That just finished will certainly be remembered as one of the hottest and most dry seasons since weather data is detected. Probably, summer 2017 will be cited in the future also for the many "turbulences" that have frozen the cyber-space, some of which could even have a historical reach. The list of computer incidents recorded in recent months is, in fact, particularly long, but at least four episodes are certainly worthy of being remembered, as they are intended to "go to school." In particular: the unstoppable publication of the cyber-secrets of the Central Intelligence Agency (CIA), the alleged extended activity of cyber intelligence done to the damages of European and US energy companies, the heavy consequences of the spread of the ransomware NotPetya and the clamorous cyber attack, successful, at US company Equifax.
First things first.
WikiLeaks is proceeding with a weekly rhythm in the spread of documents transmitted to the CIA, concerning the cyber arsenal made available to operating agents. In fact, in some cases these are documents dating back a few years ago, however, it is not possible to determine whether the most recent documents the organization has been able to access or whether they are related to programs now abandoned by the Agency. Nevertheless, it is clear from the analysis of publications that agents have at their disposal an almost infinite series of hacking ready to use, covering a wide range of devices and operating systems. Compared with the above (v.articolo), among them, for example, stand out tools aimed at compromising CCTV surveillance systems in order to cover the operations of operating agents. Or, the program ExpressLane, through which the CIA provided services to intelligence "Friends" from half a world is, in addition to acquiring the biometric data of the agents, he sent them sneaky to the Agency. The purpose of this program is obviously not known.
While Wikileaks revealed this and other secrets, society Symantec warned of the worrying return to the group's scene hacker known by the code name Dragonfly. Already in 2011, the researchers of the aforementioned company discovered an extensive program of hacking launched to the detriment of the European and US energy industries. Specifically, it appears that at that time the group of ignorants had managed to penetrate the systems of these companies to carry out continuous intelligence. Then in 2015 Dragonfly he concentrated, in particular, on the energy sectors of USA, Turkey and Switzerland. Now, instead, using even more refined techniques, it seems that the group is succeeding in penetrating again into American and European systems. What worries more, besides the impossibility to identify the components of Dragonfly, is that they can not even establish their true intentions with certainty. Therefore, it can not be ruled out that the activity in question is predisposed to a "destructive" attack on the energy networks of the countries concerned. Bad story.
In June, however, the ransomware NotPetya has been knocked down globally like a hurricane in the cyber-space, reaping victims especially in Ukraine. In this regard, most analysts agree that it is not a variant of the malware already discovered in 2016 and baptized Petya, as some clues suggest that this is something totally new. First: NotPetya, to propagate in the networks where it can penetrate, exploits some of the already known vulnerabilities used in the past by a group of hacker thought to be close to National Security Agency US. Yet such vulnerabilities should have been overcome, given that patch of security are available from March. Instead, obviously, many users have not yet installed them and in those cases NotPetya did not let go: once it penetrated, it was able to propagate itself on the net, hitting the computer more up to date. Secondly, the redemption payment system requested the users involved in order to obtain the deciphering key and unlock the computer, has been extremely inefficient and has yielded little. Therefore, the real objective of NotPetya it may have been not merely the economic one, but the one to bring about more damage to the activities involved. Third: Ukraine was particularly hit by the malware, because one of the methods of infection used was to hide it in updates of one of business management very much used in that country. A case? Who knows? It is true that, despite the explosion of the analogue case WannaCryptor (v. article) clearly emerged the dangerous phenomenon of proliferation cyber-weapons escaping the control of their "creators", the story of NotPetya shows that it has not been enough to contain that problem. And the consequences nowadays are measured in the millions of dollars. There is something about the giant of MAERSK maritime transport, whose operation has been kneeling by blocking IT terminals infected by NotPetya towards the end of June (v.articolo). Only after a few days of work was it possible to restore full functionality of the systems and this caused a loss for the MAERSK estimated at at least 300 million dollars.
Let's go over to the loud case of Equifax, a US company that has collected, stored and analyzed data, its own business. A particularly good goal for the hacker, as it represents for US personal data what Fort Knox is for North American gold reserves. Well, last September 7 the company was forced to admit that in July it detected an attack on its systems, launched already since May last year, which caused the compromise of data about something like 143 millions of citizens. It means that personal and credit data of about half the US population, as well as a number of British and Canadian citizens, have ended up in strange hands. The consequences for the consumers involved may be many, but one on all concerns more: theft of their identity. There is a swear that in the black market of the so-called Dark web they already have good, cheap "identity packages" ready for use for scams and scams. If this in itself is a very serious fact, it is completely inconceivable the behavior of the company, which made known the incident and the identities violated with at least a month and a half of delay, or almost "a geological era" in 'era of the cyber-space. In short, admitting to an attack and attempting to contain it, too often the second line of conduct is often overlooked, not realizing that in the end, all but the strikers are lost: surely the consumers, but also the company which, however, loses its face and does not, however, allow timely help of the entire community to solve the problem and ultimately reasserts the credibility of the whole world of computer security.
Ultimately, months pass, but the situation of cyber security does not improve. Indeed, the more time is spent and the damage caused by the attacks increases. The dimension cyber, in fact, continues to expand by involving more and more activities of our society, without this process being accompanied by serious measures that resolve the intrinsic security problems of software, of the protocols of communication and of thehardware. The so-called Internet of Things, it also seems to complicate things further because of the increasing number of devices in the network, often made by companies whose core business it is certainly not the development of sure. In addition, investments aimed at increasing the culture and education of citizens on the cyber security, continue to be irrelevant in comparison to the resources used to continuously develop and produce new devices and software, which certainly have only the fact that sooner or later they will accuse some security issue. But really, who cares about all this?
A final reflection on the incident involving a US warship and a civilian vessel east of the Malacca Strait (v.articolo): Many have commented sarcastically about the decision taken by the military authorities to involve the Navy Cyber Team in its investigations. Instead, though it will most likely emerge that the collision was not caused by an attack cyber, the only fact that the US Navy, the most powerful in the world, has taken such a move, should reflect. In a hypothetical conflict between two countries that have both very strong ratios and very different digitization levels (the digital divide applied to asymmetric warfare), which would be the most vulnerable one, the one that would be the most damaging in the event of attacks cyber? We hope we never have to find out.
(photo: web / US Army / NBC news / US Navy)
Main sources:
https://www.kaspersky.com/blog/new-ransomware-epidemics/17314/
https://www.google.it/amp/s/amp.ft.com/content/b8432fc4-60c1-11e7-91a7-502f7ee26895
