Conspiracy Theory

Don't you just love conspiracy theories? Here's a new one for you.

April 21, 2009: F35 Fighter Jet Program Breached

The Wall Street Journal reports a data breach in the F35 Joint Strike Fighter Jet program. Apparently someone hacked into one of the program's databases – perhaps run by a third party involved in the project – and siphoned off an unknown amount of sensitive information. The breach was in an area connected to the Internet; databases segregated from the Web were not affected.

According to the report, attacks on military and government databases have escalated in the past six months. "There's never been anything like it", a former US official briefed on the matter is quoted, adding that other military and civilian agencies as well as private companies are affected. "It's everything that keeps this country going."

November 14, 2008: A Wave of Corporate Breaches

USA Today's Byron Acohido reports that targeted attacks on corporate resources have ballooned in the previous few months.

October 31, 2008: Trojan Credential Theft Increases Tenfold Since June 2008

RSA FraudAction Lab shared findings from its operation to uncover the Sinowal Trojan. The report showed the following chart. You'll notice a x10 increase in the number of stolen credentials per month during just a few months in summer of 2008.

***

OK – so now lets think.

What can possibly connect a surge of cyber crime attacks on US government and critical infrastructure targets in the past few months; with the steep increase in corporate resources being targeted by cyber criminals; with the x10 increase in the number of computers infected by the notorious Sinowal Trojan?

Is it really a coincidence that consumer security, enterprise security and government security are all under attack in such a short period of time?

I'd say there's one common link.

All of these data points relate to a material change in the fabric of the Internet as a secure medium. A change that started in mid 2008.

Since summer 2008, the hijacking of personal computers for sinister uses has dramatically increased due to breakthrough advancements in infection technologies. SQL Injection botnets hack legitimate websites so they can support 'drive by download' distribution of malware; Paul McCartney's official website was used to this end according to ScanSafe. Phishing-based distribution of malware skyrocketed recently; a good example will be the Gaza Ceasefire Trojan reported by RSA FraudAction Labs. In addition, social networks spread Trojans in what can be literally described as viral marketing. Panda reported an increase of 800% in infection of PCs by malware from first half of 2008 to the second half.

It's all about infection.

In a previous blog called Curse of the Were-Laptop I described a theoretic scenario: Jack, an employee in a sensitive corporate at day, gets infected as a consumer at night. I pointed out that Jack could have been working at a large corporate that handles many business or consumer accounts; A financial services company; A high-security laboratory involved in classified research; A critical infrastructure provider; A government complex; or a military compound.

Because these days it doesn’t really matter. There are so many hijacked personal computers out there that in fact the bad guys have access to ALL of these sensitive spots.

If you operate a large botnet, you could make hijacked PCs available to online fraudsters interested in financial transactions, foreign powers interested in access to sensitive areas in military and government, or international enterprises interested in intellectual property.

The only thing that would change is the payload delivered to the hijacked device. Online fraudsters will use the back door to install a financial Trojan. Foreign powers will it to put a strategically placed sniffer to capture state secrets. International enterprises can leverage the access for industrial espionage.

So here's the conspiracy theory in a nutshell: Private computers back-doors are being used to access corporate, government and military networks.

That's why it's all connected.

The F35 hack. Obama's helicopter program breached. Critical infrastructure penetrated. Government and military resources exposed. Banks and financial services hit by financial Trojans. Corporations penetrated for industrial espionage. It's all linked. It's all part of one overarching theme.

If you think about it, nothing has fundamentally changed in network security; but something has certainly changed in endpoint consumer security. The bad guys may simply ride the wave. They have a back door to all these sensitive resources through hijacked personal computers – many belonging to employees – and simply use it to promote their cause, be it of financial, political or business nature.

Does the link really exist? Are all of these just different "use cases" of the same back door into Internet Security obtained through the proliferation of botnets hijacking personal computers?

Hey, it's just a conspiracy theory. And like any other conspiracy theory, chances are we'll never know the entire truth. You simply decide whether to believe it or not.