PUNTA CANACostin Raiu is a cautious man. He measures his words carefully and says exactly what he means, and is not given to hyperbole or exaggeration. Raiu is the driving force behind much of the intricate research into APTs and targeted attacks that Kaspersky Lab’s Global Research and Analysis Team has been doing for the last few years, and he has first-hand knowledge of the depth and breadth of the tactics that top-tier attackers are using.

So when Raiu says he conducts his online activities under the assumption that his movements are being monitored by government hackers, it is not meant as a scare tactic. It is a simple statement of fact.

“I operate under the principle that my computer is owned by at least three governments,” Raiu said during a presentation he gave to industry analysts at the company’s analyst summit here on Thursday.

The comment drew some chuckles from the audience, but Raiu was not joking. Security experts for years have been telling users–especially enterprise users–to assume that their network or PC is compromised. The reasoning is that if you assume you’re owned then you’ll be more cautious about what you do. It’s the technical equivalent of telling a child to behave as if his mother is watching everything he does. It doesn’t always work, but it can’t hurt.

Raiu and his fellow researchers around the world are obvious targets for highly skilled attackers of all stripes. They spend their days analyzing new attack techniques and working out methods for countering them. Intelligence agencies, APT groups and cybercrime gangs all would love to know what researchers know and how they get their information. Just about every researcher has a story about being attacked or compromised at some point. It’s an occupational hazard.

But one of the things that the events of the last year have made clear is that the kind of paranoia and caution that Raiu and others who draw the attention of attackers employ as a matter of course should now be the default setting for the rest of us, as well. As researcher Claudio Guarnieri recently detailed, the Internet itself is compromised. Not this bit or that bit. The entire network. We now know that intelligence agencies have spent the last decade systematically penetrating virtually every portion of the Internet and are conducting surveillance and exploitation on a scale that a year ago would have seemed inconceivable to all but the most paranoid among us.

Email? Broken. Mobile communications? Broken. Web traffic? Really broken. Crypto? So, so broken.

It would be understandable, even natural, for most casual observers to have grown so completely overwhelmed by the inundation of stories about government surveillance and exploitation techniques that they tuned it out months ago. Why get worked up about something you can’t change? It’s like getting mad at cake for being delicious.

And that’s exactly the attitude that attackers want. Indeed, they depend on it. Complacency and indifference to clear threats are their lifeblood. Attackers can’t operate effectively without them.

The best response, of course, isn’t panic or indulging the urge to throw your laptop out the window and drop off the grid, as tempting as that might be. Rather, the best course of action is to follow Raiu’s simple advice. You’re being watched at all times; act accordingly.

Image from Flickr photos of Lyudagreen.

Categories: Government, Malware, Web Security

Comments (9)

  1. Anonymous
    1

    Watched at all times… Absolute rubbish…

    By the way, you’re out of milk and that ham in the freezer’s near it’s expiry date.

    Reply
  2. Andy
    2

    As a tech aware, but not tech savvy internet user, I would like some carification of what “act accordingly” means.

    Reply
  3. Stuart Poss
    3

    This doesn’t seem to be very useful advice. With governments being ooposed to one another and each often schizophrenic and having multiple agencies often all working at contradiction with each other, not to mention government behavior changing with each new naked emperor, just what is “act accordingly” supposed to mean? That we should only use the internet to send long strings of random digits to random recipients?

    Reply
  4. Jon
    4

    Ironic that the link points to a faulty SSL certificate.

    This is probably not the site that you are looking for!
    You attempted to reach threatpost.com, but instead you actually reached a server identifying itself as *.wpengine.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of threatpost.com.

    Reply
  5. Shawn
    5

    @Andy.
    The Internet is full of places that make it easy to commit a crime (software/music/movie piracy), look at socially “taboo” subject matter (pornography), or research topics that may be “of interest” to a government entity (too many to list).
    The Internet also gives the average user a sense of “physical” anonymity, meaning that if another user/family member/co-worker/etc. can’t see my screen, I feel protected enough to download/do/look at this stuff. People often feel that they are just another face in a crowd of several million or billion people that are online, “how is the government going to catch just me” is something that I have heard several times.
    Here is what I tell them: “You are allowed to do whatever you wish on the Internet, that is your choice. However, by advised that your employer (if you do this activity at work), you ISP (Internet Service Provider), several government entities, hackers, neighbors, etc. maybe watching what you are doing. If the thought of this embarrasses you or makes you uncomfortable in the fact that these people may know some (or all) of your secrets online, then you shouldn’t do them. Again, you can look or do whatever you choose, but if someone asks you about it, don’t be offended, be able to explain why you did it.”
    That is my interpretation of “act accordingly”.

