Cyber Warfare, Intelligence & Malware

Digital disruption is sweeping through the world’s of espionage and is altering all aspects of intelligence collection. There is a realisation that some of the jobs for spy agents are becoming redundant as cyberspace becomes the main arena used to monitor and spy on the seas, skies, streets and on individuals.  

Drones can be used to assassinate, machines can spy on systems, people and even on a leader’s mobile conversations, texts and emails. AI can be used to monitor the intelligence services information and their correspondence open sources and classified information. All of this information and data can be collected and analysed by machines.

Espionage techniques have evolved beyond the old methods of bugging rooms or tapping phone lines; today’s Watergate wouldn’t come from breaking into a hotel room, it would come from cracking an email server or a corporate network. This is similar to what has been recently done by European Police operations that broke into and monitored EncroChat and took down a large group of criminal murderers and drug dealers.

Already, we’re seeing these threats escalate in the political world, from the Democratic National Convention (DNC) email hack, to a spear-phishing campaign targeting US officials, to an ongoing surge of sophisticated cyber-monitoring of government departments.

Cyber-attacks have made it increasingly possible for foreign governments, international and local hackers to even alter local election results.

Internet protocols are now nearly 30 years old and the Web has grown dramatically in scale; it has acquired hundreds of additional protocols and extensions, making it increasingly complex to manage. Around 48% of the world population now has an Internet connection compared with 1995 when it was less than 0.5%. That pace of growth can be expected to continue

The Next Ten Years

In the next decade, the number of people using the Internet will grow to almost 7 billion. This is significant because like previous industrial geo-political and macro-economic revolutions, this one reminds us that the age of connectivity is in its infancy and most of the changes have yet to come. 

By the end of this year, there will be around 50 billion connected things, everything from smart cars, smoke detectors, door locks, industrial robots, streetlights, heart monitors, trains, wind turbines, even tennis racquets and toasters. 

As digital technology continues to spread to the poorest parts of the world, criminal and extremist groups will also increasingly gain access to the new technology.

Malware & Spyware

Malware - short for malicious software, is any software used to disrupt computer operations, gather sensitive information, gain access to private computer systems and can engage in many other options including displaying unofficial counter-advertising. Malware is defined by its malicious intent, acting against the requirements of the computer user, and does not include software that causes unintentional harm due to some deficiency. Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, Trojan Horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other types of spy software. Some categories of malware are:

Virus - Software that can replicate itself and spread to other computers or are programmed to damage a computer by deleting files, reformatting the hard disk, or using up computer memory.

Adware - Software that is financially supported (or financially supports another program) by displaying ads when you're connected to the Internet.

Spyware - Software that surreptitiously gathers information and transmits it to interested parties. Types of information that is gathered includes the Websites visited, browser and system information, and your computer IP address. It is deigned to gather information about a person or organisation without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge.

Spyware can collect almost any type of data, including personal information like internet surfing habits, user logins, and bank or credit account information. Spyware can also interfere with user control of a computer by installing additional software or redirecting web browsers. Some spyware can change computer settings, which can result in slow Internet connection speeds, un-authorised changes in browser settings, or changes to software settings. 

Spyware  is sometimes found embedded in programs supplied officially by companies, e.g.., downloadable from websites, that appear useful or attractive, but may have, for example, additional hidden tracking functionality that gathers marketing statistics. In 2016 Yahoo was  exposed as having  secretly scanned millions of its users' email accounts on behalf of the US government using specially created  software to comply with a US classified request.

Browser Hijacking Software - Advertising software that modifies your browser settings (e.g. default home page, search bars, toolbars), creates desktop shortcuts, and displays intermittent advertising pop-ups. Once a browser is hijacked, the software may also redirect links to other sites that advertise, or sites that collect Web usage information.

Intelligence agencies use malware and spyware in many different environments, technologies and military equipment and vessels currently at sea.

Cyber Warfare

Cyber Warfare involves the actions by a nation-state or international organisation to attack and attempt to damage another nation's computers or information networks through, for example, computer viruses or denial-of-service attacks. Cyberwar remakes old assumptions about national security and military engagement. Old metrics such as troop numbers or missile inventories become outdated. Cyber-warriors aren’t as easy to track as nuclear weapons or naval warships. Unlike in the Cold War, when the US and the Soviet Union were the only powers capable of exacting serious damage, cyberwar is inexpensive. Any nation might emerge as a threat, and the identities of the true combatants are never quite clear.

