|
Cyber-collection refers to the use of cyber-warfare techniques in order to conduct espionage. Cyber-collection activities typically rely on the insertion of malware into a targeted network or computer in order to scan for, collect and exfiltrate sensitive information. Cyber-collection started as far back as 1996, when widespread deployment of Internet connectivity to government and corporate systems gained momentum. Since that time, there have been numerous cases of such activity.〔Pete Warren, ''State-sponsored cyber espionage projects now prevalent, say experts'',(), The Guardian, August 30, 2012〕〔Nicole Perlroth, ''Elusive FinSpy Spyware Pops Up in 10 Countries'',(), New York Times, August 13, 2012〕〔Kevin G. Coleman, ''Has Stuxnet, Duqu and Flame Ignited a Cyber Arms Race?'',(), AOL Government, July 2, 2012〕 In addition to the state sponsored examples, cyber-collection has also been used by organized crime for identity and e-banking theft and by corporate spies. Operation High Roller used cyber-collection agents in order to collect PC and smart-phone information that was used to electronically raid bank accounts.〔Rachael King, ''Operation High Roller Targets Corporate Bank Accounts'',(), June 26, 2012〕 The Rocra, aka Red October, collection system is an "espionage for hire" operation by organized criminals who sell the collected information to the highest bidder.〔Frederic Lardinois, ''Eugene Kaspersky And Mikko Hypponen Talk Red October And The Future Of Cyber Warfare At DLD'',(), TechCrunch, January 21, 2013〕〔Mark Prigg, ''The hunt for Red October: The astonishing hacking ring that has infiltrated over 1,000 high level government computers around the world'',(), Daily Mail, January 16, 2013〕 ==Platforms and Functionality== Cyber-collection tools have been developed by governments and private interests for nearly every computer and smart-phone operating system. Tools are known to exist for Microsoft, Apple, and Linux computers and iPhone, Android, Blackberry, and Windows phones.〔Vernon Silver, ''Spyware Matching FinFisher Can Take Over IPhones'', (), Bloomberg, August 29, 2012〕 Major manufacturers of Commercial off-the-shelf (COTS) cyber collection technology include Gamma Group from the UK〔(FinFisher IT Intrusion )〕 and Hacking Team from Italy.〔(Hacking Team, Remote Control System )〕 Bespoke cyber-collection tool companies, many offering COTS packages of zero-day exploits, include Endgame, Inc. and Netragard of the United States and Vupen from France.〔Mathew J. Schwartz, ''Weaponized Bugs: Time For Digital Arms Control'', (), Information Week, 9 October 2012〕 State intelligence agencies often have their own teams to develop cyber-collection tools, such as Stuxnet, but require a constant source of ''zero-day exploits'' in order to insert their tools into newly targeted systems. Specific technical details of these attack methods often sells for six figure sums.〔Ryan Gallagher, ''Cyberwar’s Gray Market'', (), Slate, 16 Jan 2013〕 Common functionality of cyber-collection systems include: *''Data scan'': local and network storage are scanned to find and copy files of interest, these are often documents, spreadsheets, design files such as Autocad files and system files such as the passwd file. *''Capture location'': GPS, WiFi, network information and other attached sensors are used to determine the location and movement of the infiltrated device *''Bug'': the device microphone can be activated in order to record audio. Likewise, audio streams intended for the local speakers can be intercepted at the device level and recorded. * ''Hidden Private Networks'' that bypass the corporate network security. A compute that is being spied upon can be plugged into a legitimate corporate network that is heavy monitored for malware activity and at same time belongs to a private wifi network outside of the company network that is leaking confidential information off of an employee's computer. A computer like this is easily set up by a double-agent working in the IT department by install a second Wireless card in a computer and special software to remotely monitor an employee's computer through this second interface card without them being aware of a side-band communication channel pulling information off of his computer. *''Camera'': the device cameras can be activated in order to covertly capture images or video. *''Keylogger and Mouse Logger'': the malware agent can capture each keystroke, mouse movement and click that the target user makes. Combined with screen grabs, this can be used to obtain passwords that are entered using a virtual on-screen keyboard. *''Screen Grabber'': the malware agent can take periodic screen capture images. In addition to showing sensitive information that may not be stored on the machine, such as e-banking balances and encrypted web mail, these can be used in combination with the key and mouse logger data to determine access credentials for other Internet resources. *''Encryption'': Collected data is usually encrypted at the time of capture and may be transmitted live or stored for later exfiltration. Likewise, it is common practice for each specific operation to use specific encryption and poly-morphic capabilities of the cyber-collection agent in order to ensure that detection in one location will not compromise others. *''Bypass Encryption'': Because the malware agent operates on the target system with all the access and rights of the user account of the target or system administrator, encryption is bypassed. For example, interception of audio using the microphone and audio output devices enables the malware to capture to both sides of an encrypted Skype call.〔Daniele Milan, The Data Encryption Problem,(), Hacking Team〕 *''Exfiltration'': Cyber-collection agents usually exfiltrate the captured data in a discrete manner, often waiting for high web traffic and disguising the transmission as secure web browsing. USB flash drives have been used to exfiltrate information from air gap protected systems. Exfiltration systems often involve the use of reverse proxy systems that anonymize the receiver of the data.〔Robert Lemos, ''Flame stashes secrets in USB drives'',(), InfoWorld, June 13, 2012〕 *''Replicate'': Agents may replicate themselves onto other media or systems, for example an agent may infect files on a writable network share or install themselves onto USB drives in order to infect computers protected by an air gap or otherwise not on the same network. *''Manipulate Files and File Maintenance'': Malware can be used to erase traces of itself from log files. It can also download and install modules or updates as well as data files. This function may also be used to place "evidence" on the target system, e.g. to insert child pornography onto the computer of a politician or to manipulate votes on an electronic vote counting machine. *''Combination Rules'': Some agents are very complex and are able to combine the above features in order to provide very targeted intelligence collection capabilities. For example, the use of GPS bounding boxes and microphone activity can be used to turn a smart phone into a smart bug that intercepts conversations only within the office of a target. *''Compromised cellphones''. Since, modern cellphones are increasingly similar to general purpose computer, these cellphones are vulnerable to the same cyber-collect attacks as computer systems, and are vulnerable to leak extremely sensitive conversational and location information to an attackers.〔(how to spy on a cell phone without having access )〕 Leaking of cellphone GPS location and conversational information to an attacker has been reported in a number of recent cyber stalking cases where the attacker was able to use the victim's GPS location to call nearby businesses and police authorities to make false allegations against the victim depending on his location, this can range from telling the restaurant staff information to tease the victim, or making false witness against the victim. For instance if the victim were parked in large parking lot the attackers may call and state that they saw drug or violence activity going on with a description of the victim and directions to their GPS location. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Cyber-collection」の詳細全文を読む スポンサード リンク
|