Israel espionage case points to new Net threat

The coming of ‘targeted attacks’
Some call the program used in the Israeli case a computer virus; others, spyware.  But whatever the lingo, those doing the Internet's really dirty work are much more subtle than their predecessors. The authors of the Melissa and LoveBug viruses wanted to infect as many computers as possible. Those who make adware and spyware want to hijack as many machines as possible and display as many pop-up ads as they can, or steal as many passwords as they can.

But the program used in Israel, now called "Rona" by anti-virus firms, takes a very different tactic. It’s narrowly focused. It doesn’t call attention to itself.  And it operates well below the radar of most modern anti-virus and anti-spyware products. Those computer safety products generally rely on lists of known malicious programs, which they hunt for on a user’s computer. But to do so, the security firms need to know what they are looking for. Before the Israeli investigation was revealed two weeks ago, no one in the security industry had a copy of Rona, so anti-spyware and anti-virus software didn't spot it.

“The problem for anti-virus companies was they couldn’t detect this threat because they hadn’t seen a sample,” said Maksym Schipka, a London-based virus expert at MessageLabs. “The scary part of this story is for one and a half years nobody even thought they may be infected. Nobody could imagine they had malware installed on their system.”

That’s why experts say the next great Internet threat, and perhaps the first very real threat, is the advent of what are being called "targeted attacks." Targeted attacks, by hackers for hire, could steal millions of dollars worth of corporate secrets and never be detected. That's far more dangerous than pranksters overwhelming a Web site with traffic for a few hours.

Assessing the size of the corporate espionage problem has always been a challenge; companies struck by it rarely speak out. But privacy expert Larry Ponemon, a former auditor who was at Price-Waterhouse Coopers five years ago when it published the most recent landmark study on espionage, says its far more common than many realize. 

“Unless you've been on the  inside you don't understand how pervasive this problem is," he said. 

In 1999, PriceWaterHouse Coopers said U.S. firms lose $45 billion to espionage, nearly twice the estimate given a few years before by the FBI.

High-tech tools can only be making things worse, Ponemon said. Hiring employees to infiltrate the competition, or to dig through their trash, as Oracle’s Larry Ellison did five years ago to spy on Microsoft, is hard work. Particularly when there’s a simpler way.

MORE FROM SECURITY

Security Section Front

Facebook hit by ‘Control Your Info’ intruder Twitter phishing ploy goes for ‘Direct Messages’ Red Tape: Your chance to spy on Google Hacking ring caught in $9 million fraud Tagged.com settles with states in invite fight Framed for child porn — by a PC virus In China, battles over a new wall Spain: Internet-related child porn on the rise Google providing better view of personal data EU agrees on new Internet user rights Security Section Front   Add Security headlines to your news reader: