INTRODUCTION

“Cyberwarfare” … “Cyberattacks” … “Cyber espionage” – one cannot turn on a television set or open a newspaper without seeing these disturbing headlines. And indeed, the problem is serious. The news about “Stuxnet,”¹ “Night Dragon,”² and “Aurora”³ attacks got the world worried about the vulnerability of global defense and industrial and financial infrastructures. The disruption of these systems could halt not just these institutions, but ultimately impede our entire networked civilization.

There is a perception that these attacks are carried out by sophisticated, often rogue, state-sponsored forces. While some of this perception is indeed based on reality, such as China’s organized 9 to 5 hacking⁴ or the sophisticated nature of the Stuxnet worm, many cyberattacks use relatively unsophisticated means. In fact, some of the toolkits to create viruses, botnets (defined later in this book), spyware, and other types of malware can be downloaded from the Web for free, or purchased for a low fee. The retailers of these tools function as legitimate businesses, and even provide 24/7 technical support for their products. This software can cause a lot of damage to civil and defense organizations alike.

The emergence of the underground market of malware toolkits and malware applications made committing cybercrimes easier for the run-of-the-mill thieves and bank robbers who previously did not have the level of sophistication and the computer knowledge to do so. What are these toolkits? Where do they come from? Who makes them and who buys them?

The lines between cyberwarfare, cybercrime, cyber espionage, and cyberterrorism are blurred. Offensive cyber operations are defined as:

operations to manipulate, disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computer net-work[sic] itself, or to gain control over the computer or computer network.⁵

With the availability of the commercial malware and malware toolkits, these activities are no longer limited to state-sponsored cyber forces, or even sophisticated technically savvy rogue hackers – anyone with intent and persistence can do it. Can commercially available malware become a secret weapon in cyberwarfare?

The purpose of this pocket guide is to bring to light the danger of commercially available malware tools and toolkits. In this pocket guide I will describe these malware toolkits and their producers and consumers. I will also explore commercial off-the-shelf (COTS) software tools that are not intended to be used as “hacking” tools, but could be used as such. I will discuss the implications of “malware for sale” in the context of a cyber conflict, and what it takes to fight back against this problem.

The information in this book is a result of extensive research that would not have been possible without the AKOTA document prioritization system from AKOTA Technologies (www.akotatech.com).

¹Stuxnet is a Windows^® computer worm, discovered in July 2010, which targets industrial software and equipment. From: McAfee^® Foundstone^® Professional Services and McAfee Labs™. “Global Energy Cyberattacks: “Night Dragon”.” McAfee. February 10, 2011. www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-night-dragon.pdf (accessed April 23, 2011).

² Night Dragon is “coordinated covert and targeted cyberattacks [that] have been conducted against global oil, energy, and petrochemical companies.” From ibid.

³ Chinese hack-attack which started in mid-2009 and continued through December 2009, attacking Google™ networks. From ibid.

⁴ Harris, Shane. “China’s Cyber-Militia.” National Journal. May 31, 2008. http://nationaljournal.com/magazine/china-s-cyber-militia-20080531 (accessed April 20, 2011).

⁵ HPCR Manual on International Law Applicable to Air and Missile Warfare. Program on Humanitarian Policy and Conflict Research, Harvard University. 2010. http://www.ihlresearch.org/amw/manual/section-a-definitions/m (accessed May 27, 2011).