• am
  • ru
  • en
print version
18.05.2009

CONTEMPORARY INFOGENIOUS CHALLENGES

   

Samvel Martirosyan

The development of informational technologies and their implementation both in everyday life and in the system of management of strategic state and interstate structures brings to the growth of infogeneous risks and the critical parts, which are submitted to the extreme influence. Corresponding to the global development, the infogeneous threats for the RA and the NKR also grow.

The problems connected with the non-linear growth and implementation of the means of telecommunication imposes many countries to resort to an unprecedented informational security measures.

Consolidation of virtual criminal world


If several years ago hackers were the bearer of left or anarchist ideas, young programmers, trying their hands, and petty network criminals, then in recent three years the cardinal changes have taken place in that sphere.

McAfee Company, dealing with network security, mentioned about that cardinal change in its report about cyber-crimes for 2006-2007. In that very period the qualitative leap took place in the sphere of cyber-crimes, which caused the creation of the organized criminal groups (which are now called cyber-mafia). If previously the cyber-crime was spontaneous, chaotic, and was connected with the activity of either small criminal groups or with the groups working on the background of freedom, anarchy or other idealized approaches to the net, then today the clear criminal and mercantile tendency of the cyber-crime is obvious. The net mafia, which earns huge sums by the cyber-crimes, is being formed or it coalesces with the traditional organized crime.

The other peculiarity of new times is the enticing of the small hacker groups under the cover of the state. Countries started to set up hacker troops. Both mafia and state specialized agencies started actively recruiting free hackers and bringing in the segmentation of the cyber-space and creating the segments of influence. Moreover, back in 2007, 120 states initiated the formation of the groups of specialists, which should constitute the main body of the cyber-troops1, and today, the US suppose that more than 20 countries plan and are able to carry out various informational actions against the US2. In fact, all the countries, which are involved in the active political process, started to set up special units, which are able both to protect the cyber-space of the state and to carry out offensive actions. The purpose of the formed special units is to carry out reconnaissance in the networks, to protect their networks, as well as to be able to block or ruin the enemy structures. Taking into consideration the complexity of the objectives, the existence of the defensive structures of the enemy and constant development of the technologies, such structures should always model the threats and field war games. Due to this the number of the attacks in the net is constantly rising. Thus, Chinese cyber-troops are considered to be most active in the recent years and they constantly carry out attacks on the networks of different states all over the world.

For example, in the March of this year on the instructions of Dalai-Lama, who was concerned with the violation of the security of the computer systems of his government in exile, the report by the Information Warfare Monitor Company was prepared. On the bases of the survey it was proved that the cyber-spy programme GhostNet infected 1 295 computers in 103 countries and penetrated into the systems, containing confidential information on the highest political, economic and media levels. In general 30% of the infected computers are set in the ministries of foreign affairs, embassies, international organizations, news agencies and nongovernmental organizations. The survey came to prove that the base of the spy network constitute computers which are mainly set in China3. At the same time the researchers stated that there were no convincing evidences of the complicity of Chinese government to the botnet (a definite number of infected computers). Simply the biggest number of Internet users is in China. But there are still some suspicions concerning official Beijing, because it is not the first occasion. Thus, in 2007, before the visit of Angela Merkel to China, there was a massive attack on state servers in Germany registered. The special services managed to prevent the transfer of 160 GB of state information to China. In June 2007 Chinese side attacked the network of the Pentagon. There were no reports of what Chinese could steel or whether they could do that. It is supposed that Chinese hackers only wanted to check the structure of American network. Chinese managed to hack Australian and New Zealand state networks; in India they hacked more than 200 e-mail accounts of ministers and other highly ranked officials, deputies and took over the control servers in a number of establishments4.

Russian network strikes in the period of war in South Ossetia in August also came to prove the efficiency of the prepared structures, which could almost absolutely destroy the Georgian media-field in the period of active military actions.

According to the estimate of McAfee in the coming 10-20 years the global network war can start, and some countries seriously prepare for it, in order not to allow the collapse of their network. China, Russia and the USA are the most active actors on that cyber-front. European countries also begin to take measures for total security of their network structures.

The network security is one of the mostly dynamic spheres. In the near future the vulnerabilities of a new type will arise in the following spheres:

  • attacks against new technologies,
  • attacks against social networks,
  • attacks against on-line services, mainly bank services.

Those attacks become more refined due to the sophistication of the influence structures.

Vulnerability of the networks

Cyber-criminals launch constant attacks on personal computers, which allow creating networks (botnets) from the infected computers (the so called zombie computers), and those botnets allow to launch attacks on the networks and severs, spread viruses and spam and etc.

Two years ago during the experiments a computer without firewall held on for about two minutes after being connected to the Internet. After that it was captured and turned into a zombie by the hackers, i.e. it turned into a device controlled by the trespasser, which could be employed criminally. The technologies of turning a computer into a zombie have developed recently. Today it takes 30 seconds to turn it into a zombie a computer, which works on the operation system Windows XP and is connected to the Internet and it is carried out automatically.

The infected computers form large networks called botnets, which are controlled by the definite groups of hackers. According to the estimate of western specialists in the field of informational security, the biggest botnets, which consist of millions of computers, are controlled by Russian (for example, Russian Business Network (RBN)) and Chinese groups of hackers, which are apparently under the close surveillance of the special services of those countries.

