Cyber Threat Matrix

cyber-threat-matrix.jpg

With 120 countries now in the cyber arms race, intelligence agencies around the world are working to assess their offensive and defensive cyber capabilities. Developing cyber weapons does not require the massive infrastructure usually associated with conventional arms. A couple of PCs and a couple of smart programmers and you have all you need to create a cyber weapon.

Advanced Data Weapons have unique capabilities that make their detection and elimination much more difficult than conventional viruses and trojans.

 Self morphing malicious code applications

 Electronic circuitry destruction capabilities

 Self encrypting / decrypting of malicious code

 External disruption capacity of wireless networks

 Exploitation of unreported vulnerabilities in common commmercial software

Working with Intelomics and Spy-Ops, two international cyber security companies, we were able to collect enough data to construct the high level cyber threat matrix featured above.

As with the conventional arms race, countries with significant defense spending have taken the lead in the cyber arms race. But that trend is rapidly changing. In the past few years malicious code with advanced features has been created for under $3,500 USD. We are beginning to see the emergence of cyber arms dealers. The cost of cyber weapons are in range of poor and developing countries.

Question: who is more dangerous in the cyber weapons race nation states of a single rogue hacker?

Kevin Coleman

  • C

    what i’m wondering is why they keep using the word “cyber” to denote software-based “weapons”.

  • The Cenobyte

    A single rogue hacker is less likely to cause problems than a group. However groups of hackers do not have to be from nation states, they are in fact far more likely to not be nation states. I would suggest that these people, often for higher are more dangerous than the nation states themselves for the same reasons mercs. are almost always more dangerous.

  • D

    Sounds intelligent but isn’t

  • az

    To me as a software engineer this article is simply ludicrously grotesque and has nothing whatsoever todo with reality.
    It’s an embarassing display of stark raving incompetence.

  • Brian

    Aaargh! Make it where I can read it! Little picture equals fading interest.

  • Curtis

    A lone hacker is not that great a threat. A small group of hackers aren’t that great a threat, the difference is when you throw in human or onsite intelligence. Government cyberwarfare teams are slowed down by bureaucracy when it comes to synchronizing with other forms of intelligence.
    IE Suppose an angry employee at a large corporation who’s just dying to release some crippling backdoor tricks on his employee. A nation would send in a KGB or CIA style “Spook” to make contact and get the intel. Then thirteen bureaucrats would have to sign off to allow the cyber team access to the info, with additional regs written in to maintain the cloak of Plausible deniability. The spy agency would want more rules to protect their spy and his source. The hackers can just walk up to the guy personally and get the info. Or they can go dumpster diving behind the corporations’ headquarters, or any other numbers of intel. The government operated Cyber team wouldn’t be allowed to do all that stuff, because that would be encroaching on other agencies turfs. They’d have their computers, and nothing else.
    A government has the advantage of size and resources. The individual (or independent group of individuals) has the advantage of speed and most importantly, agility. They don’t have a big set of rule books to play by, no higher ups looking over their shoulders, no Bureaucracy. They also have a much easier time keeping thier secrets, as only the absolutely critical number of people are informed as to what exactly is going on.

  • Spy Guy

    I say Kevin’s presentation at SecTor in November and it opened my eyes. The feedback at the conferences indicates this is a real and current issue. Does anyone know if it is illegal to create a cyber weapon. If not the black market for this type of code would be huge and draw the interest of those seeking to make quick money.

  • Kevin Coleman

    A few thoughts. First ever consider the concept of malicious code being placed on a computer when the hard disk is imaged at the manufacturer? It happend to over 1,800 Seagate external hard drives earlier this year! Now take that out to a several million devices. The discuption and loss of confidence could trigger a massive sell off in the stock markets.

  • stephen russell

    Should be in every Best Buy store etc showing the effect Hacking has on Web services
    & force more Industry wide changes.
    Make Info acessable to the Public.
    Must know & for all Geek Squads alone.
    & all ISPs, Webhosting, Website developers etc.
    VitalInfo.

  • Adv.DeepaMadhu

    you havent given a clear explanation for cyber arm.I think it will make the article more informative.