Third World War: The Beginning
Recently Symantec issued interesting study that clearly indicated that Third World War has already began. As many predicted this war takes place in cyber space and is notable for sophisticated methods used.
As Symantec’s representatives stated a cyber-gang called Elderwood Project, perform targeted attacks on companies that supply USA big military corporations with electronic or mechanic components. Interestingly that attacks are preformed on small or medium size enterprises that are part of a supply chain for of big ones like Boeing or Lockheed Martin. The smaller companies have been chosen due to their security mechanisms are much easier to circumvent. Criminals aim at working plans, development specifications, contracts details and other useful information.
Elderwood Project had managed to discover 8 “zero day” exploits in Microsoft Internet Explorer 8 and Adobe Flash Player and widely use them for illegal activity. This means that cyber-terrorists obtained information about 8 vulnerabilities that is unknown for the whole information security industry worldwide. According to the study it is a very tough task to get such data unless applications’ source code is available for hackers or those applications had been decompiled and carefully analyzed.
Such work could be done with serious financial support only. Who is behind the cyber-gang is still unclear, but it could be a state or powerful criminal group. Also it conceded that source codes was stolen previously while Google or Adobe (or another company) was attacked.
Anyway, Elderwood Project actively used discovered vulnerabilities in their activity. Attacks are performed by two methods: 1) common phishing mails; 2) “watering hole” tactic. A person’s internet activity is deeply investigated, web-sites that a person visits most often are cracked and infected by special exploits. When a person enters this site a malicious script, designed especially for this person is actuated and infects a person’s computer.
If we dismiss an idea with source code theft, then to discover a zero day vulnerability hacker needs to closely investigate program’s source code and analyze it for errors and bugs. Program bug are the back door for hackers to penetrate into the software systems. Decompiling (or reverse-engineering) – is a widespread method of software cracking. It widely used by cyber-criminals globally. Decompiling of unprotected program is a difficult task but quite accomplishable, particularly if a group of trained professional is working.
But if a program is hardened against reverse-engineering and analysis then decompiling process may be prolonged for a very long time and become economically unprofitable. In this case new versions of a program are released quicker then hackers crack old ones.
Protection measures may be divided for: 1) protection of a programs that are already work within company’s networks; 2) protection of source codes be found in programming firms before release for a client. In first case it is mandatory to obfuscate the most important programs from the cyber security point of view. To make its analysis and reversing “a hacker’s nightmare”. In second case it is essential to be sure that source code being processed by programmers are reliably protected against investigation in case of theft. Here it’s need to be mentioned that programmer can’t work with encrypted source code and it should be initially decrypted. But storing source code in a protected mode is rather easy thing, that may considerably engraft hacker’s life. As in this case he needs to penetrate directly on a programmer’s computer and gets decrypted code in real time.
At any rate its become obvious that current cyber security measures are weak against modern cyber threats. Every software contains errors and “wholes”, even an information security one. “Zero day exploits” will be discovering constantly due to those software bugs. Thus, preventive measures are important, the measures that complicate search for vulnerabilities and errors.
Now a day cyber-attacks generally target military enterprises and financial sector, today it could be energy stations and anything else. While big company can afford complete, multilevel security mechanisms, small outsourcing companies are extremely vulnerable.
It depends only on us how quickly we will be able to determine the flare up cyber-war conflict called Third World War.
About StarForce Technologies
StarForce Technologies (www.star-force.com) is a leading vendor of information protection, copy protection and code obfuscation solutions for software, electronic content and audio/video files. Since 2000, StarForce has been successfully developing and implementing its state-of-the-art security solutions, providing copyright and intellectual property protection worldwide. Two of these solutions were transformed into StarForce cloud services: sfcontent.com protects e-Documents against illegal copying and distribution and sfletter.com secures emails.
StarForce is a reliable and responsible Technological Partner for enterprises potentially incurring losses due to cyber-gangs, hackers, software piracy, unauthorized data access and information leaks. StarForce’s customers are Russian Railways, Corel, 1C, Mail.ru, Aeroflot, SUN InBev Russia, AMD Labs, ATC International, MediaHouse, Russobit M, New Disc, Buka, Snowball, 2Play, GFI, CENEGA, Akella, etc.