    Reply
  6. MrColdWaterOfRealityMan
    7

    “Act Accordingly” means that today’s rant or opinion is tomorrow’s evidence for the new American KGB. Until recently, “political” crimes rarely mean punishment or imprisonment. Don’t assume that this will continue indefinitely. When the money is threatened, it will respond with blunt force.

    Until it can’t.

    Reply
  7. NSA
    8

    Absolutely a bunch of baloney. There’s no need to worry. Everything is fine and you are safe. If you do nothing wrong you have nothing to fear. Just go about your business. No, really. No, really, just take another sip out of that black coffee mug right there on your desk, yeah, the one with the terrorist penguin on it. There now, don’t you feel ever so much better?

    Reply
  8. Jon
    9

    This is a fascinating topic, not least because if I were the NSA/GCHQ hybrid I’d be very keen to have people believe I was watching everything they did, all the time, everywhere, as a means of population behavioural control (a la Bentham’s Panopticon). So they plainly have been making big efforts to hack into everything everywhere to give them the capacity for universal monitoring, and I’m no kind of a technician so I don’t know how feasible this is, but I assume it is very feasible.

    Statistically speaking, however, I have some issues – according to http://www.internetworldstats.com/stats.htm, between 2000 and 2012 the number of internet users globally grew by 566.4%, which is to say from 360,985,492 to 2,405,518,376 a global penetration of 34.3% of the population, predicted to rise to 75-85% by 2020. Now we all know that Fort Meade is jammed to the gills with supercomputers and has expanded its’ analytical capacity exponentially through the use of groovy algorithmic programmes, but is it really possible to keep up with that rate of expansion so that you can monitor everyone? Even if you’re sitting astride the web architecture hacking into undersea cables?

    Now, multiply that rate of increase in the number users by the rate of increase in the number of websites – I saw just one stat that suggested in Deecember 2011 the number of websites grew to 555,482,744 sites “giving a rise of 29.5 million (+5.6%)” (http://news.netcraft.com/archives/2011/12/09/december-2011-web-server-survey.html) – nearly 30 million new sites in just one monet. I mean, do the math.. what similarly exponential rate of growth in monitoring and analytical capacity would you need to be able to keep up with that? And that’s just internet users times website visits, never mind increases in the number mirrors, proxy servers and the purely temporary nature of much of the data, of e-mail accounts, tablets/laptops, mobiles and associated accounts which would make those crude statistics vastly more complex in terms of connectivity.

    I’m really not dissing the idea that the ‘Net is owned’ because I know nothing about the technical capacity to achieve these things, but my guess would be that what is actually going on is that the corporate/intelligence hybrid is building the capacity to try and achieve a number of objectives; 1)undertake universal commercial monitoring, to give the OECD (and particularly the ‘Five Eyes’) a virtually unassailable competitive advantage; 2) undertake the monitoring of civil society on a global basis as corruption and climate change start to produce widespread civil disturbances and the overthrow of governments and 3) (as a minor issue) keep an eye on the tiny core of jihadis to throw as bones to the media and politicians to justify vast and increasing expenditure…

    After all, we understand that there is a ‘Dark net’/'Deep Web’ of some kind, located on servers and botnets but still dependent on customers and delivering things and people paying for stuff; how could that operate if the NSA and others have the capacity that is claimed for them, unless they’re allowing it do do so to conceal that capacity(which is another story..)? An NSA with this capacity could presumably make online child pornography extinct overnight, for instance, and how would the Silk Road have been able to operate? I would genuinely like to hear from anyone with knowledge of these issues.

    My suggestion would be that the NSA is genuinely completely uninterested in your visits to roundandbrown.com *unless* you happen to be on its list of people of interest. My guess would be that the vast mass of this incalculable quantity of data will remain stored somewhere but never used and probably not useable, until storage problems get it deleted. Just guessing, though!

    Reply

Leave A Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>