Subscribe to the Free Print Edition!
Celebrating 25 Years

GCN Home > 08/21/06 issue

Malware's tangled roots

Identifying the source of cyberintrusions is a complicated task

By Patience Wait, GCN Staff

The federal government’s computer networks are, collectively, the single largest target in the world.

And within the government, Defense Department systems are the most aggressively pinged—the Global Information Grid, the military’s primary electronic conduit for secure and unclassified network traffic, gets scanned millions of times a day.

Of even greater concern than the volume of attacks is their origin. Of the attacks not originating from the United States, the attempted intrusions come from China and other countries that are, if not exactly enemies, fierce competitors.

Webroot Software Inc. of Boulder, Calif., issues a quarterly report on the geographic launch points of several classes of malware, such as worms, viruses, Trojan horses and key loggers, fired against systems all over the world.

The company currently does not cross-reference attacks with their targets, so there is no way to track the geographic source of attacks against DOD. But as the largest target, DOD more than likely is bearing the brunt of these international raids.

China offensive

And the source of the attacks is shifting. Historically, the largest numbers have come from within the United States. But the percentage of domestic-based attacks has been dropping, and in the first quarter of this year, China-based sites became the single largest source, continuing a trend. In the fourth quarter of 2005, China was second in volume, behind the United States; in the third quarter, China was third, behind the U.S. and the Russian Federation, according to Webroot.

“My sense is there are times that they [China] retrench, they regroup, then get ready for a new attack,” said David Moll, Webroot’s chief executive officer.

By contrast, attacks from the Russian Federation have been dropping—from 17.5 percent in the third quarter, to almost 4 percent in the fourth quarter, to just under 2 percent in the first quarter of this year.

Gerhard Eschelbeck, Webroot’s chief technology officer, is quick to point out that tracing malware back to a server in a particular geographical location does not necessarily mean it was launched from that country, only that security measures may be lax there.

But Lt. Gen. Michael Maples, director of the Defense Intelligence Agency, said in a written statement to the Senate Armed Services Committee in February that nation-states represent the biggest threat to U.S. national security.

More news on related topics: Communications / Networks, IT Security, Defense IT, IT Management



GCN Popup