It’s not surprising to learn that various governments (not just the United States) account for the bulk of online mischief, but it’s a bit sobering to see the numbers laid out by a new Verizon investigative report, summarized by the UK Telegraph: there has been a 300 percent increase in cyber espionage since last year’s report, and government agents are responsible for 87 percent of it. (11 percent came from organized criminals, which I suppose leaves two percent traceable to random jackasses.)
Almost half of the cyber espionage came from China and East Asia, while another 21 percent was sourced to Eastern Europe. Hey, I’ve got a great idea! Let’s surrender American oversight of web domains to some international group that doesn’t exist yet, to soothe hurt feelings about American online surveillance!
If Verizon’s analysis holds up, it would mean quite a few of those annoying “phishing” emails, which try to trick you into giving up personal information or logging on to malware-infested websites, are coming from government espionage agencies. (Considering how clumsy most phishing efforts are, that doesn’t reflect well on the forgery skills of said agents.) Phishing is actually down, thanks to growing interest in the even more dastardly practice of planting traps known as “strategic web compromises” on legitimate websites. You click on an ordinary-looking control on a popular above-board website, unaware that it’s been hijacked by hackers to pump spyware into your system. Maybe these jerks will make the Internet so perilous that everyone stops using it.
The Telegraph quotes security experts who think the Verizon report actually underestimates the extent of hacking, because the problem is growing so fast that each study is already obsolete on the day it’s released. It’s also growing more difficult to detect subtle hacker attacks that steal data or conduct electronic surveillance, rather than obnoxiously wrecking computer systems. I recall predictions of that problem made by security analysts many years ago, as online vandals gave way to stealthier online spies.
It has also been observed that hackers are increasingly focusing their efforts on big targets that seemed all but invincible in previous years, resulting in big stories like the Christmas-season Target retail-store data breach. Banks, government agencies, and professional services with lots of sensitive data are replacing retail operations as the targets of choice, even though they’ve always been seen as tough systems to crack… anecdotal evidence that the advantage hackers enjoy over system defenders is increasing. Defense is always playing catch-up in the computer world, by definition, but it’s alarming to think the imbalance has grown to the point that hackers aren’t even bothering with small, easy targets.