MagazinesPost Magazine

The truth behind that nice Nigerian man who wants to give you loads of money

The internet has made the world an infinitely more complex place when it comes to crime and aggression. Juan Pablo Cardenal and Heriberto Araujo join the dots between cyberwarfare, modern-day espionage and superhighway robbery

 

A light rain falls as we duck into the lobby of one of Moscow's many ugly buildings. Inside the Leningradskoe Shosse edifice, muscle-bound men with stern looks and military haircuts guard a warren of offices beyond a security cordon.

The presence of Herculean guards seems appropriate. After all, there is a war being fought here. Kaspersky Lab - a world leader in informa-tion-technology security - is waging a quiet but sustained crusade against what is perhaps the biggest threat to the 21st-century technological revolution: cybercrime.

A thousand young employees work in these offices in silence, staring at computer terminals, almost sucked in by the black screens with green characters that display the code of the roughly 50,000 worms and viruses they do battle with every day.

"No pictures here," says one of the workers, as he shows us around.

No one would claim these experts form a watertight defence against the organised gangs and murky agencies who use the web to enrich themselves at the expense of individuals and organisations around the globe. But they are trying.

GOOGLE'S COMPUTERSYSTEMS, Iran's Bushehr nuclear power plant, The New York Times newspaper and actress Scarlett Johansson's mobile phone (and, possibly, the financial records of Michelle Obama and singer Beyonce) have one thing in common: they've all been hacked into. They also illustrate the links between the nebulous concepts of cybercrime, cyberespionage and cyberwarfare, all of which rely on the same type of people manipulating the same kind of technology.

In none of those cases was Watergate-style breaking and entering required - for in this brave new criminal universe, the perpetrators leave no trace, they need only hire the right expertise and old-school barriers such as distance and national boundaries cease to exist. The internet has spawned a new battleground, one in which anonymous actors use computers and malicious code to do their dirty work and no one - private citizens, corporations, governments - is invulnerable.

The mesh of operators, motives and interests in this chess game is complex, and although media commentators are given to speculation, the hard intelligence, especially at the geopolitical level, tends to be off-limits to all but the closest of insiders.

Take the Iranian example. A joint collaboration - supposedly - between the United States and Israel saw the creation, in mid-2010, of Stuxnet, which ranks among the most sophisticated malware yet devised. Its target was Iran's nuclear programme.

"The virus was so perfect that it required five years of preparation," an expert at Kaspersky Lab tells Post Magazine. "The virus had a life of its own: it streamed on computers, constantly mutating to avoid detection, and self-destructing when it achieved its objectives."

Iran was forced to stop enriching uranium because the Siemens centrifuges operated by scada (supervisory control and data acquisition - essentially a computer-operated industrial control system) software had been paralysed by Stuxnet. A computer virus had achieved what even a military strike probably wouldn't have: the delaying of the Islamic republic's nuclear programme by at least five years.

The episode gives some indication of the havoc the manipulation of computers in this way could wreak. The disabling of air-traffic control systems, targeting of satellite and other critical networks, contamination of water supplies and sabotage of financial institutions with malware are just some of the terrifying scenarios we are confronted with. And in this new cold war, escalation seems to be the way things are heading.

The US Department of Defence has just announced it will quintuple its cyberwarfare workforce, from 900 to about 4,500, and while there are those in the US who insist the country's operations in this arena are about containment, others acknowledge that cyber belligerence is more than a one-way street. In an article in the authoritative US magazine Foreign Policy last month, editor-at-large David Rothkopf wrote of a new kind of global struggle that will "involve almost constant offensive measures that, while falling short of actual warfare, regularly seek to damage or weaken rivals or gain an edge through violations of sovereignty and penetration of defences".

Harlan Ullman - chairman of the Killowen Group, which advises governments and businesses - recently told Britain's Sunday Times newspaper that the US was already prosecuting cyberwarfare without much consideration for the dangers of unintended consequences.

"In the maritime realm, we developed the rules of the road to avoid collisions," he said. "There is an international monetary sys-tem to regulate global finance. But there are no equivalent rules for cyber [systems]."

Last year, The New York Times reported on the fortunes amassed by the family of Wen Jiabao, who has just stepped down as China's premier. So, it was perhaps no surprise when fingers were pointed at Beijing when the computers of that newspaper and those of The Wall Street Journal were attacked recently. Last month, Mandiant, a Washington-based IT security company that has been tracking hacking activity on the mainland, published a report linking the attacks to a People's Liberation Army unit based in Shanghai. It's not alone. According to Mandiant security chief Richard Bejtlich: "We have identified 20 different groups of Chinese hackers."

