McAfee US chief security officer,Brett Wahlin.
The Cold War between the USA and Russia may have ended two decades ago but a new frosty conflict between America and China together with North Korea has emerged on the digital frontier, according to McAfee’s US chief security officer.
Brett Wahlin, a former North Atlantic Treaty Organisation (NATO) counter intelligence agent, told Computerworld Australia that the RSA token hack in March this year – where the token information was used to infiltrate US defence contractor Lockheed Martin – used the same espionage tactics he encountered while serving as an agent from 1987 to 1991 with the US army for NATO.
Although Wahlin did not reveal which country was behind the attack, he suspected that the communist-led governments of China and North Korea had the resources – and the most to gain – from infiltrating Lockheed Martin.[ With the increasing threat of cyber crimes, protect yourself and stay informed on the latest news with Computerworld's Security newsletter ]
“Instead of dealing with paper copies of classified documents that get passed at dead drops [secret locations] by agents, we're dealing with digital information such as source codes that can be analysed to fit in an overall scheme,” he said.
“It seems the targets like Lockheed Martin are starting to get softened up.
“This isn’t the end game; there is something bigger coming down the pipe and what we are seeing right now is a prelude to that.”
“There could be a new warfare doctrine been created.
“I was in that world [NATO] for so long that when it looks and feels like a Cold War, there may be something else going down."
Wahlin pointed out that the RSA token hack, along with another hack traced back to China called Night Dragon, did not appear, at least on the surface, to be done for monetary gain.
"I think those attacks are linked to a cyber Cold War because who gained financially from Night Dragon?” he said.
“There was not a series of bank accounts that you could take money out of and why else would someone steal token seed files from RSA unless they wanted to go after its defence/government customers like Lockheed Martin?
“Countries such as China might be looking to get Lockheed Martin’s military design plans.”
While Night Dragon has remained underground since the initial attack, Wahlin said McAfee was keeping an eye out for more attacks that used it.
"Night Dragon will be out there as long as it has a host to come in and infect,” he said.
“The actual specific sets of malware that, where involved in Night Dragon and the concept, involved with something like it continue.
“We are seeing more and more cases and big samples of malware that are going after everything from infrastructure like Night Dragon to security companies like RSA."
Keeping on the Cold War theme, Wahlin also suspects hacktivist groups like Anonymous may eventually turn into cyber mercenaries, working for the highest bidder.
In a 2009 report, entitled Virtually Here: The Age of Cyberwarfare, McAfee's research found that the July 4 2009 cyber attacks against South Korea and the United States, in which North Korea was the suspected aggressor, may have been carried out by hired cyber criminals.
"If you get more organisations like Anonymous forming, then it becomes like the Mafia,” Wahlin said.
[ With the increasing threat of cyber crimes, protect yourself and stay informed on the latest news with Computerworld's Security newsletter ]
“They don’t have borders and they can move into threat and terrorism where they instil fear.
“People don’t want to go up against them because they’re not quite sure who they are dealing with.
"They [Anonymous] have notoriety because of WikiLeaks, but there are other groups who could band together for political reasons.
"I think we will see groups like Anonymous become hackers for hire that could be contracted to go and do damage to others."
After leaving the military in 1991, Wahlin worked his way into the corporate world with IT companies such as Intel. Eventually his "bent for security" led him to the role of chief information security officer at Los Alamos National Laboratory before joining McAfee in 2009.
“Information security has similar things going on to what we learned in those days,” Walin said.
“The technology is different but there are basic principles in security that you still have to follow.”
Part of Wahlin's work as chief security officer and vice president of IT involves keeping an eye on his own staff, some of whom are ethical or white hackers.
“People goofing around in the system could be the potential for a threat and we also get our fair share of attention from outside hackers, especially given there have been so many threats on security vendors such as RSA,” he said.
Even hacker group Anonymous has tried to break into McAfee, but Wahlin said they have been unsuccessful so far.
"System admins definitely have the potential for threats because they have access to sensitive information,” he said.
"We are also concerned about staff in our engineering teams so we have begun a process to help us with upping the ante.
“We’re doing a McAfee internal security clearance, basically we borrow what the US government has done such as doing the background checks to find if there are any warning signs that may suggest they could be an internal threat.”
After dealing with Russian spies in his former life, you can be sure Wahlin will be personally in charge of those checks.
Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU