The Exchange

Cyber Plots: If You’re Reading This, You’re Not Safe

Officials in both the United States and China are fond of saying they're the frequent targets of cyber criminals, and they're right. Incidentally, the two nations also often serve as the launch pad for attacks.

View gallery

.
Facebook server room: Credit AP
It's especially true of the former. When it comes to cyber crimes' origin and destination, American soil is in a league all its own. Based on data from McAfee Labs, the U.S. is "both the source and the target of much of the Internet's malicious activity," with browser-based attacks standing as the most frequent examples.

That's regularly found to be the case, though it doesn't necessarily mean Americans specifically are dominating the computer-infiltration game. Some of the nation's residents undoubtedly are drilling their way into places they don't belong, but the fact that the U.S. serves as home turf for so many bad actors is really a function of its sophisticated, massive Internet infrastructure. Nowadays, malicious programmers living anywhere in the world have the ability to set in motion server-based attacks without physically being in the U.S.

And on top of that, particularly expansive technological know-how isn't a requirement.

"You don't even need necessarily to have a great amount of computer expertise in order to build a botnet or do something like that," says Adam Wosotowsky, messaging operations architect for McAfee Labs, and one of the authors of the McAfee Threats Report: First Quarter 2013. "You just need to get these off-the-shelf packages for doing it. It does not take an expert anymore."

By off-the-shelf, he means going to one of the sites that exist on the Web for discussing, sharing and "enhancing" malware and finding what you're looking for. Yes, they're out there.

Crossing borders

President Obama and his Chinese counterpart, Xi Jinping, met to discuss the hoodlums of cyberspace this past weekend, a conversation that included covering the U.S.'s belief that China's military is spying on American targets. Not surprisingly, this is a point of contention between the governments. Xi's position, stated before from Beijing, is that China is itself a casualty of those who are up to no good.

[Related: How the Feds Snatch Surveillance Data From Tech Firms]

Here, McAfee's data back him up, at least in terms of a common database-intrusion technique called a SQL (structured query language) injection. As shown in the pie chart on the right below, the U.S. frequently plays the role of victim as well. What's simultaneously true is that both are prominently represented on the "giving" side, too.

View gallery

.
SQL injection attacks

Source: McAfee Labs

Other than reaching vague, unofficial goals of having better security and opposing hackers, it doesn't appear anything of significant note came out of the conference with regard to cyber security.

Even if it had, it might well have been overshadowed by last week's reports that the U.S. government has secret arrangements with a number of phone and Internet companies, including Google (GOOG) and Yahoo! (YHOO), the publisher of this website, to catalog certain data on the communications and online behavior of their users.

Several of the companies who have reportedly been involved in the program have denied taking part, insisting they endeavor to protect consumers' privacy. Washington politicians, meanwhile, have been divided on what exactly the accounts mean, but some, including Senate Majority Leader Harry Reid, have attempted to play down the accuracy of the published descriptions and the reach of the government and corporate compact.

[Related: Leak of NSA Programs Tests US, China Ties]

If nothing else, the Obama-Xi meeting and the reports of unauthorized data-gathering put a spotlight anew on the world of modern computing, where safety and privacy might be assured one minute and gone the next. It can be summed up simply: If you're connected to the global information community, you're at risk of having your personal information compromised.

Opportunities for bad behavior are only growing. More and more, technology is connecting the people of the world to the Internet at their work desktop, a laptop computer at home and a smartphone everywhere they go. The merging of these platforms into a single digital profile is providing fertile ground for criminals.

"That's something that people need to be very cognizant of — the fact that your cell phone is basically a computer that is more powerful than the computer that you had five years ago," Wosotowsky says. "You could very easily be well-defended in one or two of those places and not in the third one. The human is always the weakest link, so it's just determining which method is the most poorly protected that [hackers] can take advantage of."

What's old is new

Among the multitude of threats in cyberspace, Wosotowsky calls out Master Boot Record (MBR) and Rootkit infiltrations as particular problems. Samples of MBR attacks, which are designed to break into a computer's storage system and take over the device, jumped 30% in the first quarter.

Rootkits operate by stealth and are among "the nastiest classifications of malware we see," McAfee, a unit of Intel (INTC), says in its report. These infections are created to escape detection and inhabit a system for an extended period.

[Related: The U.S. Is a Greater Threat to Our Privacy Than Chinese Hackers: John Mauldin]

"One of the growing fields in malware is the ability to stay persistent over time," Wosotowsky says. "So that way, if you do infect a machine … you can maintain that infection. And that's especially important for data exfiltration from corporate environments, or even [to] just slowly siphon money out of your bank account."

Speaking of financial accounts, the stock market's run-up to record highs brought with it an old nuisance meant to separate you from your money — the pump-and-dump email stock scam. According to McAfee, spam email, which generally has been falling in volume, roughly doubled in the first quarter from the levels seen in December. In total, researchers at McAfee counted 1.9 trillion spam email messages in March.

While a breakdown wasn't available for how many of these messages were specifically of the stock-scam variety, the report makes it clear researchers believe the rise in the Dow Jones Industrial Average and S&P 500 played a notable role in the surge.

View gallery

.
SQL injection attacks

Source: McAfee Labs

[Related: NSA Whistleblower Revealed as Edward Snowden]

The Citadel Trojan, a strain of illicit code that's well known to antivirus researchers, itself had a prominent showing in the quarter. Part of the Zeus malware line that was often deployed as a financial-crimes tool, Citadel has evolved over the years into a broader method of information-stealing.

All told, McAfee Labs now has more than 128 million samples of malicious code, an amount that it says "has climbed steadily for ages and quite rapidly during the last two quarters."

View Comments (9)