Addressing delegates at the 8th annual ITWeb Security Summit, at the Sandton Convention Centre, local and international information security specialists painted a grim picture of the capabilities of highly sophisticated and organised cyber crime networks, and the agility needed from information security specialists to counter their attacks.

Cyber security has moved beyond the IT department to impact governments, enterprises and individuals on a massive scale, and the stakes are high, delegates heard. In short, cyber security today is a war zone.

KNOW YOUR ENEMY

Investigative journalist and author Misha Glenny, a specialist in cyber crime and global cyber crime networks, opened the three-day summit with an overview of global cyber crime networks today.

<a href=

Richard Bejtlich, Mandiant" />With the Internet now the most powerful tool for espionage and crime, “the battle for control of the Internet looks set to become a dangerous free-for-all”, he said. Glenny said the “dark underground” of the Internet is proliferating on the back of the anonymity of the Internet, the disparities in international regulations which make tracing and prosecuting criminals difficult, and the ease with which cyber criminals can organise their activities. A new generation of highly organised criminal organisations is using the Internet to commit mass fraud and espionage, said Glenny. There is a thriving black market trade in personal data, enterprise information and tools to commit cyber crime.

Glenny feels a battle is looming for control over the Internet. Corporate attempts and commercial espionage are proliferating, he noted, and cyber espionage has moved into state arsenals. “People are openly recruiting hackers and Trojan coders for defence and law enforcement purposes.”

THEY’RE ALREADY IN

Misha Glenny

The experts noted that, in spite of the best defences, most companies have already been penetrated by cyber criminals. Usually, companies are not aware of this. Mike Armistead, VP and GM of enterprise security products, Fortify, at HP, said: “Regardless of how much we are spending to keep the adversaries out, they are still getting in. And after they do, we are not successful at finding them. If we continue to think of our defences in a check box, technology-specific and project-based, nothing is going to change for us,” he said.

Richard Bejtlich, chief security officer at Mandiant, noted: “Secure is a nebulous term. In any organisation with over a thousand PC users, someone you don’t want already has access to your network.”

He added that nearly two-thirds of the time, organisations learnt they had been breached from an external source, and these breaches were detected on average eight months after they had happened. “Once you discover them, they already have access to all the information they need,” he said.

WHAT ATTACKERS WANT

Cyber espionage and credit card information are among the main focus areas of cyber crime today, said speakers at ITWeb Security Summit. With social engineering and mobile devices taking hackers to the heart of networks, despite perimeter defences, information security professionals need to adopt new approaches to counterattacks and prevention, said speakers.

Mike Armistead, HP

Security analyst and host of the Risky Business security podcast, Patrick Gray, pointed out that even two-factor authentication as used by banks can be bypassed. “Social engineering trumps two-factor authentication every time,” he said.

Industrial espionage is playing a major role in cyber crime today, said the speakers, with state-supported espionage relatively common among enterprises from China, for example. Bejtlich noted: “Any company doing a large deal with a Chinese company has likely had its systems compromised. Every time I read of a major deal pending with a Chinese company, I know we will be getting a call from the counterparty soon, if we aren’t already helping them.” Mandiant, a global security incident response management firm, last year released a report outlining the activities of a key Chinese organisation, Unit 61398, formally known as the Second Bureau of the People’s Liberation Army’s General Staff Department’s Third Department. The report revealed a seven-year history of digital espionage by Unit 61398 against at least 141 Western companies. Mandiant traced Chinese cyber spying back to a 12-storey office building outside Shanghai.

This is just one of many such groups, Bejtlich said. He noted, on the growth of cyber espionage: “Everybody spies, but it would be nice if the Chinese constrained their activities. They are amazing in terms of the volume and aggressiveness of their hacking.”

Gray commented on China’s “systematic theft of western companies’ intellectual property”: “IP protection is just not culturally held in the same regard for the Chinese as it is in the West. “It’s almost a form of information communism, and you have to give it to them, it has benefited them hugely.”