Joseph Menn, author of "Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet" and keynote speaker at the last CSO Perspectives conference, has a report in Reuters about the hacking of VeriSign.
He writes that VeriSign, the company responsible for delivering people safely to more than half the world's websites (specifically addresses ending in .com, .net and .gov), was hacked repeatedly in 2010 by outsiders who made off with undisclosed information. He reported:
VeriSign said its executives "do not believe these attacks breached the servers that support our Domain Name System network," which ensures people land at the right numeric Internet Protocol address when they type in a name such as Google.com, but it did not rule anything out. VeriSign's domain-name system processes as many as 50 billion queries daily. Pilfered information from it could let hackers direct people to faked sites and intercept email from federal employees or corporate executives, though classified government data moves through more secure channels.
"Oh my God," said Stewart Baker, former assistant secretary of the Department of Homeland Security and before that the top lawyer at the National Security Agency. "That could allow people to imitate almost any company on the Net." The VeriSign attacks were revealed in a quarterly U.S. Securities and Exchange Commission filing in October that followed new guidelines on reporting security breaches to investors. It was the most striking disclosure to emerge in a review by Reuters of more than 2,000 documents mentioning breach risks since the SEC guidance was published.
The intrusions will likely become a PR nightmare for VeriSign, reminiscent of the earthquake RSA suffered last year after discovering it had been the victim of an "advanced persistent threat" (APT).
I just hope the company comes clean soon about what happened and, most importantly, what it is doing to protect all those customers.
When Menn writes about something like this, I'm inclined to take it seriously. His book is a must-read for anyone who wants to understand the culture, motivations and psychology of the people behind these sustained attacks.
At CSO Perspectives last April, he painted a portrait of what we're up against. Particularly interesting was his view of Russia, long the stereotypical haven of black hat hackers. Interesting enough to share here.
He explained why there is so much criminal activity in Russia this way:
In Russia there is no Silicon Valley where computer experts can make a living. Jobs are scarce, and the Russian world view of crime is different from, say, the U.S."Cyber crime is just another career opportunity to them," Menn said. "Even the good guys are on the take. The way to tell if it's a good guy is to find out what he's taking the bribe for."For Russian law enforcement, cybercrime cases are another revenue stream.
During one of my own visits to Kaspersky Lab's Woburn, Mass. office in 2007, Eugene Kaspersky essentially told me the same thing.
Seated at a conference table with the digital recorder running, I asked him why so much malware was coming out of Russia. He explained that after the break-up of the Soviet Union, a lot of computer programmers and code writers had nowhere to go. It became a game of earning a living any way you could. As the criminal underworld began to see the value of launching their hits in cyberspace, a big job opportunity arose.For those writing the malware, Kaspersky said, it's not unlike the fellows working on missile technology at Raytheon in the U.S. They're not the one who will pull the trigger if the weapons are used. They just build it and have little idea of where their handiwork is later used.For the typical Russian hacker, it's a similar mindset. They just write the stuff. They're not necessarily the ones launching the attacks and picking the targets.
Whether the attackers are Russian or Chinese, and whether the victim is an RSA or a VeriSign, this has sadly become the new normal.