After the publication of Mandiant's report last month, a computer server at Hong Kong's University of Science and Technology was removed by police for investigation.

Mandiant and others suspect China is a hotbed for industrial cyberespionage, or the hacking of large corporations to steal corporate secrets, blueprints and other valuable information. The country's alleged motives are strategic: it already has the manufacturing, the growing markets and the capital to be an economic superpower, but it still lacks top-end technological know-how and patents. In its attempts to close the technological gap on competitors, it is investing in research and development and acquiring foreign companies - but it is also, it is widely claimed, stealing information.

Understanding the threat posed by cyberespionage is essential to understanding why Google decided to partially exit China in 2010, following a series of attacks against its systems. What caused Google's sudden "change of strategy" in the world's largest internet market? No one outside the company appears to know what the bait was exactly. But you would assume it was something more than the classic e-mail from a Nigerian banker trying to collect a fortune.

What is known is the attack that came to be labelled Operation Aurora was launched against a dozen company executives, and that one of them took the bait - opening a targeted e-mail and clicking on a link or opening an attached document. That person unlocked the door to the heart of the internet's most powerful company. With one foot inside, the hackers used a "vulnerability" - or a hole in the software - in Internet Explorer to allow the bleeding of countless gigabytes of data.

The American search-engine firm hasn't been the only target. In a series of attacks executed, allegedly, from two schools with links to the PLA - Shanghai Jiao Tong University and Lanxiang Vocational School in Shandong province - dozens or even hundreds of Western companies, including Dow Chemical, Symantec, Adobe, Yahoo, Lockheed Martin and Northrop Grumman, had intellectual property stolen.

"These activities have been carried out for years. But until 2009 or 2010, most companies simply were not aware, or would not talk about it," says Dmitri Alperovitch, a former researcher at McAfee Labs and one of the authors of Revealed: Operation Shady RAT. "The Google case was what opened the debate."

Published in 2011, Alperovitch's investigation uncovered Chinese cyberattacks that date back to 2006 and have targeted at least 72 entities worldwide - including the International Olympic Committee, the United Nations, the governments of India, the US and Vietnam, and private companies in strategic sectors such as energy and telecommunications.

"The concern among businessmen is huge. There's a lot of frus-tration. Nobody knows what to do, because it is so persistent," Alperovitch says.

Other experts approached for this article agree that the mainland is the most active player in intellectual property theft. Chinese hackers, they say, are meticulous, well co-ordinated and know exactly what type of information they are looking for. Richard Clarke, a former adviser to US President George W. Bush on cyberespionage issues, even goes so far as to say, "The Beijing government has become a global kleptocracy."

US Defence Secretary Leon Panetta warned last October that America was facing the possibility of a "cyber Pearl Harbor"; and an annual report to the US Congress, published in May last year, said, "The Chinese are the most active and persistent actors responsible for economic espionage."

Beijing's line of defence commonly makes the case that China is actually a victim of this kind of attack, although it presents no evidence to support such a position. The mainland also refutes any state involvement by asserting that hacking is illegal in the country.

"The West attacks us, especially the United States. They use the clichés to blame China for spying and stealing. But there is no evidence of that," says Liu Deliang, a professor at Beijing Normal University and a well-known scholar on issues relating to the Chinese internet.

Certainly, it must be acknowledged that China is not alone in cyberspying, but the nature of capitalism in the country, with the dominance of state-owned corporations, only helps to reinforce suspicions.

"China wants to stop being the world's factory in the long term," says Adam Segal, senior fellow at the Council on Foreign Relations, an American think tank. "And cyberespionage is part of their efforts to reduce dependence on Western technology. On the one hand, there is a policy of R&D spending; on the other, traditional and online espionage."

It's no surprise that the governments of the US, Germany, Britain and Japan have not hesitated to publicly accuse China of being behind the attacks, and the European Union recently opened a Europol cybercrime centre in The Hague.

To the casual observer, the dark arts of cyberwarfare and cyberespionage appear to be spiralling out of control; but how did we get to this point of being on the verge of cyberchaos? Our visit to Kaspersky Lab gives something of an insight into how things have come this far.

 

"THIS MORNING I personally received 60 e-mails and 400 spam messages," says Eugene Kaspersky, 47, a mathematical engineer who according to Forbes magazine has a personal fortune of US$800 million and the founder of the company that bears his name. Graphics on a large screen next to his office display the number of spam messages, mostly routed from India and Latin America, received by the company's servers and analysed by its staff: 10 million every day - or 99 per cent of the company's total traffic.

