UK’s Computers Hit by 120 Countries

The security service MI5 has asked consultants KPMG to lead a group to monitor cases of industrial espionage and co-ordinate information between Britain's leading companies.

MI5 is increasingly concerned at attempts by foreign governments to hack into the computer systems of major firms, and last week accused China of trying to steal corporate secrets.

KPMG, which works closely with the GCHQ listening station, is creating a "risk management information exchange", with a team of security and IT experts to assess "threat levels" and warn of imminent dangers.

If a company discovers attempts to breach computer security through, say, viruses, the information can be passed to MI5 and other companies using the KPMG group.

Last week, the director-general of MI5, Jonathan Evans, sent confidential letters to 300 chief executives and security heads at major companies warning about "electronic espionage" from "Chinese state organisations".

It was later reported that Rolls-Royce and Royal Dutch Shell had faced attempts to breach their computer security systems. The US and France have accused China of industrial espionage - which Beijing strongly denied. China has yet to respond to the MI5 claims.............

Government and military computer systems are coming under sustained attack from China and other countries, a significant study says today.

The annual Virtual Criminology REPORT, which draws on interviews with senior staff at organisations such as the  SOCA | Serious Organised Crime Agency, Nato North Atlantic Treaty Organization and the FBI Federal Bureau of Investigation, says that Britain has entered a “cyber-Cold War” in which web-based espionage poses the biggest threat to national security.

It envisages a future where rogue governments and criminal gangs target the computer systems that run electricity, air traffic control, financial markets and computer networks.

Governments are increasingly spying on other nations via the net. Not only that, but they're actually carrying out attacks with national infrastructure systems as their targets. And that's not only Government networks, but also services such as financial systems and electricity grids.

120 countries are now using the Internet for Web espionage operations and the situation has "progressed from initial curiosity probes to well-funded and well organised operations for political, military, economic and technical espionage."

The report points out that many cyber attacks originate from China, and the Chinese have publicly stated that they are pursuing activities in cyber-espionage.

NATO insiders believe many Governments are still unaware of the threat - as shown by the attack on Estonia earlier this year that disrupted Government services and banking websites. Such espionage has become more sophisticated as security systems also get more comprehensive. "Traditional protective measures were not enough to protect against the attacks on Estonia's critical national infrastructure," the insiders are quoted as saying in the report."

"Botnets unsurprisingly were used but the complexity and coordination seen was new. There were a series of attacks with careful timing using different techniques and specific targets. The attackers stopped deliberately rather than being shut down."

The report was compiled by Dr Ian Brown from Oxford University and Professor Lilian Edwards from the University of Southampton............

Estonia’s problems were particularly severe. Co-ordinated spam attacks disrupted government systems, disabled news services and brought down online banking sites for almost 24 hours.

And the problem is only going to get worse.
Some states are still testing the boundaries, said IInternational Institute for
Counter-Terrorism expert Yael Shahar.

“The whole sequence of events in Estonia looked a lot like something a government would do to check how much it could get away with,” she said.

Estonia has comparatively robust cyber defence systems. A similar attack on the UK might have more serious consequences, says the report, commissioned by McAfee.............

Social networking sites and online banking will be a major target for attacks next year as criminals continue to make money from mining personal data and commiting ID fraud, according to new pieces of research.

The annual Virtual Criminology Report is commissioned by security vendor McAfee and draws on sources including the  Oxford Internet Institute, the  LSE's Information Systems Integrity Group and the Met's Computer Crime Unit. It warned that attacks on web-based services such as online banking will be one of the ten biggest global security threats in 2008 and may crucially damage consumer confidence in such services.

Peer-to-peer and social networking applications in particular were highlighted as prime targets for criminal gangs to harvest personal information, which could be used in future targeted phishing attacks, or to sell on the black market..........

As more of us rely on the web for shopping, banking, socializing, and carrying on everyday business activities, cyber criminals are capitalizing on every opportunity to commit fraud, identity theft, and extortion. Ingenious cyber criminals have evolved “super-strength” threats that are harder and harder to detect and can be modified on the fly. And, emerging technologies like voice over IP and smartphones are fostering new threats like "vishing” and “phreaking.” How will these developments affect consumer trust and purchasing behavior?..........

"It's key that the people running the web servers are keeping their systems updated with the relevant security," warned Oxford Institute's Dr Ian Brown. " Malware has become very sophisticated and can be aimed at specific companies, making it trickier for security writers to [mitigate the threat]."

The UK's financial institutions also came in for some criticism, despite banks such as Barclays rolling out two-factor authentication during 2007 in an attempt to halt fraud.

“User-interface tricks to improve customer security do not seem promising and customer testing will be very problematic with card readers,” wrote Cambridge Univerity's Richard Clayton in the report. “What we need is banks controlling transfers more carefully, spotting patterns, limiting transfers out to trusted recipients like gas companies."

Paul Henry, technology evangelist for security giant Secure Computing, said he was "incredibly disappointed" in the response from financial institutions to the phishing epidemic.

He added that enterprise security policies must involve protection across all protocols to work effectively, while firms need to classify their data more rigorously to mitigate any risk of loss or improper disclosure...........

This underground economy already includes specialized auction sites, product advertising and even support services, but now competition is so fierce that 'customer service' has become a specific selling point. -- Laws of supply and demand apply:

The cost of renting a platform for spamming has dropped, and criminals can now buy custom-written Trojans built to steal credit card data. –

'White market' fueling thriving black market: The 'white market' that exists to buy and sell software flaws (back-door vulnerabilities with no available patch to fix them) is fueling a virtual arms trade in potentially significant security threats.

Software flaws can fetch big money -- up to $75,000, and experts believe that while this white market exists there is an increasing danger of flaws falling into the hands of cybercriminals...........