Home » Cyber » Cyber Security Center » Cyber Threat Matrix

Cyber Threat Matrix

by Ward Carroll on December 17, 2007

cyber-threat-matrix.jpg

With 120 countries now in the cyber arms race, intelligence agencies around the world are working to assess their offensive and defensive cyber capabilities. Developing cyber weapons does not require the massive infrastructure usually associated with conventional arms. A couple of PCs and a couple of smart programmers and you have all you need to create a cyber weapon.

Advanced Data Weapons have unique capabilities that make their detection and elimination much more difficult than conventional viruses and trojans.

 Self morphing malicious code applications

 Electronic circuitry destruction capabilities

 Self encrypting / decrypting of malicious code

 External disruption capacity of wireless networks

 Exploitation of unreported vulnerabilities in common commmercial software

Working with Intelomics and Spy-Ops, two international cyber security companies, we were able to collect enough data to construct the high level cyber threat matrix featured above.

As with the conventional arms race, countries with significant defense spending have taken the lead in the cyber arms race. But that trend is rapidly changing. In the past few years malicious code with advanced features has been created for under $3,500 USD. We are beginning to see the emergence of cyber arms dealers. The cost of cyber weapons are in range of poor and developing countries.

Question: who is more dangerous in the cyber weapons race nation states of a single rogue hacker?

Kevin Coleman

Share |

{ 10 comments… read them below or add one }

C December 17, 2007 at 3:31 pm

what i’m wondering is why they keep using the word “cyber” to denote software-based “weapons”.

Reply

The Cenobyte December 17, 2007 at 3:56 pm

A single rogue hacker is less likely to cause problems than a group. However groups of hackers do not have to be from nation states, they are in fact far more likely to not be nation states. I would suggest that these people, often for higher are more dangerous than the nation states themselves for the same reasons mercs. are almost always more dangerous.

Reply

D December 17, 2007 at 3:56 pm

Sounds intelligent but isn’t

Reply

az December 17, 2007 at 5:03 pm

To me as a software engineer this article is simply ludicrously grotesque and has nothing whatsoever todo with reality.
It’s an embarassing display of stark raving incompetence.

Reply

Brian December 17, 2007 at 5:13 pm

Aaargh! Make it where I can read it! Little picture equals fading interest.

Reply

Curtis December 17, 2007 at 11:10 pm

A lone hacker is not that great a threat. A small group of hackers aren’t that great a threat, the difference is when you throw in human or onsite intelligence. Government cyberwarfare teams are slowed down by bureaucracy when it comes to synchronizing with other forms of intelligence.
IE Suppose an angry employee at a large corporation who’s just dying to release some crippling backdoor tricks on his employee. A nation would send in a KGB or CIA style “Spook” to make contact and get the intel. Then thirteen bureaucrats would have to sign off to allow the cyber team access to the info, with additional regs written in to maintain the cloak of Plausible deniability. The spy agency would want more rules to protect their spy and his source. The hackers can just walk up to the guy personally and get the info. Or they can go dumpster diving behind the corporations’ headquarters, or any other numbers of intel. The government operated Cyber team wouldn’t be allowed to do all that stuff, because that would be encroaching on other agencies turfs. They’d have their computers, and nothing else.
A government has the advantage of size and resources. The individual (or independent group of individuals) has the advantage of speed and most importantly, agility. They don’t have a big set of rule books to play by, no higher ups looking over their shoulders, no Bureaucracy. They also have a much easier time keeping thier secrets, as only the absolutely critical number of people are informed as to what exactly is going on.

Reply

Spy Guy December 18, 2007 at 4:55 pm

I say Kevin’s presentation at SecTor in November and it opened my eyes. The feedback at the conferences indicates this is a real and current issue. Does anyone know if it is illegal to create a cyber weapon. If not the black market for this type of code would be huge and draw the interest of those seeking to make quick money.

Reply

Kevin Coleman December 19, 2007 at 9:28 am

A few thoughts. First ever consider the concept of malicious code being placed on a computer when the hard disk is imaged at the manufacturer? It happend to over 1,800 Seagate external hard drives earlier this year! Now take that out to a several million devices. The discuption and loss of confidence could trigger a massive sell off in the stock markets.

Reply

stephen russell December 31, 2007 at 12:22 am

Should be in every Best Buy store etc showing the effect Hacking has on Web services
& force more Industry wide changes.
Make Info acessable to the Public.
Must know & for all Geek Squads alone.
& all ISPs, Webhosting, Website developers etc.
VitalInfo.

Reply

Adv.DeepaMadhu February 21, 2008 at 1:44 am

you havent given a clear explanation for cyber arm.I think it will make the article more informative.

Reply

Leave a Comment

Previous post:

Next post: