Categories
Goverment IT News Security

Europe Holds Cyber-Warfare Test

The Cyber Europe 2010 will simulate an attack designed to cut Europe’s nations off from one another

Europe’s cyber security experts are staging a simulated cyber-attack on critical services today, across several EU member states.

The “Cyber Europe 2010″ test will test Europe’s readiness for an attack which attempts to paralyse online services so internet connectivity is gradually lost between European countries. It follows the announcement of measures to strengthen and modernise the European Network and Information Security Agency (ENISA) to combat cyber warfare.

Testing links between states

Details of the exercise are being kept under wraps, but ENISA has been at pains to emphasise that this is not an operational test like the US Department of Homeland Security’s Cyber Storm, a series of week-long multi-million dollar tests of America’s attack-readiness.

“Our budget is in the order of hundred of Euros,” said an ENISA spokesman, adding that the test will not involve critical sectors, or industry and will not test response capabilities. Above all it will not carry the risk of a real network crash – it just tests how well agencies can share information.

By contrast, the US Cyber Storm III exercise, one month ago, was an operational exercise, which included industry and cost millions of dollars, the spokesman said.

During the exercise, through the day, one country after another will face fictitious access problems, and will co-operate on a response, testing their communications in the process. The exercise has been developed since November 2009, and will be followed by more complex scenarios, eventually going all the way to global tests.

“This exercise to test Europe’s preparedness against cyber threats is an important first step towards working together to combat potential online threats to essential infrastructure and ensuring citizens and businesses feel safe and secure online,” said Neelie Kroes, vice president of the European Commission for the Digital Agenda,
who is visiting the UK’s cyber-attack centre during the simulation exercise,

The exercise is based on fears that a denial of service attack by hackers could effectively put all major cross-country connections in Europeout of action, and make it difficult for businesses and citizens to access services such as eGovernment. In such an attack, the plan is to re-route communications.

Yesterday saw evidence that the fears are based on reality. The state of Myanmar (formerly Burma) was virtually cut off with a distributed denial of service (DDoS) attack. In the UK, Home Secretary Theresa May has promised increased support for cyber-warfare measures following warnings from the head of GCHQ that Britain faces “credible” cyber-attack threats.

Categories
Goverment IT News Security

Most Consumers Support Government Cyber-Spying

Sixty-three percent of people believe that it is acceptable for their government to spy on another country’s computer systems

Nearly two thirds of computer users globally believe that it is acceptable for their country to spy on other nations by hacking or installing malware, according to Sophos’s mid-year 2010 Security Threat Report, with 23 percent claiming to support this action even during peace time.

One in 14 respondents to the survey claimed to believe that crippling denial of service (DDoS) attacks against another country’s communication or financial websites – like the one used to target Russian banks earlier this year – are acceptable during peace time. Nearly half said such an attack was only acceptable when two countries were at war, and 44 percent said it was never acceptable.

Graham Cluley

“I think there might be an attitude of all’s fair in love and war,” said Graham Cluley, senior technology consultant at Sophos, speaking to eWEEK Europe. “There’s always been one rule for your country and another rule for your citizens.

“But it goes one stage further when you begin to ask, is it all right to launch attacks against communication systems and financial systems?” he added. “You can image the chaos that would ensue if there were organised denial of service attacks on a regular basis, purely to give your country an economic advantage.”

All’s fair in love and war

Cluley believes the attitudes of respondents are largely down to an ingrained cynicism about the role of governments in war. Governments have always spied on each other, and “used every dirty trick in the book” to do so, said Cluley. “Why wouldn’t they use the Internet to do this as well? If it’s your country’s interests at heart, and if they’re protecting your country, then you might think, ‘I don’t really care what they do’.”

Perhaps more surprisingly, 32 percent of respondents to Sophos’s survey said that countries should also be allowed to plant malware and hack into private foreign companies in order to spy for economic advantage.

“It’s kind of curious, because these are the people that have got no time for hackers and the bad guys at all, but seem to think it’s all right for countries to do this,” said Cluley. “I think they need to remember that, one day, it might be a country attacking your company’s network, and trying to infiltrate it, and how are you going to feel about it then?”

Malware-hosting websites

The Security Threat Report also found that the US is still has the majority (42.29 percent) of malware-hosting websites. These are websites that have been set up with the intention of infecting visitors, or legitimate websites that have been compromised by hackers. The UK was sixth on the list, with 2.41 percent hosted in this country.

According to Cluley, many of these websites are legitimate ones that have been targeted by hackers. “Businesses could end up infecting their customers, leaving them open to fraud,” he warned. Some hackers also use aggressive search engine optimisation techniques to push infected websites to the top of search results.

This news could be of particular concern, in light of the fact that the UK government recently axed plans for an increase in funding to the Metropolitan Police’s cyber crime unit. With online fraud and other electronic crimes becoming increasingly commonplace, the Police Central e-crime Unit had been hoping for extra funding from the Home Office for training and equipment purposes. However the extra funding was cut as part of the coalition government’s £6 billion deficit reduction plans.

“There is concern that at the moment the cyber crime authorities are pretty pitifully funded for the level of crime that is going on,” said Cluley. “I think the one thing we can be sure of is that the cyber criminals aren’t cutting their investment in this kind of crime. We are seeing more attacks than ever before. We see 60,000 pieces of new malware every single day, which is simply staggering, but that’s the level of crime that we’re seeing. So companies need to keep on top of this problem.”