20 August 2014

Intelligence Warning of Hostilities: Surge of Cyber Attacks Preceded Both the Russian Invasion of Crimea and the Gaza Strip Conflict

Gaza and Crimea conflicts could have been predicted by monitoring cyber attacks

Harriet Alexander
Daily Telegraph
August 14, 2014

Inside the Carmel Tunnels in Haifa, Israel, which were targeted by a “Trojan” programme that nearly shut down the city Photo: Alamy

Surges in cyber attacks could be used as an early warning system to predict conflicts between countries, researchers from an internet security company have found.

Before both the recent Gazaconflict and the annexation of Crimea analysts noted a spike in “malware” – malicious software – sending out messages.

"We can see the digital equivalent of troops on the border," said Kevin Thompson, a threat analyst for FireEye – the security company which carried out the research.

Many countries are now using malware to both gather intelligence and actively attack targets in hostile countries.

"If the US, or Korea, or Japan was about to go to war, you would see a bump in callbacks – it’s just part and parcel of today’s national security undertakings," said Kenneth Geers, one of the researchers.

FireEye analysed the amount of communications sent by malware programmes over the past 18 months – using data collected from more than 5,000 corporate and government clients around the world. They looked at the so-called “callback” messages which malware sends once it is installed within a network, usually to “phone home” and report its status to the controllers or receive new commands.

And they discovered that, amid the millions of messages captured, there was a dramatic spike in malware signals in the lead-up to the conflict between Russia and Ukraine over the future of Crimea, and in the days before Israel’s recent hostilities with Hamas in Gaza.

Now FireEye are hoping to extend their research to see whether there it still applies over a longer time frame.

"We’d like to look back at a whole year of data and try to correlate with all the world events in the same period," said Mr Thompson.

Stewart Rowles, assistant director for operations at KCS – a strategic intelligence firm – said that governments were increasingly monitoring surges in malware attacks to identify potential conflicts.

"Malware is not only used by fraudsters but also by governments and terrorist groups – who now devote significant resources to create legions of cyber warriors whose only function is to spy on rival powers," he told The Telegraph.

"Cyber espionage and, increasingly, cyber warfare are now such an integral part of any conflict that spikes in malware activity in a specific region are increasingly used by the world’s intelligence services to identify ‘hot spots’ around the globe, which are likely to explode into conflict of some sort."

One of Israel’s major infrastructure hubs was shut down by a cyber-attack last September, according to insiders. Haifa’s Carmel Tunnels were targeted by a “Trojan” programme that nearly shut down the city, according to itproportal.com.

Iran, in return, has accused the US and Israel of sending computer programmes to destroy their nuclear facilities.

And hackers based in or near Moscow have “systematically targeted” diplomats at embassies belonging to former Eastern Bloc countries around the world, according to internet security experts who have been tracking the activity for at least four years and recently revealed details.

No comments: