Ongoing attacks, increasing capabilities, and problems of Net governance.


This week, the French government confirmed that its Finance Ministry came under a cyber attack in December 2010. The attack targeted files related to the February G20 Summit in Paris as well as other international economic matters, and affected 150 out of 170,000 computers. According to an anonymous official, “a certain amount of the information was redirected to Chinese sites.” However, direct attribution is difficult to discern. It has been reported that the attack likely started with a Trojan-infected e-mail.

Last week’s DDoS attacks on WordPress and South Korea government and corporate institutions were also linked to China. However, the Chinese government has denied its role in the attacks, while an Infosec Island article pointed out that, “Correctly determining the origin of an attack is difficult as the evidence is largely circumstantial, so attribution remains somewhat of a guessing game.” Nonetheless, concerns over China’s cyber capabilities remain. Yesterday, Director of National Intelligence James Clapper expressed his concerns about China’s growing capabilities in cyber warfare and intelligence gathering to the US Senate Armed Services Committee: “The Chinese have made a substantial investment in this area, they have a very large organization devoted to it and they’re pretty aggressive.” He also stated, “This is just another way in which they glean information about us and collect on us for technology purposes, so it’s a very formidable concern,” and that China is a “mortal” threat to the United States. (It must be pointed out however, that US politicians have condemned James Clapper for extreme comments, with one senator pressing for Clapper’s resignation.)

The view from China is that it too is a victim of cyber attacks. On Wednesday March 9, a report from the National Computer Network Emergency Response Technical Team/Coordination Center of China said that in 2010, attacks on government agency Web sites had increased by 68 percent while 4,600 Chinese government Web sites had content modified by attackers.


States have continued to shore up on cyber security. After Nasdaq and a group of oil/gas companies fell victim to cyber attacks, the US Congress began rallying around the Cybersecurity Enhancement Act of 2010. In the meantime, the Department of Homeland Security has requested USD 57 billion for the 2012 budget, some of it which will be used to advance cyber security initiatives. Meanwhile, the Science Applications International Corporation (SAIC) was awarded a cyber security contract (with a value of up to USD 219 million) by the US Space and Naval Warfare Systems Center Pacific to provide technical services for cyberspace operations.

UK Government Communications Headquarters is also expected to receive major funding (GBP 650 million), with the GCHQ’s Cyber Security Operations Centre to receive a large part of the funds. According to eWeek, “The funding will allow the unit to expand significantly, building on its expertise in online threats to national security. As part of the government’s strategy, CSOC will partner with major communications, power and transport providers, allowing the intelligence agency to analyse streams of data from these firms for evidence of hacking.”

As the cyber domain becomes a booming growth sector with large amount of funds being put into cyber security initiatives, Andy Stevens (Chief Executive of Cobhan) has stated that the price of cybersecurity firms have been pushed to “ludicrous” levels.

The European Union and Portugal have started to move on addressing cyber threats. Earlier this week, the European Network and Information Security Agency (ENISA) released a study on the botnet threat and how to address it. In Portugal, a partnership between a Ministry of Culture affiliated organization and the local music industry has led to a protocol calling for a honey pot scheme to combat piracy and collect IP address of file sharers. This move has been denounced as being both undemocratic, possibly illegal, and an invasion of privacy.

It appears that the Egyptian and the Iranian state have started to step up on cyber offensive capabilities. This week, Brigadier General Gholamreza Jalal of the Iran’s Revolutionary Guard put out a call for “hackers who are willing to work for the goals of the Islamic Republic with good will and revolutionary activities.” In Egypt, a sale offer for FinFisher extended to the the State Security Investigation Department was discovered.

According to F-Secure, FinFisher appears to be an Intrusion and Spying software framework, developed and sold by the Gamma Group, which seems to include “infection proxy” and various intrusion tools. It is unclear whether Egypt has purchased the tool.


Between February 28 and March 1, 2011, the Internet Corporation for Assigned Names and Numbers (ICANN) and the Governmental Advisory Committee (GAC) met in Brussels to “Identify the specific differences between GAC advice and the current implementation of the new Internet generic Top Level Domains (gTLDs) policy recommendations embodied in the Applicant Guidebook,” and to “arrive at an agreed upon resolution of those differences; or for those issues not resolved, identify what differences remain.” For Milton Mueller, the meeting was a “wreck,” as governments and brand owners demanded a revision and resubmission of the policy: “The very fact that the Brussels meeting took place at all meant that the ICANN Board, which tells the world that it makes policy in a multi-stakeholder, open, fair, bottom-up process, has conceded that it really has no defined process. We can all participate in a process and come to a decision that satisfices us, but if anyone powerful demands a “re-do” then ICANN can and will oblige.”

ICANN is a not-for-profit public-benefit corporation, running under contract with the US government. Since then, governments have increasingly sought control over domain name authority—the Obama Administration recently proposed that that authority be given to world governments to veto any new proposed top level domain. (See Mueller’s analysis of the proposal here).