Losing a virtual war

Virtual battles may sound like the stuff of fantasy. But Kat Slowe investigates the real possibility that humanity is currently experiencing a virtual war.

  • E-Mail
By  Kat Slowe Published  April 30, 2009

Virtual battles may sound like the stuff of fantasy. But Kat Slowe investigates the real possibility that humanity is currently experiencing a virtual war.

"Iwould like world domination. I don't want total destruction, just total control," the hacker says.

Ruslan, at just seventeen years old, claims he has ‘learnt the power of insecurity.' He wishes to remain anonymous. But then the underground world of which he is a part is a faceless one, even if it is drawing increasing attention on the international stage.

Due to a large number of successful security breaches in recent months, ‘hackers' are receiving a growing level of global media coverage. Recent incidents include the discovery of a spy network, ‘Ghost Net,' which was reported to have compromised around 1,295 machines in 103 countries, within organisations ranging from NATO, to embassies and banks. In January, hackers also hacked into online recruiting website ‘Monster' and stole the confidential details of 4.5 million people.

And perhaps the greatest threat to internet security today is the ‘Conficker' worm, which caused international alarm when it was discovered last October. It is generally considered to be the biggest network worm of the 21st century - with the UK Ministry of Defence and even British warships admitting infection.

The Middle East is not exempt from this threat. A warning was recently issued by Mark Chaban, commercial market strategy group director of Microsoft Middle East and Africa, requesting that computer users in the region do not become complacent.

The warning came after it was noticed by Microsoft that there has been a growing number of cybercrime incidents in the region. In particular, the company pinpointed Qatar as being under increasing threat.

In 2008, Microsoft noted a higher level of computers infected with malware or unwanted software in the GCC, compared to 2007. Bahrain was the most affected country, with 29.2 percent of its systems (under Microsoft) infected. Qatar came second with 16.1 percent. The number of security breaches and incidents of identity theft is also reported to have risen and to be creating concern in business and government circles.

A hackers' conference, named ‘Hack in the Box' took place in Dubai last month to discuss cyber security concerns in the region. Topics discussed ranged from modern threats and cyberwar to the protection of airports, and other high security facilities.

"The type of attacks we are seeing in the GCC is five years behind what we are seeing in Europe and North America," Dhillon Andrew Kannabhiran, founder and CEO of Hack in the Box, says. "It's still quite focused on defacement and what we consider minor targets... but it is coming."

Part of the Middle East's potential vulnerability to hacking, according to Kannabhiran, stems from the lack of local expertise in cyber security and the need to bring in foreign experts to handle internet security matters.

Though he believes this will eventually change, he considers that the transfer of knowledge has yet to take place. And it is also, he admits, impossible to determine whether more serious internet attacks are not already occurring in the region, as in a large number of cases, he explains, a victim will not wish to publish their vulnerability.

"Who is to say that is not already happening?" he explains. "Just because it is not reported does not mean it is not happening. You have to assume that it is. There have been banks in Malaysia that have had security issues affecting them, but nobody knows about it because it has never been reported on. It is just shoved under the table. Who is to say it is not happening here as well?"

The Middle East, Kannabhiran says, has also not escaped infection by the notorious Conficker worm. The highly effective Conficker worm attacks computers in two different ways; through an infected USB drive and by connecting via a network, such as through file or print sharing.

The most frightening aspect of the Conficker worm is that no one really knows its objective. It was supposed to activate on April 1, but as the day came and passed, though the worm updated itself, there were no visible consequences.

"Nothing happened," Kannabhiran says, "so no one knows what is going to happen next. It is in the code.

"Everyone was saying ‘the internet is going to melt down on the first of April. Everything is going to come to a standstill.' The internet is still running, but this is not to say that this is over.

"Just recently, Conficker, version C, came out and we still haven't figured out what is the ultimate motive. All we know is that this virus has infected a lot of machines and it is sitting there waiting for instructions. But what exactly it is supposed to do or what will it do, nobody knows. Is it going to launch attacks against particular companies, particular infrastructure or particular countries? Nobody knows."

Another curious fact is that Conficker has actually been designed not to connect to antivirus companies. The range of IP addresses that belong to security companies such as McAfee and F Secure are actually defined in the virus, so the virus will never scan or connect to these machines.

"They will never connect to F Secure, so the antivirus companies cannot (easily) get a sample of the malware," Kannabhiran says.

"The hackers have actually thought well ahead there. They have actually done the research. They have bothered to go out and find out which IP addresses belong to this antivirus company to be sure that their virus can never connect to them, so they do not give away their secrets.

This makes it hard for the antivirus companies to track the perpetrators down and stop them. No one even knows what nationality the hackers are, but they have successfully managed to infiltrate several million computers. This may not seem a threatening percentage of internet users globally, but Kannabhiran explains why this number is easily large enough to create serious havoc: "It seems like a very small portion, however, it doesn't take many computers to bring an entire country down.

"In Malaysia, you have got three one hundred megabyte connections coming into the country. Most people in Europe have a hundred megabyte connection to their house.

"As a home user, if I control ten computers in Europe, I could crash one internet link to Malaysia, because I could saturate that one hundred megabyte link. So it doesn't need a million computers to bring a country down."

3452 days ago

A Matter of Correct the facts. In response to: 1. "the attacks seen in the GCC are 5 years behind the rest of the world". -> Actually: Many attacks seen in elsewhere in the world are seen here first, as are numerous new worms - fact. 2. Viruses ....They will never connect to F Secure, so the antivirus companies cannot (easily) get a sample of the malware," .... -> Actually: - Antivirus vendors use non-traceable honeynets and customer submissions to get samples as well as underground websites - fact. 3. Kudos to EvilFingers for sticking to the facts.

3610 days ago

"This is not the only terminology distinct to the hacking community. Crackers are often known by the title ‘black hats.' ‘White hats' and ‘grey hats' are also part of the mix - like white witches, white hats only work on the side of good, but grey hats may break the law occasionally (while not having turned completely over to the dark side)." This is not true. Crackers are bad guys, yes, but hats are used for hackers and that does not involve with cracking anything. Everything else is perfect.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code