The high profile cyberattack on Sony and discovery of the Regin malware infecting databases around the globe have generated a great deal of news coverage in recent days, as security experts reinforce the message that no systems are truly safe. But the real story behind the headlines is that these attacks carry all the hallmarks of well-financed and carefully developed intrusions that could only be accomplished by nations themselves, not organized crime or renegade groups of hackers.
A number of experts are speculating that the Sony attack, which has resulted in the theft of unreleased films and sensitive files including social security numbers and employee salary data, was developed and led by the government of North Korea. The country's leader, Kim Jong Un, was reportedly upset that a Sony film to be released soon featured a plot centered around an attempt to assassinate him.
Further evidence of this can be found in Sony's decision to hire Mandiant to determine the source of the breach. Mandiant previously worked with The New York Times to identify the Chinese government as the source of an attack on the newspaper last year, and the firm specializes in research into the growing rise of cyberattacks by nation states.
The source of the Regin virus, a highly complex piece of malicious software that was discovered at the end of last month by Symantec, has yet to be conclusively identified. However, the purported targeting of Belgacom, a large Belgian telecommunications company that supports the European Union's headquarters in Brussels, had led many to believe that a sophisticated government entity is behind the spying malware.
"Lots of world governments would presumably benefit from knowing what the EU was thinking or intending to do at any given time," points out Craig Carpenter, President and COO of Resolution1 Security, a company headquartered in Menlo Park, California that provides incident resolution technology solutions to global enterprises and governments.
Carpenter, whose firm recently spun off from the Access Data Group, agrees that it is still unclear who built the Regin virus. But his company's work with clients around the world is helpful in understanding how to know whether a particular attack is the work of a lone hacker or a fully-resourced government.
According to Carpenter, hacking by organized crime or renegade individuals generally is driven by economic motives. This is in contrast to state sponsored attacks, which go after information of value to foreign governments or to gain a competitive advantage (such as theft of military secrets).
"Economic hacking has one goal only - to make as much money as quickly and easily as possible," explains Carpenter. "Nothing else matters."
Another key indicator of whether a hack is state sponsored can be found in the sophistication of the tools used. "Economic hackers are often lazy," says Carpenter. Sophisticated tool sets are expensive and time consuming to build, so it is rare to see these in economic hacks, but they are almost always found in state sponsored breaches.
"This is because the systems they seek to penetrate tend to themselves be more robust and closely monitored," says Carpenter. "The attackers want to evade detection and - more importantly - attribution for as long as possible."
This is an obvious clue in Regin which apparently has been operating inside telecoms, research institutions, and governments undetected for perhaps as long as ten years.
The fallout from both the Sony breach and the Regin virus continues on almost a daily basis. Yesterday, it was revealed that the Sony attack resulted in the leaking of the social security numbers of high-profile celebrities to file sharing networks. And although early reports were that Regin targeted systems in the EU and Russia, more recent reports show that networks in India, Pakistan, Brazil and Germany have been affected as well.
These high profile attacks signal a new era in the Internet age where it will no longer be innocent consumers exploited by criminals, but nation against nation. The final verdict about who is behind these sophisticated attacks has yet to be delivered, but experts agree that the clues are hard to miss.