Thursday, August 23, 2012

Is the US government helping cyber crooks?

As the U.S. government defends our interests and technology in the escalating global cyberwar, could it inadvertently be handing cyberweapons to criminals?

Last week, security firm Kaspersky hinted that such a nightmare situation may have taken one step closer to reality. Kaspersky revealed that a sophisticated program had been used to record instant messaging and social networking logins and bank account information and passwords -- including targets such as Citibank and PayPal accounts -- on some 2,500 infected PCs.

It may have been based on the Stuxnet cyberweapon widely attributed to the U.S.

This program, dubbed Gauss, raised alarms for its financial focus: Rather than trying to disrupt nuclear lab equipment or steal cruise missile plans it seemed devised for monetary gain, the very goal of cybercriminals worldwide.

"There's no doubt in our mind that the authors [of Gauss] needed to have access to that [Stuxnet] source code to create this malware," Roel Schouwenberg, senior researcher at Kaspersky Lab, told "Therefore, we're convinced this is coming from the same factory which created Stuxnet."

"The only alternative is that the source code has been leaked or stolen, which is an extremely scary scenario."

No comments: