By Brian Krebs
CSO Online
January 22, 2010
The cyber attacks against Google, Adobe and a raft of other top U.S.
corporations late last year were by most accounts sophisticated and targeted attempts to steal proprietary data. But lost in all of the resulting media hoopla over who the remaining victims were and whether Chinese hackers or indeed the Chinese government itself were responsible is the simple, terrifying truth that individual hackers now have access to the same arsenal of cyber weapons once reserved only for nation states.
The weapons at issue are, of course, botnets -- agglomerations of remotely controlled, hacked computers that are used for a variety of criminal purposes, from spam, to high-powered, distributed online attacks against virtual targets. In these attacks, the botnets acted as a sort of "cloud" data collection and storage network.
I caught up recently with Roland Dobbins, a solutions architect with the Asia Pacific division of Arbor Networks, a company that specializes in helping customers defend against botnet attacks. Dobbins said the Google incident a perfect example of how the botnet has enabled what he calls the democratization of espionage.
Brian Krebs: What does that mean."the democratization of espionage"?
Roland Dobbins, Arbor Networks: Well, ten to fifteen years ago, if you were going to be the target of state sponsored or corporate espionage, you yourself were going to be a government or a large corporation that had intellectual property or information that an adversary was going to have to invest a lot of time and effort to pry out of you. What we have seen over the last five to seven years is that the botnet has democratized that process, so that now an individual can commit his own intelligence reconnaissance and espionage, whether at arms legth on behalf of a state, on his own, or whether he's doing it for corporate espionage. This whole process has tons of implications for national and corporate security, and for individual privacy.
[...]