Pierluigi Paganini April 13, 2012

The US Government is very close to the theme of warfare being among the countries that invest more in the field. In a cyber security context we can enumerate a huge quantity of cyber threats that daily are designed and enhanced, a heterogeneous world and that includes many different options that could harm military and private sector causing serious damages.

In recent months is the increased concern on the development of botnets that are afflicting the areas critical for a country such as financial and military. White House Cybersecurity Coordinator Howard Schmidt has deep knowledge of the problem for this reason he’s convening federal agencies, law enforcers and private companies to define a common strategy to deal with the threat.

Behind the botnet we can find several type of actors such as cyber criminals, foreign governments and also hacktivist with different purposes like cyber espionage, financial frauds realizations arranging of operation of protest. The components of the botnets could be located everywhere in the world involving several countries, different social contexts and different laws and regulations, for this reason is quite difficult to arrange a unique front to face with the threat.

During the McAfee Public Sector summit in Arlington, Va,  on April 11th, Schmidt declared:

“There’s been a lot of discussion about botnets…trying to identify how many are out there, what they’re doing, what they could do and what the impact could be. I’ve asked my office to engage in a private-public partnership to enhance the nation’s cybersecurity by fighting against bot networks,”

“We’re teaming U.S. internet service providers, search engines, internet vendors, privacy rights advocates and groups and trade associations to tackle this on all fronts. We’re working on developing best practices and an industry code of conduct within the next 90 days.”

The group of work led by Schmidt is spending a sensible effort in the battle, working to reach the following four main goals:

1. to develop principles for addressing the botnets.
2. establish high-level strategies to increase public awareness on the botnets.
3. leverage available consumer-focused information tools and resources to prevent the botnets from the beginning.
4. identify ways of measuring progress.

I agree with the approach of the U.S. government, I believe that the strategy defined and targets are consistent with an approach to the problem that has become indispensable. Essential is to get a snapshot of the current situation and to define method to measure of extent of spread of the threat.  The definition of a process of measuring and the defining of a set of indicators that can provide a status on the evolution of the threat are essential steps, however it is necessary that these parameters must be universally recognized. Another key to fighting the proliferation of botnets is able to increase the level of awareness of the threat in each sector while also providing the tools necessary to tackle the problem.

As repeatedly stressed there is no clear line between cybercrime and warfare, botnets are a serious threat from the deadly offensive potential. Through the establishment of a botnet is possible to attack the nerve centers of a country, isolate attacks can target its critical infrastructures, create serious problems in areas like finance, communications and transport. That is cyber warfare, no matter if behind the attack there is a foreign government or ruthless criminals, the risk is high and face the threat has high priority.

“We’re looking at what [botnets] might do to a business’s infrastructure, to personally identifiable information – identity theft, credit card fraud, et cetera – but it goes beyond that. What we’re beginning to see is about 4 million new botnet infections every month…it’s a moving target,”

Schmidt said.

What most worries the U.S. government is the high rate of spread of malware in the private sector, not easy to contrast the phenomenon. That it has-been estimated one in ten Americans has some kind of malicious software on Their devices.  To aggravate the scenario is the rapid spread of mobile industry in my opinion one of the most vulnerable in security. To an impressive growth in the demand is not corresponded the awareness of the threat, the user ignores most of the time the potential of its smartphone and threats which it is exposed.

To remain in topic a mobile botnet is a botnet that targets mobile devices such as smartphones, attempting to gain complete control of the mobile. Mobile botnets take advantage of unpatched exploits to provide hackers with root permissions over the compromised mobile device, enabling hackers to send e-mail or text messages, make phone calls, spy on users, access contacts and photos, and more.
The main problem is that botnets go undetected and this make really difficult to tackle.  The malware spread them self sending the agents to other devices via e-mail messages or text messages.

Examples of mobile botnets are DreamDroid and TigerBot (SMS Controlled Android Malware) malware that compromised Google Android devices, Zitmo (zeus varian) that targeted Blackberry platform and CommWarrior which affected Symbian devices. The last in order of time is TigerBot, a new form of Android malware controlled via SMS messages that can record phone calls, upload the device’s GPS location, and reboot the phone, among other operations executable in the command preventing the message from being seen by the user. TigerBot tries to hide itself from the user by not showing any icon on the home screen and by using legitimate sounding app names (like System) or by copying names from trusted vendors like Google or Adobe. “TigerBot”, differs from “traditional” malware in that it is controlled via SMS rather than from a command & control (C&C) server on the Internet. The polymorphism of the threats and the genesis of new variants are the issues that most concern, these hacks and malware would essentially turn the phones into “zombies” in order to respond to external orders.

According to Schmidt it is necessary to act immediately, let me conclude with a meaningful affirmation the he said:

“One of the clear issues we won’t be doing anymore is to just sit back and admire the problem. We’ve done that for too long. We’ve written strategy after strategy…it’s time to move beyond the strategies and actually move into an environment where we’re executing on these strategies,”

 

Pierluigi Paganini