Friday, April 3, 2009

Glimpses into the 21st Century Threat Matrix: From International Intrigue to Petty Fraud


Nearly 1,300 computers in more than 100 countries have been attacked and have become part of a computer espionage network apparently based in China ... Reports: Cyberspy network targets governments, CNN, 3-29-09

Just days after his apprehension in Mexico following two years on the run from law enforcement authorities, an alleged hacker was indicted this week by a federal grand jury for hacking into the computer networks of voice-over-IP service providers ...Sharon Gaudin, Fugitive hacker indicted for running VoIP scam, Computerworld, 2-18-09

Glimpses into the 21st Century Threat Matrix: From International Intrigue to Petty Fraud

Two recent headline stories, one from CNN and one from Computerworld, highlight the breathtaking scope of cyber attack motivations, from international intrigue to petty fraud, from global espionage to digital theft of service. Establishing a cyber security posture that takes both ends of the spectrum into sufficient account is a daunting challenge. And, of course, there are those who cavalierly assume they do not have to think about one end of the spectrum or the other.

Here are brief excerpts from both stories, with links to the full texts:

Nearly 1,300 computers in more than 100 countries have been attacked and have become part of a computer espionage network apparently based in China, security experts alleged in two reports Sunday. The network was discovered after computers at the Dalai Lama's office were hacked, researchers say. Computers -- including machines at NATO, governments and embassies -- are infected with software that lets attackers gain complete control of them, according to the reports. One was issued by the University of Toronto's Munk Centre for International Studies in conjunction with the Ottawa, Canada-based think tank The SecDev Group; the second came from the University of Cambridge Computer Laboratory. Researchers have dubbed the network GhostNet. The network can not only search a computer but see and hear the people using it, according to the Canadian report. Reports: Cyberspy network targets governments, CNN, 3-29-09

Just days after his apprehension in Mexico following two years on the run from law enforcement authorities, an alleged hacker was indicted this week by a federal grand jury for hacking into the computer networks of voice-over-IP service providers. Edwin Pena had been arrested in June 2006 on computer and wire fraud charges. The U.S. government charged that Pena and a cohort hacked into the computer networks from November 2004 to May 2006. Pena then resold the VoIP services to his own customers. Sharon Gaudin, Fugitive hacker indicted for running VoIP scam, Computerworld, 2-18-09

-- Richard Power