The Cold War between the USA and Russia may have ended two decades ago but a new frosty conflict between America and China together with North Korea has emerged on the digital frontier, according to McAfee’s US chief security officer (CSO).
Brett Wahlin, a former North Atlantic Treaty Organisation (NATO) counter intelligence agent, told Computerworld Australia that the RSA token hack in March this year – where the token information was used to infiltrate US defence contractor Lockheed Martin – used the same espionage tactics he encountered while serving as an agent from 1987 to 1991 with the US army for NATO.
Although Wahlin did not reveal which country was behind the attack, he suspected that the communist-led governments of China and North Korea had the resources – and the most to gain – from infiltrating Lockheed Martin.
“Instead of dealing with paper copies of classified documents that get passed at dead drops [secret locations] by agents, we're dealing with digital information such as source codes that can be analysed to fit in an overall scheme,” he said.
“It seems the targets like Lockheed Martin are starting to get softened up.
“This isn’t the end game; there is something bigger coming down the pipe and what we are seeing right now is a prelude to that.”
“There could be a new warfare doctrine been created.
“I was in that world [NATO] for so long that when it looks and feels like a Cold War, there may be something else going down."
Wahlin pointed out that the RSA token hack, along with another hack traced back to China called Night Dragon, did not appear, at least on the surface, to be done for monetary gain.
"I think those attacks are linked to a cyber Cold War because who gained financially from Night Dragon?” he said.
“There was not a series of bank accounts that you could take money out of and why else would someone steal token seed files from RSA unless they wanted to go after its defence/government customers like Lockheed Martin?
“Countries such as China might be looking to get Lockheed Martin’s military design plans.”
While Night Dragon has remained underground since the initial attack, Wahlin said McAfee was keeping an eye out for more attacks that used it.
"Night Dragon will be out there as long as it has a host to come in and infect,” he said.
“The actual specific sets of malware that, where involved in Night Dragon and the concept, involved with something like it continue.
“We are seeing more and more cases and big samples of malware that are going after everything from infrastructure like Night Dragon to security companies like RSA."
Keeping on the Cold War theme, Wahlin also suspects hacktivist groups like Anonymous may eventually turn into cyber mercenaries, working for the highest bidder.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.