Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

On the Internet, no one knows you're an authoritarian government

Paul Roberts | Nov. 9, 2012
Our penchant for speaking euphemistically about those we believe to be responsible for cyberattacks has led to a state of utter confusion. It's time to stop.

After all, what has really changed in two years? Google went from alerting users about "suspicious log-ins" from foreign countries, to alerting them and naming those countries without ascribing any motive to the attack ("Your account was accessed from China"), to alerting them, naming the country and warning that the hack might be part of a "nation-based" attack -- as if your average Gmail user has any clue what that means, or why they should care.

Nowhere is the penchant for euphemism more evident than in the now-widespread use of the term "APT" or "advanced persistent threat." Almost unknown outside of military and intelligence circles three years ago, APT now graces the pages of countless marketing brochures and Web pages for IT security firms. Formulated as a way for individuals within the military to talk about sophisticated and deeply rooted compromises with links to nation-state actors like China and Russia, the term has grown to encompass all manner of threats: from cybercriminal botnets to the Stuxnet worm. In short: APT means everything and nothing. It's the perfect cyber foil: scary sounding but vague. It's ready-made for marketing collateral, if not to explaining who- or what was behind an attack.

Those in the know, like Richard Beijtlich of the firm Mandiant, cautioned all along that APT wasn't some catch-all term. APTs, Bejtlich argued, were a "who" with specific state actors in mind, not a loosely defined "what." The term shouldn't be used interchangeably with other online scourges like spam, phishing and botnets, he said. Not that anyone listened.

Now, after beating the APT drum for years, the industry seems ready to move on. As Google's ever-shifting alerts suggest: The new mantra isn't APT, but "state-sponsored attacks" or, as Bejtlich calls them "state-serving adversaries." That sits well with the zeitgeist inside the Washington D.C. beltway, which is eager to point the finger of blame at shadowy actors in the Middle Kingdom while turning a blind eye to the ever-sensitive topic of what steps the U.S. government and private sector are (or -- more accurately -- are not) taking to protect their IT assets and staff. But it's hard to see how piling on more euphemisms like "state serving adversaries" does much to clarify our understanding of current attack methods or how to combat them.

Yes, Google now says it has better methods to spot nation-state sponsored hacks (and thus more victims to warn). There's evidence that the latest attacks are more diverse -- some coming from the Middle East, in addition to China. And, I suppose that calling the compromises "nation-backed' attacks is progress, of a sort -- a baby step in the direction of more transparency as to motive and origin. But what proof does Google have? The company said it "can't go into the details" of how it knows the attacks are nation-state backed "without giving away information that would be helpful to these bad actors." How convenient.

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.