Blog Archives

The internet  and the current phenomenon of social media has changed the way we communicate, do business and even socialize,  it is a paradigm shift that society has embraced at such speed and ease that rarely a moment goes by in a civilised nation where such technology has not impacted each and every person.

The way in which social media flourishes is that it requires engagement and ‘engagement’ is encouraged by ‘sharing’, and ‘sharing’ comes in various forms whether it be via Facebook’s or LinkedIn ‘Likes’ or actual ‘sharing’ buttons, to sharing the mobile App you have downloaded via a ‘share’ button.

Sharing introduces a whole new realm to how we perceive trust. Studies have shown that the majority of the figures below are a result of people ‘sharing’.

General Internet statistics 2012

• In one day on the Internet:
  • Enough information is consumed to fill 168 million DVDs
  • 294 billion emails are sent
  • 2 million blog posts are written (enough posts to fill TIME magazine for 770 million years)
  • 172 million people visit Facebook
  • 40 million visit Twitter
  • 22 million visit LinkedIn
  • 20 million visit Google+
  • 17 million visit Pinterest
  • 4.7 billion minutes are spent on Facebook
  • 532 million statuses are updated
  • 250 million photos are uploaded
  • 22 million hours of tv and movies are watched on Netflix
  • 864,000 hours of video are uploaded to YouTube
  • More than 35 million apps are downloaded
  • More iPhones are sold than people are born

(http://thesocialskinny.com/100-social-media-mobile-and-internet-statistics-for-2012/)

As we know ‘sharing’ brings trust, loyalty and generally out of this comes relationship development, whether personal or professional and in turn it is here vulnerabilities may emerge.

Recently the media has been awash with not only industrial cyber espionage reports but of a major issue facing the internet community and that is ‘country sanctioned’ cyber espionage and or attacks.

History may one day reveal that as the United States fretted over the possibility of a “cyber Pearl Harbor” – a catastrophic attack that would take down electrical grids – its economic lifeblood was being slowly drained away by a massive hacking enterprise located in the People’s Republic of China. (Magnuson, 2012)

Cyber Command Commander Army Gen. Keith Alexander last year called the cyber-espionage being conducted against U.S. companies the largest transfer of intellectual property from one nation to another in the history of the world. (Magnuson, 2012)

Eric Rosenbach, deputy assistant secretary of defense for cyber policy, said the nation is not as focused on intellectual property theft as it should be. A catastrophic cyber war is important to prepare for, but an unlikely scenario. Stealing data important to the nation’s economic security, meanwhile, is occurring here and now. (Magnuson, 2012)

We all have seen them on our travels or have had friends bring back ‘knock offs’ from trips to Asia, watches, handbags, sunglasses, fashion items even IPHONEs and computer software. All produced with such high quality similarities that it is hard at times to distinguish the ‘fake’ from the real item.

The proliferation of the internet and its related activity has allowed for ‘copying’ to occur at a rate that cannot be controlled or monitored. The aforementioned figures identify the staggering internet traffic and streaming that is taking place on any given day.

Experts describe a large, technologically advanced and well organized enterprise coming out of China that is going after businesses large and small. Any firm that has a trade secret, or could be used as a stepping stone to a larger company, is a potential target. Intellectual property theft has the potential to erode a company’s profits or even bankrupt it. There is no magical software that can stop every intrusion attempt, but even companies with few resources can take steps to mitigate the risk, experts told National Defense. (Magnuson, 2012)

To thwart the Chinese cyber-espionage enterprise, it is important to characterize it. In the world of network security, it was once called the “advanced persistent threat.” But government officials have done away with using that euphemism: it’s China, they now say. The October 201 1 “Foreign Spies Stealing U.S. Economic Secrets in Cyberspace” report, produced by the FBI‘s office of  national counterintelligence executive, acknowledged that the attacks came from China, but stopped short of blaming the Chinese government, which routinely denies involvement. (Magnuson, 2012)

Jason Lewis, chief technology officer of Looking Glass Cyber Solutions, said, “In general, when you have a situation where the state runs everything, you have to assume that the state is involved in any enterprise.”

Phishing Attacks

In country “scouts” doing the reconnaissance are increasingly using social media websites to gather personal information to use in phishing attacks, said Dave Papas, chief operating officer of Cyveillance, a subsidiary of QinetiQ North America that provides security for Fortune 500 companies. (Magnuson, 2012)

Friends, hometowns, hobbies, anything that can be placed in the email to make the target believe it is a legitimate message, can be used and every piece of information is a means to an end.

It was recently reported in the Australian Financial Review that  an “…Australian chief executive was travelling in China recently when he received a curious email from his adult daughter asking if “Daddy” was having a good time. But it wasn’t his daughter who had sent the email…” (Grigg, 2013) It was a ‘phishing’ attack to penetrate the chief executives lap top and such a line in the email idicates the logistical efforts of a well resourced and technologically advanced team to not only hack into the executives daughters email but to establish his travel movements and the like. Had it not been for the executive being alert and realising that his daughter had not called him ‘daddy’ for a long time, the attempt by the perpetrators failed on this occasion.

This attack is a clear example of an attack that attempts to infiltrate a network in the form of an phishing email, a well-crafted letter that seemingly comes from a friend or business associate. This tactic has not changed in years, but is growing more sophisticated and frequent. Why? Phishing attacks work and, “it is a lot easier to control humans than the technology,” said Rick Doten, vice president of cybersecurity for DMI, a firm that does work for the U.S. government. (Magnussen, 2012)

This example clearly, supports that we must not count on it being written in anguished English like the common scam letters purportedly originating from Nigerian princesses as it is common place now that native speakers of English are helping compose the phony emails.

Once an attachment or a link to a fake website is opened, specialists in moving around a network without being detected take over and probe for other vulnerabilities. This may mean taking over an email account in order to generate more trusted, fake emails as most likely would have bene the case with the example identified in the Australian Financial Review.

It is well founded that smaller companies, particularly in the defense industrial base, may be used to go after bigger companies – big prime contractors – higher in the food chain. Once the cyberspies have located the information they want, another team takes over to exflltrate it. It is ideally ferreted away in normal traffic without being detected. (Magnussen, 2012)

Unit 61398

Unit 61398 Shanghai

Open source defence journals have reported the following:

Grigg, A, 2013, ‘Australian Execs Among Those Hacked In China’ The Australian Financial Review, 26 January 2013.

Magnuson, S. (2012). Stopping the chinese hacking onslaught. National Defense, 97(704), 26-28. Retrieved from http://search.proquest.com/docview/1026586020?accountid=8289

Social Skinny, 2012, http://thesocialskinny.com/100-social-media-mobile-and-internet-statistics-for-2012/