The new era of cyberwar became public knowledge in 2012, when US intelligence officials leaked details of the malware Stuxnet, which took place a few years before the leak, was a piece of malicious software that American and Israeli forces developed to sabotage Iran’s nuclear weapons development.

Voting Systems

Another problem for democracies is the use of electronic voting systems. More often than not, electronic voting systems are nothing but bare-bone, decade old computer systems that lack even rudimentary endpoint security. Despite the recurring discussion on electronic voting vulnerabilities that occurs every four years, only limited attention is given to the systemic problem undermining American democracy.

To hack an election, the adversary does not need to exploit a national network of election technology. By focusing on the machines in swing regions of swing states, an election can be hacked without drawing considerable notice. Voter machines, technically, are so riddled with vulnerabilities that hacking an election is easy.

The electronic voting systems popularised in the United States in the early 2000s have been repeatedly proven vulnerable and susceptible to attacks. However, some of these are so unsophisticated, a few years ago a high school student could compromise a crucial county election in a pivotal swing state with equipment purchased for less than $100, potentially altering the distribution of the state’s electoral votes and thereby influencing the results of the Presidential election.

The United States e-voting system is so vulnerable that a small group of one or a few dedicated individuals could target a lynchpin district of a swing state, and sway the entire Presidential election. If the attacker has access to the administrative card or if they can infect a machine with malware that will spread onto the administrative card, then they can spread malware onto multiple machines and increase their sway over an election.

This next  revolution will challenge the economic implications of the nation state. It will focus on the injustice that follows from the fact that, entirely by chance, some are born in poor countries and others in rich countries. The consequence of this for the concept of the nation state remain to be seen.

Warwick University:   MI5:    Century Link:   TechJury:   Washington University:     

Centre for Protection of National Infrastructure:

You Might Also Read: 

Sustained Cyber Attacks Are The New Normal:

« The Growing Cyber Threat To Renewable Energy
Russian Ransomware Group Hacked US News Company »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Qualys

Qualys

Qualys is a pioneer and leading provider of cloud security and compliance solutions.

KELA

KELA

KELA's powerful cybercrime intelligence platform uncovers and neutralizes the most relevant cybersecurity threats coming from the hardest-to-reach places on the internet.

Finnish Information Security Cluster (FISC)

Finnish Information Security Cluster (FISC)

FISC is an organization established by major Finnish information security companies to promote their activities nationally and internationally.

StackRox

StackRox

StackRox delivers a container-native security platform that adapts detection and response to new threats.

Infotecs

Infotecs

Infotecs ViPNet Security and Threat Intelligence Platform provides complete multi-layer security in one cost-effective solution that supports true endpoint-to-endpoint security.

LATRO Services

LATRO Services

LATRO Services is a complete solution provider to discover, locate, and eliminate telecom fraud.

BioConnect

BioConnect

BioConnect provide biometric access control solutions to verify a person’s identity across physical, IOT and digital applications.

Innova

Innova

Innova is Turkey's leading IT solutions company, providing platform independent solutions to organizations in telecommunication, finance, production, public and service sectors.

Berkeley Varitronic Systems (BVS)

Berkeley Varitronic Systems (BVS)

Berkeley Varitronics Systems is an engineering think tank delivering custom wireless RF engineering products and solutions including cyber security.

Towerwall

Towerwall

Towerwall offers a comprehensive suite of security services and solutions using best-of-breed tools and information security services.

DeVry University - Cyber Security Degree

DeVry University - Cyber Security Degree

Explore the dynamic world of data protection with a hybrid or online cyber security degree specialization with DeVry's IT & Networking Bachelor's Degree.

Quside

Quside

Quside, a spin-off from The Institute of Photonic Sciences in Barcelona, designs and manufactures innovative quantum technologies for a wide range of applications including cyber security.

ST Engineering Antycip

ST Engineering Antycip

ST Engineering Antycip (formerly Antycip Simulation) is Europe’s leading provider of professional grade COTS simulation software, projection & display systems, and related engineering services.

Noetic Cyber

Noetic Cyber

Noetic provides a proactive approach to cyber asset and controls management, empowering security teams to see, understand, and optimize their cybersecurity posture.

OnSecurity

OnSecurity

OnSecurity replaces the overhead of traditional penetration testing firms with a simple online interface, making it easy to book tests as and when needed.

Anxinsec

Anxinsec

Anxinsec Technology is a security solution and service provider with a focus on new technology and innovations in cybersecurity.