I used to think “cyber war” was the most overhyped security buzzphrase of all time. And it was — until Stuxnet and APTs (advanced persistent threats) arrived. Now, as Bob Violino detailed in his recent InfoWorld article, all-out cyber war has begun.
The 2010 Stuxnet worm is arguably the most sophisticated, successful, and targeted malware of all time. Strongly linked to both Israeli and U.S. government teams, Stuxnet effectively interrupted the Iranian nuclear program. Make no mistake: When one government attacks another government’s infrastructure, we are clearly at war, even though malware is the weapon of choice rather than missiles or boots on the ground.
In response to the Stuxnet attack on the Iranian nuclear program, an Iranian hacker has been quite successful at compromising multiple, trusted, public CA (certification authority) vendors. True, these weakly secured CAs have been hackable all along. The Iranian hacker took advantage of that fact, and after two decades of just a few digital certificates being compromised, we’ve had a wave of compromised CAs and hundreds of fraudulent certificates.
Chinese APT continues to be found in nearly every large company and government throughout the world, although particularly in the United States. Whether or not the Chinese government is directly involved hasn’t been publicly confirmed, but clearly, the perpetrators are gaining access to private intellectual property that the Chinese government has interest in. Chinese APT likely has unfettered access to every major company you can think of. In fact, I know of only one company that appears to remain uncompromised out of the dozens that have invited me to conduct an investigation.