v3-labs

a blog from

A tour of F-Secure Labs: Waiting for the first cyber bomb to blow

  • Tweet this

It's no secret that the cyber threats facing businesses, governments and consumers is getting bigger all the time.

In fact some have gone so far as to cite the recent discovery of the immensely complex Flame malware as proof that it's not just criminals creating cyber weapons but even our own governments.

Looking to get some answers about just how bad the situation really is, V3 jetted over to Helsinki to talk to F-Secure's security chief Mikko Hypponen and researcher Sean Sullivan.

Now having talked to the good guys protecting our networks and toured the company's labs we have to say: ignorance is bliss.

The black market
While it's no secret that peoples' bank details are a regular target for cyber criminals, having people's money in them and all, during our tour Hypponen really hit home just how easy it is for criminals to mount attacks.

F-secure Blackhole

Toolkits such as Blackhole are available for as little as $5,000 and let even the most technically unskilled criminal mount SpyEye and Zeus attacks. While this may not sound cheap considering they can easily turn around revenues breaking $50,000 to $100,000 when employed properly, the upfront cost really isn't that high.

The kits are available in numerous marketplaces that can only be found via the Tor network - Tor is an open network often used by criminals as it as it can hide their online tracks. In our brief tour of the network we were amazed at how organised and well set up the whole operation was.

Looking similar to an actual online seller like Amazon or eBay, the marketplaces sold everything from add-ons for Blackhole, to "expert" services offering to set up the automated attacks. So advanced was the marketplace that the owners even had their own advertising network, tailored to the service's clientele.

As Hypponen said: "These guys are smart businessmen that react to their customer base."

Ransomware
Another disturbing item we saw during our tour was ransomware. The attack sees hackers infect systems with malicious code that enables them to obtain control of the machine.

F-Secure ransomware

Kind lot that they are, the criminals generally then inform the victim that they have control and will only return it if you pay-up.

One particularly nasty version of the tactic sees criminals take a slightly more subtle route, mounting the attack while masquerading as an actual law enforcement agency.  Hypponen showed us examples of criminals mounting such attacks pretending to be the everything from the Federal Bureau of Investigation to the UK's Serious Organised Crime Agency.

F-Secure ransomware scam FBI

The FBI attack looked particularly convincing. The attack saw hackers steal control of the computer making it boot up to a front page claiming the FBI had locked the computer after detecting "illegally downloaded" music and video files, instructing them to pay a "settlement fee" or face legal action.

Now, being honest, a lot of people have at least one illegally downloaded file on their computer, be it a torrent of a movie, or a few songs. This means that it's pretty easy to fall for the scam and just hand over your money as quickly as possible to avoid the FBI's anti-piracy wrath - which as we have seen this year isn't above targeting Brits.

James Bond and the cyber cold war
Thre real story of the year, though, has been the discovery of Flame. It's being touted as the biggest and baddest malware to have been discovered in the last few years and during our tour Hypponen helped us understand just how scary it really is.

James Bond Flame

Even though Flame isn't really thought to be going after the general public, instead being pointed at a very select number of government targets, it's an eye-opening example of just how close the world is to cyber war. Hypponen described it as the James Bond of malware:

"It doesn't go after everyone, but it gets the people it wants to."

Designed for espionage, Flame lets its owners see everything from what people are typing to spoken conversations and even GPS co-ordinates.

The ability to gather such information could have potentially devestating effects, as Hypponen noted: "How can there be a cyber war without a real war?"

While we're not quite at the point of getting out our tin foil hat and screaming doomsday policies, considering the US's links to Stuxnet and ongoing finger pointing going China's way, we're finding a whole new empathy for those that lived through the Cold War waiting for the first bomb to blow.

15 Jun 2012

What do you think?
blog comments powered by Disqus

Browse posts by date

Cal_navigation_previousSeptember 2014Cal_navigation_next
MonTueWedThuFriSatSun
       
1267
       
81314
       
192021
       
222324262728
       
2930
To send to more than one email address, simply separate each address with a comma.