-->

Cyber Threats History: A New Cold War (Present)


This is the decade of cloud computing, the rise of hacktivism and the birth of real cyberwarfare. Who knows what else is going to happen? Cyber attacks continue to rise at a great pace, increasing 42 percent in 2012 from the previous year and IT security experts have no reason to believe that it'll slow down. On the contrary, most experts believe cyber threats will not only grow in frequency, but will also become more sophisticated. Hackers are now either criminals out to make money, activists out to protest or governments engaged in targeting their own citizens or attacking other governments, whether for espionage or cyberwarfare. This new level of resources and sophistication makes life very difficult for those charged with defending networks from attack.

Historical Landmarks


2010


Dozens of technology companies - most in Silicon Valley - have their computer networks infiltrated by hackers located in China. Google publicly reveals that it has been sustaining a highly sophisticated and targeted attack on their corporate infrastructure also originating from China that resulted in the theft of intellectual property. The attacks are named Operation Aurora and official Chinese media responds stating that the incident is part of a U.S. government conspiracy.

Operation Aurora

Britain announces it will devote $1 billion to building new cyber defenses. Iain Lobban, the director of the Government Communications Headquarters, says the country faces a "real and credible" threat from cyber attacks by hostile states and criminals as government systems are targeted 1,000 times each month, threatening Britain's economy.


Iran is attacked by the Stuxnet worm, thought to specifically target its Natanz nuclear enrichment facility. The worm is unusual in that while it spread via Windows computers, its payload targeted just one specific model and type of SCADA systems. Stuxnet is said to be the most advanced piece of malware ever discovered and significantly increases the profile of cyberwarfare. It slowly becomes clear that it is a real cyber attack on Iran's nuclear facilities - with most experts believing that Israel is behind it - perhaps with US help. Stuxnet is the world's first publicly verified military-grade cyber weapon capable of destroying machinery and the attack significantly delays Iran's uranium enrichment program by damaging 1,000 centrifuges.

The first Malware Conference, MALCON takes place in India. Malware coders are invited to showcase their skills at this annual event and an advanced malware for Symbian OS is released.

MALCON

A group calling itself the Indian Cyber Army hacked the websites belonging to the Pakistan Army and the others belong to different ministries, including the Ministry of Foreign Affairs, Ministry of Education, Ministry of Finance, Pakistan Computer Bureau, Council of Islamic Ideology, etc. The attack was done as a revenge for the Mumbai terrorist attacks, which had the confirmed involvement of Pakistani terrorists.

Indian Cyber Army

In response to Indian Cyber Army defacing Pakistani websites, 1000+ Indian websites were defaced by several Pakistani hackers.

A group calling itself the Pakistan Cyber Army hacked the website of India's top investigating agency, the Central Bureau of Investigation.

Pakistan Cyber Army

A newspaper from Texas, uncovers evidence of cyber espionage attacks in 2008 and 2009 on at least three large US oil companies, which included the theft of proprietary "bid data" for energy discoveries worldwide. A Chinese connection is suspected by some at the attacked companies.

A California-based company files a $2.2 billion suit alleging that two Chinese companies stole software code and then distributed it to tens of millions of end users in China.

Richard Clarke, former counterterrorism director for Presidents Bill Clinton and George W. Bush, publishes the book "Cyber War" He warns of the possibility of an "electronic Pearl Harbor" - a cyberattack that could induce power blackouts, refinery explosions, subway crashes, and other disasters in 150 cities across the US.

Cyber War

The Pentagon formally recognizes cyberspace as a "new domain of warfare."

A Pentagon official calls for the US and Europe to cooperate on a cybershield modeled after a nuclear missile shield NATO is developing.

The Cyber Conflict Studies Association in Washington reports that more than 100 counties now have cyber conflict capabilities.

CCSA

Germany's Interior Ministry announces it will set up a national cyber defense center.

Anonymous DDoS-attacked Australian government websites against the government's attempt to filter the Internet.

European Climate Exchange's website was targeted by hacktivists operating under the name of Decocidio #ϴ. The website showed a spoof homepage for around 22 hours in an effort to promote the contention that carbon trading is a false solution to the climate crisis.

Decocidio

The websites of both Mastercard and Visa are the subject of an attack by Anonymous, reacting to the two companies' decision to stop processing payments to Wikileaks.

Wikileaks

Reuters investigators discovered a series of serious security breaches that VeriSign had been less than forthcoming about. Some of these hacks had taken place two years earlier, with senior management at Verisign not being made aware of them until 2010. Verisign is one of the most important companies on the internet. It is a key part of the Domain Name System and it specializes in the SSL certificates that enable e-commerce sites to process payments via encrypted HTTPS. It is a business built entirely on trust and without it, the internet wouldn't work very well. The full extent of the Verisign hack is not clear.

Verisign

2011


Over 200,000 customers' names, contact details, account numbers and other information are compromised in an attack against Citigroup. The thieves manage to steal $2.7m from credit card accounts.

Citigroup
The personal information - including credit and debit card data - of tens of millions of PlayStation Network and Sony Online Entertainment users is stolen by an as yet unknown group of assailants. Experts estimate that the damage may range from $1 to $2bn, making it possibly the costliest cyber-hack ever.

Sony Playstation Network

The hacker group Lulz Security is formed.

Lulz Security

Dmitri Alperovitch, Vice President of Threat Research at McAfee picks up the trail of a huge number of hacks and security breaches involving multiple hackers and targeting private companies, governments all over the world and even the International Olympic Committee. Since 2006, defense contractors; entertainment companies; the United Nations and other groups have all been hacked by an army of hackers as part of what McAfee calls "a five year targeted operation by one specific actor." Alperovitch names the attacks Operation Shady RAT (from Remote Access Tool) and all evidence point to China.

TiGER-MATE, a Bangladeshi hacker, sets a new record for the most websites hacked in a single attack. By targeting the data center of web hosting company InMotion, TiGER-MATE is able to deface the home page of 700,000 sites in one fell stroke.

The websites of the government of Zimbabwe are targeted by Anonymous due to censorship of the Wikileaks documents.

Anonymous launches DDOS attacks against the Tunisian government websites due to censorship of the Wikileaks documents and the 2010-2011 Tunisian protests.

Anonymous, in response to the 2011 Egyptian protests, attacks Egyptian government websites.

LulzSec and Anonymous launch Operation AntiSec, an enormous hacktivist operation aiming many companies and government agencies.

Lulz Security & Anonymous

A hacker called AnonymousPEF attempts a Fire Sale, made famous by the film Live Free or Die Hard, but fails. However is still the first of its kind.

Estonia unveils plans to create a cybermilitia called the "Cyber Defense League," a group of volunteer scientists and others that in wartime would operate under military command.

Cyber Defence League

Creech Air Force Base's drone and Predator fleet's command and control data stream is keylogged, resisting all attempts to reverse the exploit, for two weeks The Air Force issues a statement that the virus had "posed no threat to our operational mission".

The YouTube channel of Sesame Street is hacked, streaming pornographic content for about 22 minutes.

Duqu, a computer worm related to the Stuxnet worm, is discovered in Budapest. It appears not to be destructive because the known components are only trying to gather information that could be useful in attacking industrial control systems.

2012


A group of Norwegians hackers, Team Appunity, is arrested for breaking into and publishing the user database of Norway's largest prostitution website.

Team Appunity

The Flashback trojan, which started spreading in late 2011 affecting personal computer systems running Mac OS X, is discovered. The trojan targets a Java vulnerability on Mac OS X and uses basic encryption to bind downloaded modules to the infected system.

Swagg Security, a rising hacker group, hacks Foxconn and releases a massive amount of data including email logins, server logins, and bank account credentials of large companies like Apple and Microsoft.

Swagg Security

Flame, a modular computer malware that attacks computers running Windows, is discovered while being used for targeted cyber espionage in Middle Eastern countries. Flame is a sophisticated attack toolkit, which is a lot more complex than Duqu. It is a backdoor, a Trojan, and it has worm-like features, allowing it to replicate in a local network and on removable media if it is commanded so by its master. It can record audio, screenshots, keyboard activity, network traffic, Skype conversations and can turn infected computers into Bluetooth beacons which will attempt to download contact information from nearby Bluetooth-enabled devices.

Swagg Security hacks Farmers Insurance, Mastercard, and several other high-level government sites releasing several thousand usernames and logins, as well as other confidential information.

India is accused of hacking a U.S commission's e-mail communications, which primarily dealt with the economic and security relations between U.S and China.

Anonymous attacks the Department of Justice and the FBI websites in response to the shutdown of the file sharing website Megaupload.

Megaupload

Gauss, an espionage trojan created by the same actors behind the Flame malware, is discovered: The authors encrypted the payload of the attack using a key derived from a 10,000-iteration hash on two attributes of the infected system. Gauss is a complex cyber-espionage toolkit platform, highly modular and supports new functions which can be deployed remotely by the operators in the form of plugins. Gauss's use of DRM highlights sophisticated and forward-looking nature of nation-state threats.

2013


Read the next post…

Previous Chapter