February 07, 2011, 10:34 AM — Cybercrime and cyber-espionage are on the increase and many agree that a clamp down is needed, but how do we balance that with the freedom the Internet provides and that most of us cherish. UK Foreign Secretary William Hague has appealed for governments to come together to agree a set of rules amid growing fears of "cyber war" between states. Addressing the Munich Security Conference, Mr Hague disclosed that as recently as last month the UK had come under attack from a "hostile state intelligence agency" seeking to penetrate the Foreign Office IT system.
Mr. Hague said the intelligence reports he sees as Foreign Secretary show that just one criminal computer programme can harvest over thirty gigabytes of stolen passwords and credit card details from over a hundred countries in a matter of days, causing millions of pounds worth of fraud. Over 40,000 pieces of sensitive information and financial data are traded on the online black market every day, amounting to 13.2 million criminal transactions every year.
Government systems are being targeted too. ZEUS is a well-known piece of malware that attempts to steal banking information and other personal details. In late December a spoofed email purporting to be from the White House was sent to a large number of international recipients who were directed to click on a link that then downloaded a variant of ZEUS. The UK Government was targeted in this attack and a large number of emails bypassed some of our filters. He said government experts were able to clear up the infection, but more sophisticated attacks such as these are becoming more common.
He continued by saying that last year the national security interests of the UK were targeted in a deliberate attack on our defence industry. A malicious file posing as a report on a nuclear Trident missile was sent to a defence contractor by someone masquerading as an employee of another defence contractor. Good protective security meant that the email was detected and blocked, but its purpose was undoubtedly to steal information relating to our most sensitive defence projects.
Mr Hague said that last month three of his staff were sent an email, apparently from a British colleague outside the FCO, working on their region. The email claimed to be about a forthcoming visit to the region and looked quite innocent. In fact it was from a hostile state intelligence agency and contained computer code embedded in the attached document that would have attacked their machine. Luckily, it was intercepted so didn't reach his staff.
Mr. Hague offered to host an international conference later this year to discuss norms of acceptable behaviour in cyber-space, bringing countries together to explore mechanisms for giving such standards real political and diplomatic weight.
He said that, in Britain’s view, seven principles should underpin future international norms about the use of cyberspace: