11.25.2009

cybercrime verging on war - McAfee report

about the report:

WASHINGTON, Nov. 24 (UPI) -- Organized Internet-based crime has reached such intensity and scale that the distinction between cybercrime and cyberwar is being blurred, security giant McAfee said in its annual Virtual Criminology Report.

McAfee Inc., based in Santa Clara, Calif., is the world's largest dedicated security technology company. The report's findings come less than a month after the United States ran a nationwide campaign to raise awareness of cybercrime risks among individuals and businesses.

"Is the age of cyberwar at hand?" McAfee asked in the report, citing evidence that countries hostile to industrial democracies are involved in some of the more serious and sustained cybercrime. In response, McAfee said, "nation-states are arming themselves for the cyberspace battlefield."

The number of reports of cyberattacks and network infiltrations that appear to be linked to nation-states and political goals continues to increase, McAfee said.

"There is active debate as to when a cyberattack reaches the threshold of damage and disruption to warrant being categorized as cyberwarfare," said the report.

"With critical infrastructure as likely targets of cyberattacks, and private company ownership of many of the information systems in these sectors, private companies will likely be caught in the crossfire," the report warned.

McAfee CEO Dave DeWalt said, "Experts disagree about the use of the term 'cyberwar,' and our goal at McAfee is not to create hype or stoke unwarranted fear. But our research has shown that while there may be debate over the definition of cyberwar, there is little disagreement that there are increasing numbers of cyberattacks that more closely resemble political conflict than crime.

"We have also seen evidence that nations around the world are ramping up their capabilities in cyberspace, in what some have referred to as a cyber arms race.

"If cyberspace becomes the next battleground, what are the implications for the global economy and vital citizen services that rely upon the information infrastructure?" DeWalt asked. "What should those of us outside the military do to prepare for the next wave of cyberattacks?"

McAfee believes the private sector at large needs to prepare for cyberattacks, and "those businesses that can weather the storm better than their competitors could be in a position to gain considerable market share."

McAfee also called for greater transparency in current discussions on combating cybercrime. The report said, "Too much of the debate on policies related to cyberwar is happening behind closed doors."

Analysts said although the Obama administration rectified this by bringing the cybercrime debate into the open, many other countries in the industrialized world still insist on confidentiality over the issue.

Industry sources believe criminal organizations have built alliances with adversarial governments that seek to achieve military or political advantage over democracies in the West, Asia, Latin America and elsewhere.

So intense is the interaction between cybercriminality and hostile governments that the distinction between cybercrime and cyberwar is increasingly blurred.

"The line between cybercrime and cyberwar is blurred today in large part because some nation-states see criminal organizations as useful allies. Nation-states have demonstrated that they are willing to tolerate, encourage or event direct criminal organizations and private citizens to attack enemy targets."

In the case of the cyberattacks on Georgia, for example, civilians carried out the cyberattacks on targets while the Russian military invaded Georgia by land and air in August 2008. There is evidence that these civilians were aided and supported by Russian organized crime, as cited in a report by the U.S. Cyber Consequences Unit, an independent research institute.

Russia denied that its government or military provided any help to the attackers or communicated with them. Yet the same US-CCU report found that "the cyberattacks were so close in time to the corresponding military operations that there had to be close cooperation between people in the Russian military and the civilian cyberattackers," McAfee said.

In a sobering conclusion, McAfee said, "While experts may disagree on the definition of cyberwar, there is significant evidence that nations around the world are developing, testing and in some cases using or encouraging cyber means as a method of obtaining political gain."

Although much of that activity is shrouded in secrecy, "there is already a constant, low level of conflict occurring in cyberspace. Whether these attacks are labeled as cyber espionage, cyber activism, cyber conflict or cyberwar, they represent emerging threats in cyberspace that exist outside the realm of cybercrime."

The report said "international cyber conflict has reached the tipping point where it is no longer just a theory, but a significant threat that nations are already wrestling with behind closed doors. The impact of a cyberwar is almost certain to extend far beyond military networks and touch the globally connected information and communications technology infrastructure upon which so many facets of modern society rely.

"With so much at stake, it is time to open the debate on the many issues surrounding cyber warfare to the global community," said the report.


© 2009 United Press International, Inc. All Rights Reserved.

source


about US Cyber Consequences Unit -

http://www.usccu.us/index_noscript.htm

"scrupulously neutral" despite all their many connections to the establishment. mm hmm ok if you say so.

"The reason the US-CCU was set up as an independent, non-governmental organization was so it could rigorously protect the proprietary information of private sector corporations. This was necessary because corporations are extremely reluctant to reveal vulnerabilities to any government entity that might retain the information indefinitely, share it at some point with prosecutors or regulatory agencies, or release it under the Freedom of Information Act. By operating outside the government and under stringent legal safeguards, the US-CCU is able to avoid these problems. It insulates companies from the government."

No comments: