June 26, 2012, 4:32 PM — Anyone paying any attention to digital security at all knows the whole universe of cybercrime outgrew its hacker roots years ago, when it was largely taken over by organized crime gangs, primarily in the former Soviet Union, China and the United States.
Now it's outgrown organized crime as well, according to Jonathan Evans, head of MI-5, the British internal counter-intelligence and security unit that functions like a combination of the FBI and CIA in the United States.
Despite the resources and experience of a world-class intelligence operation such as MI-5, Britain is all but overwhelmed by complex, persistent, attacks that are anything but trivial early experiments into the potential for cyberespionage and warfare, Evans told attendees at the London Lord Mayor's Annual Defence and Security Lecture yesterday – a large-scale in-depth conference providing public updates on threat- and security issues.
"Vulnerabilities in the internet are being exploited aggressively not just by criminals but also by states. The extent of what is going on is astonishing," Evans said.
State-sponsored cybercrime isn't conducted by small teams assembled for a specific attack, as many organized criminal gangs operate.
With the resources of a whole country behind them, cybercrime has become dominated by "industrial-scale processes involving many thousands of people lying behind both state-sponsored cyber espionage and organised cyber crime," Evans said. "Vulnerabilities in the internet are being exploited aggressively not just by criminals but also by states. The extent of what is going on is astonishing."
The only saving grace so far is that terrorist groups are still struggling to move beyond traditional attacks on civilians to take advantage of vulnerabilities in critical national infrastructure such as electrical utilities, water, sewer, traffic management and secrets housed in government data centers rather than old-fashioned file boxes.
The change is putting corporations at risk as well as government agencies that would be natural targets for foreign security services, Evans said, citing an unnamed London-based company that lost $800 million in a state-sponsored attack earlier this year. MI-5 is currently investigating more than a dozen other major attacks on British corporations as well.
The more connected, automated and digitized Western societies become, the greater the potential danger, Evans warned.