Tuesday, May 29, 2012

New malware invokes label "cyber weapon"

New malware invokes label "cyber weapon"

A report from the BBC News online technology section ( http://www.bbc.com/news/technology-18238326 ) highlighted the discovery by Kaspersky Labs of a new malware called 'Flame' and said to be a highly complex virus.

Of particular interest to me was the following taxonomy of attackers set out in the comments of Kaspersky's chief malware expert Vitaly Kamluk:  "Currently there are three known classes of players who develop malware and spyware: hacktivists, cybercriminals and nation states.

Back in 1998 I ran a series of reports published in FEN (Forensic Expert News) into Smart Card Hacking, which was before the successful 1998 attack on GSM SIM Cards ( http://trewmte.blogspot.co.uk/2007/08/cloning-gsm-sim-card-report.html ).

In the FEN Report Part 1 (images of original below) I referred to the following taxonomy of attackers with reference to its source:

"One of the few recent articles that discuss the subject describes the design of the current range of IBM products and proposes the following taxonomy of attackers [ADD+91]:

" Class I (clever outsiders):
They are often very intelligent but may have insufficient knowledge of the system. They may have access to only moderately sophisticated equipment. They often try to take advantage of an existing weakness in thesystem, rather than try to create one.
" Class II (knowledgeable insiders):
They have substantial specialised technical education and experience. They have varying degrees of understanding of parts of the system but potential access to most of it. They often have highly sophisticated tools and instruments for analysis.
" Class III (funded organisations):
They are able to assemble teams of specialists with related and complementary skills backed by great funding resources. They are capable of in-depth analysis of the system, designing sophisticated attacks, and using the most advanced analysis tools. They may use Class II adversaries as part of the attack team."

[ADD+911] DG Abraham, GM Dolan, GP Double, JV Stevens,  "Transaction Security System", in IBM Systems Journal v 30 no 2 (1991) pp 206-229

I thought I would comment on this taxomony of attackers first published in 1991 so that researchers can have traceability back to information that tends to get airbrushed from history in the course of re-invention of newly labelled threats.
Background material
A copy of FEN Index ref: UPD 5/1-Vol1-FEN98 is available upon request (trewmte@gmail.com).

Previous discussions about Cybercrime:

No comments: