern - Water/Wastewater/Site-Development
American Society of Civil Engineers | Sacramento, CA
Staff Accountant
American Society of Civil Engineers | Englewood, CO
Biomedical Service Internship Position
American Society of Civil Engineers | Flint, MI
 
Comments
comments powered by Disqus