As it was mentioned above, not only the personal computers are vulnerable, but also the systems placed in state structures, which are supposed to be better protected. Even in the countries, where more attention is paid to the network security, the vulnerability of those networks brings to the information leakage. In Armenia the situation with the security is much worse. And this makes Armenia a target both for political rivals and criminal structures.

Even in Israeli army, where the internal security is considered to be one of the bests and where the usage of external data carriers is prohibited, due to the negligence the computer virus Conficker (it should be mentioned that the botnet includes about 10 million zombie computers) infected the internal network of Tzahal in the beginning of April through the flash-card. The virus was on flash-card, the usage of which is prohibited by the procedure instruction. The “worm” copied itself from the data carrier to the hard disk and began spread across a network. It happened on March 26 of the current year. On the next day, on Friday, March 27, the virus blocked the domain users and local users on the computers of the units and paralyzed the work of Tzahal-NET5.

Besides, the factor of consolidation and strengthening of the cyber-criminal groups should be taken in consideration. The botnets are available to common users. For several hundred dollars you can get in touch with clandestine structures, which will attack the web-site you want.

In the beginning of March the presenters of Click TV show broadcasted on BBC decided to run a risky experiment. As a part of experiment, which had to show how careless the users can be on the Internet, they decided to take over the control of 22 thousand computers infected by “Trojan”.

As far as one can judge from BBC statement and the discussion, which aroused later, the authors of the experiment did not create their small botnet, but they bought it on the network black market for several thousand dollars. The seller remained unknown. It should be mentioned, that real maleficent networks may include more than million of such computers. For example Conficker warm infected more that 9 million computers.

At first the presenters of the Click made test postings of spam to two prepared e-mail addresses. The statement said that several thousand mails came to those addresses.

On the second stage of the experiment the DDoS attack on the server, which was specially prepared for such an attack together with Prevx Company specializing in IT-security, was arranged. Only 60 computers needed to black out the channel6.

This experiment came to prove that cyber-terrorism becomes a cheap mean, just like the suicide bomber’s belt in the hands of radicals – minimum cost, maximum damage.

Metamorphosis of network influence

Today the vulnerability of internal network may affect not only from economic, political and financial points of view. We speak about the vulnerability, which may have its effect on such infrastructural segments as energy and etc.

Thus, in the beginning of April the representatives of the US energy companies accepted that their computers are constantly under hacker attacks. As Associated Press informs with the reference to their sources, the recent audit of energy system, carried out by the demand of the government, educed the numerous traces of unauthorized penetrations: the crackers left the programmes, which gave them control over the important junctions of energy system.

According to the specialists, who carried out the audit, it might be said that there was espionage in the network. The distinct extent of the problem is not clear yet, but the experts are convinced that in order to arrange and carry out such a penetration the crackers needed state assistance. The officials in Russia and China disassociated themselves from this7.

The computer security expert Dan Kaminsky thinks that in spite of the act that there are not comparatively too many people who can damage system seriously, the problem is still topical. “Imagine that one day somebody will create a definite programme and America will be benighted. The damage to the economy will be huge. So the stakes in this game are very high”, - concluded the expert8.

The survey by ScanSafe has come to prove that the energy industry is the most favourite target for the malicious programmes, though nobody knows why. ScanSafe internet security company stated that the companies working in the energy industry were on189% more vulnerable to the attacks by the malicious programmes9. Most probably the attacks on such important strategic junctions are the attempt to get ready to the coming total network clashes between super-powers. However, at the same time the similar systems of less big powers, including Armenia, are no less vulnerable (if not more vulnerable)

Such critical national junctions can create danger to the statehood of the country if they are vulnerable and not secured in a proper way. The collapse of energy or any similar network (mobile, air traffic and etc), which can turn from potential danger into a real one, will fully demoralize the society and state structures in a very short term, and this cannot be even reached by the direct military invasion.

The increase of dependence of Armenia from informational technologies will bring to more potential and real vulnerabilities of the networks, which penetrate into all the spheres of life activity. Only system approach to the arranging of the national network security structures, which will keep under the control not only the situation in state and social sectors but also in private sector, may prevent the possible negative effects, which have already been felt as a result of both system attacks by Azerbaijan and Turkey, and chaotic influence of mainly criminal network groups.

1Самвел Мартиросян, Атаки нового года: соц.сети и госструктуры, webplanet.ru

2В информационной войне превосходство в военной мощи не гарантирует от поражения, «ОРУЖИЕ РОССИИ», www.arms-expo.ru

3China is suspected in creation of GhostNet botnet soft.compulenta.ru

4Самвел Мартиросян, Атаки нового года: соц.сети и госструктуры, webplanet.ru

5"Червь" атаковал ЦАХАЛ-NET: военные раввины "благословили" борьбу с вирусом www.newsru.co.il

6With good intent the presenters of the BBC took under the control 22 thousand infected computers. lenta.ru

7Russia disassociated itself from the penetration to the computers of the energy system of the USA www.itoday.ru

8Хакеры из России угрожают энергетике Америки, www.crime-research.ru

9Hackers prefer to attack energy industry www.winline.ru


Return
Another materials of author