By Brian Krebs
January 22, 2010
The cyber attacks against Google, Adobe and a raft of other top U.S.
corporations late last year were by most accounts sophisticated and
targeted attempts to steal proprietary data. But lost in all of the
resulting media hoopla over who the remaining victims were and whether
Chinese hackers or indeed the Chinese government itself were responsible
is the simple, terrifying truth that individual hackers now have access
to the same arsenal of cyber weapons once reserved only for nation
The weapons at issue are, of course, botnets -- agglomerations of
remotely controlled, hacked computers that are used for a variety of
criminal purposes, from spam, to high-powered, distributed online
attacks against virtual targets. In these attacks, the botnets acted as
a sort of "cloud" data collection and storage network.
I caught up recently with Roland Dobbins, a solutions architect with the
Asia Pacific division of Arbor Networks, a company that specializes in
helping customers defend against botnet attacks. Dobbins said the Google
incident a perfect example of how the botnet has enabled what he calls
the democratization of espionage.
Brian Krebs: What does that mean."the democratization of espionage"?
Roland Dobbins, Arbor Networks: Well, ten to fifteen years ago, if you
were going to be the target of state sponsored or corporate espionage,
you yourself were going to be a government or a large corporation that
had intellectual property or information that an adversary was going to
have to invest a lot of time and effort to pry out of you. What we have
seen over the last five to seven years is that the botnet has
democratized that process, so that now an individual can commit his own
intelligence reconnaissance and espionage, whether at arms legth on
behalf of a state, on his own, or whether he's doing it for corporate
espionage. This whole process has tons of implications for national and
corporate security, and for individual privacy.
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News