Most Think Cyber Espionage Is Acceptable: Security Report
Security software vendor Sophos' midyear Security Threat Report uncovers users' cavalier attitude about cyber warfare.
Everyone seems to agree that malware and unprovoked hacking are universally bad, but the latest survey from security software vendor Sophos shows that most people have no problem with their government using similar techniques to infiltrate the networks of targeted private companies and other governments.
The Sophos 2010 Security Threat Report (PDF format) queried 1,077 U.S. computer users, asking them whether or not they thought spying via hacking or malware attacks is an acceptable practice if the companies or websites were deemed "legitimate" targets by their government.
Almost two-thirds of those surveyed said they think it's acceptable for their country to spy on other nations by hacking or installing malware. Twenty-three percent said it was justifiable to do at "any time" while 40 percent said it was only OK during wartime. Only 37 percent said it was unacceptable under any circumstance.
One in 14 respondents said they believe it's perfectly fine to launch devastating denial of service attacks (DDoS) against another country's communications or financial websites during peacetime.
This somewhat ruthless attitude toward international cyber espionage comes in the wake of several high-profile cyber attacks. Those included Operation Aurora, an assault thought to have been launched from China and targeting some of the largest and most important U.S. technology firms including Google (NASDAQ: GOOG), Intel (NASDAQ: INTC) and Adobe Systems (NASDAQ: ADBE).
"Its perhaps surprising that so many people seem to think that using the Internet as a tool for spying, or even as a weapon, is acceptable practice," Graham Cluley, a senior technology consultant at Sophos, said in the report. "After all, by giving the green light to these kinds of activities, you'd also have to expect to be on the receiving end, too. Maybe yours will be the next company probed by an overseas power?"
While one in 14 gave a thumbs-up to DDoS attacks in any circumstance, the vast majority weren't quite ready to go that far. Forty-nine percent said the attacks were acceptable in wartime while the remaining 44 percent said they were never acceptable.
However, according to the survey, 32 percent said they believe countries should be allowed to plant malware and hack into private foreign companies in order to spy for economic advantage.
Top Malware Hosts
Meanwhile, the U.S. is still perched atop the list of malware-hosting countries through the first six months of the year.
According to Sophos, the U.S. hosted 42.3 percent of all the world's malware between January and June, more than four times as much as second-place China (10.8 percent). Russia checked in at 6 percent, followed by Germany (4 percent) and France (3.9 percent).
Rounding out the rest of the Top 10 malware-hosting nations are the U.K., Italy, the Netherlands, Turkey and Iran.
"Although website owners in the United States clearly have a lot of cleaning up to do, France, Italy, and the Netherlands have all joined this Top 10 since the start of the year, so its far from an isolated problem," Cluley added. "The biggest issue is that a lot of these websites are legitimate ones that have been targeted by hackers -- businesses could end up infecting their customers, leaving them open to fraud."
By Keith Vance
June 25, 2010
The Obama administration's leadership is motivating colleges and universities to step up and train an army of cyber warriors.