"This sector is very interesting because it's a fight against the bad guys, some of whom are very professional and sophisticated. It's like a sport," the Russian says, laughing.

Despite the difficulties in estimating the impact of cybercrime, according to Symantec, another big player in the IT security industry, cybercrime against individuals is worth US$388 billion globally every year, more even than the illicit drug trade. In May, Interpol's then president, Khoo Boon Hui, even went as far as declaring that cybercrime costs Europe €750 billion (HK$7.5 trillion) a year.

Cloud computing, the global expansion of social networks such as Facebook, Twitter and Renren and, in general, the ever-increasing connectivity that dominates our lives, are aggravating a problem that threatens to spin out of control. Credit-card data or identity theft, bank fraud and massive spam and blackmail operations give some idea of the scope there is for criminality on the internet. And the activities of the criminals - the innovations they have had to come up with to exploit technological weaknesses - have provided the means with which other players have been able to spy and conduct "warfare" online.

The "bad guys" Kaspersky refers to are deeply underworld, their tentacles extending into drug trafficking and illegal arms sales.

According to Kaspersky's estimates, there are between 1,500 and 3,000 groups around the world developing malware or viruses that infect computers to steal everything that may be convertible into money. Russian groups pioneered this kind of crime in the 1990s and flourished thanks to the use of so-called bulletproof hostings: domains located in countries such as Russia, Ukraine, China and Nigeria, where it was virtually impossible for them to be tracked down because of an absence of legal and police co-operation.

The profiteers recruit young people - by invitation via internet forums - with computer skills, and put an arsenal of cyber ammunition at their disposal.

Every device that is connected to the internet is like a home with many doors just waiting for thieves to turn the handles, to see whether any are unlocked. What they are looking for are vulnerabilities. And these holes always exist, because there are no perfect programs.

"It's like a thousand-door house in which you forget to close one door. The bad guys know they need time, but sooner or later they will find the open one," says Kaspersky.

Those vulnerabilities are then traded.

"In the black market you find everything," says Vicente Diaz, a Spain-based expert in computer security. "You can access thousands of previously infected computers to insert malware into and receive credit-card details. In fact, you can buy anything. You pay a certain amount and you forget about everything else.

"Your catch is all for you."

What the haul might be, though, is a matter of chance. According to Panda Security, an anti-virus company, 35.5 per cent of all computers worldwide are infected with malware: trojans, worms and viruses designed to take control and purloin everything from passwords and bank-account numbers, to Facebook data, photos and e-mail addresses. Imagine a thief breaking into your house and stealing everything, from the family jewels to your most intimate photos; and then exploiting this information to imitate you - without you even knowing.

Vulnerabilities lose commercial value once companies discover and patch the holes, while the most expensive are the so-called zero-day vulnerabilities: ones that have yet to be made known to tech companies. An unknown vulnerability in Adobe Reader, for instance, currently costs more than US$30,000; a crack in Windows is four times that amount; and a chink in the armour of iOS, Apple's operating system, would set a hacker back more than US$250,000.

All of this has spawned an army of computer experts pursuing the same goal, of blowing software open - for whoever the highest bidder turns out to be.

The Grugq, as he prefers to be known, is "about 30 years old", was born in South Africa and raised in the US and Britain. He identifies himself as a broker, earning for his work "hundreds of thousands of dollars" annually. Don't imagine him to be the type of broker you might encounter in Central, though: he arrives for our meeting at a Chinese restaurant in Bangkok an hour late and carrying a backpack.

According to the Grugq, he links hackers with buyers of digital weapons - primarily governments and intelligence agencies. In any transaction, which can each exceed half a million US dollars, he takes a 20 to 30 per cent cut.

"If you spend a Sunday afternoon working with your computer, charging US$1,000 is not bad," says the Grugq. "But if you have to spend three weeks developing a vulnerability, you expect more than that, [otherwise] it is not worth the investment."

Still, having a vulnerability is not always enough to launch an attack. Typically, that requires a combination of two factors: one technical, the open door; the other participation, for instance someone opening an e-mail with an infected attachment, such as the one sent and opened by that Google executive.

With the click of a mouse on the wrong e-mail message, the hackers are in, anonymous and - despite the best efforts of those attempting to police them - most probably untraceable.

 

 

Share

After reading this article, people also read

Login

SCMP.com Account

or