January 22, 2010

Ten to fifteen years ago, if you were going to be the target of state sponsored or corporate espionage, you yourself were going to be a government or a large corporation that had intellectual property or information that an adversary was going to have to invest a lot of time and effort to pry out of you. What we have seen over the last five to seven years is that the botnet has democratized that process, so that now an individual can commit his own intelligence reconnaissance and espionage, whether at arms length on behalf of a state, on his own, or whether he’s doing it for corporate espionage.

This is an excerpt from a column of mine that appeared today at CSOonline. Read the rest of it at this link here.


7 thoughts on “The Democratization of Espionage

  1. Jeffrey C

    Good article but kind of misleading. The espionage attack against Google wasn’t done via a botnet. The espionage attacks against U.S. R&D labs operating inside of China and Russia aren’t done via a botnet. They certainly can help collect identifying data that may be used in a CNE operation, but Advanced Persistent Threat, for example, can’t be automated.

    On a separate note, shoot me an email when you have a chance so I can send you a copy of our report on attacks against CI.

  2. Alan

    Brian: Your 1/22 post is a great piece on the risk that individual PC users face as various entities try to expand their botnets to perform espionage. Expanding on the topic of security for PC users, it significant news that Comcast.net has stoped providing McAfee security suite for free and now provides Norton Security for free to all subscribers? How do you advise PC users? Continue with McAfee as long as it is provided or follow Comcast.net and switch to Norton?
    Blessings, Alan

  3. Alan

    FLASH: On Wednesday, 1/20/10, analysts at Comcast.net US centers were surprised to learn that Comcast was quietly in the process of switching from providing free McAfee Security Suite to Norton Security Suite, according to Brian “Nubs”, a Comcast telephone support technical analyst that I just finished with. Internal documents available to Brian show that the Comcast.net website first noted this change on 1/20/10. After 1/20/10, new Comcast.net Broadband customers are no longer being offered McAfee Security Suite, only free Norton Security Suite. A press release and an email blast with wide distribution is scheduled for Tuesday morning, 2/2/10 to announce the decision. Comcast will continue to pay monthly subscriptions for McAfee Security Suite until May 31, 2010. At that time, McAfee will no longer be supported and all Comcast Broadband users will only receive free Norton Security Suite.

    There is some internal confusion between US and India call centers for Comcast.net. Sreejith J.R., my online analyst who handled set up of free Norton Security Suite on my new PC, reported that Comcast would stop providing free McAfee service after 1/31/10. This does not appear to be correct. Sreejith did not have access to the following site which reportedly will allow smooth transition from free McAfee security to free Norton security for Comcast.net Broadband subscribers:
    http://security.comcast.net/norton/resi/migrate/

    Good luck. I hope that this is a useful scoop. Keep up the good work. Alan

  4. Rick

    @Alan:

    ‘How do you advise PC users? Continue with McAfee as long as it is provided or follow Comcast.net and switch to Norton?’

    I can’t believe it. It was already too late ten years ago to abandon Windows. And you’re still on it? And you want advice how to proceed? What part of the message aren’t you getting? The ‘abandon’ or the ‘Windows’?

    Ten years. Nobody not on Windows for these past ten years has been attacked a single time. There’s never been a calamity. Not a single time. Ten years.

    People not on Windows can run absolutely no antivirus software or anything else. They don’t need to. And what are you doing? Hard to give up the old neighbourhood? Something you don’t get?

    What operating system do the botnets have? Where does 97% of all SMTP traffic (the spam) come from? Linux boxen? Mac OS X?

    Advice? Here’s advice. Get off Windows and stop being part of the problem.

    1. infosec_pro

      @Rick: “Nobody not on Windows for these past ten years has been attacked a single time. … People not on Windows can run absolutely no antivirus software or anything else. They don’t need to.”

      Sorry, that is simply not true.

      I have personal knowledge of attacks against desktops running other software.

      Burying your head in the sand doesn’t mean you’re safe. It means you’re less safe.

  5. Peg

    As I commented elsewhere, I couldn’t help but read:

    “if you are on the Internet, you have to assume that there are nation-state level adversaries targeting you to get your information and gain from it”

    initially as:

    “if you are on the Internet, you have to assume that there are nation-state level ADVERTISERS targeting you to get your information and gain from it”

    I’m not sure which is scarier, that I so naturally misread that, or that even after I realized my mistake, the initial misreading still made as much (if not more) sense to me.

    Oh, and McAfee or Norton (Symantec)? That’s easy.

    Neither.

    @Rick:

    “People not on Windows can run absolutely no antivirus software or anything else. They don’t need to.”

    Sorry dude, while I agree that Windows is often the elephant in the room, I still gotta call BS. I’ve seen an OS X boxen as badly riddled with malware as any woebegone Windows machine. Granted the user had to work considerably harder at it, but to claim impunity for *any* OS is a good way to risk suffocation in the sand where your head’s buried.

  6. infosec_pro

    Another great piece of work, thanks Brian!

    I especially liked the section headed “What is the average Internet user supposed to take away from this?” That’s very significant and insightful.

    Keep up the good work!

Comments are closed.