A British intelligence agency warns cyber attacks on the UK government are on the rise, ahead of a major summit on cyber-warfare. But an expert tells Channel 4 News the summit will be “superficial”.
Iain Lobban, of the Government Communications Headquarters (GCHQ), said that the increasing frequency of the cyber attacks represented a major threat to the UK’s “continued economic wellbeing”.
Mr Lobban said sensitive data on government computers had been targeted, including “one significant (but unsuccessful) attempt on the Foreign Office… this summer”, along with defence, technology and engineering firms’ designs.
“The volume of e-crime and attacks on government and industry systems continues to be disturbing,” he said of attacks on Britain, which is putting £650m into preventing attacks over the next four years.
Mr Lobban added that his department has observed the growth of a cyber black market, where money is exchanged for sensitive details, such as welfare and tax databases.
“We are witnessing the development of a global criminal marketplace – a parallel black economy where cyber dollars are traded in exchange for UK citizens’ credit card details,” he said.
Foreign Secretary William Hague added: “Countries that cannot maintain cyber security of their banking system, of the intellectual property of their companies, will be at a serious disadvantage in the world.”
Mr Lobban’s comments came ahead of a London conference on cyber security, which will draw together global political leaders, including including US Secretary of State Hillary Clinton and senior representatives from China, Russia and India, along with technology experts.
Channel 4 News entered an internet relay chatroom (IRC), forums often used by hacking groups such as Anonymous and the now defunct LulzSec, and hackers said they intended to send distributed denial of service (DDoS) attacks to the GCHQ websites and that of the conference itself.
The conference will focus on international cooperation on tackling cyber criminality, but analysts say the conference is unlikely to yield a consensus because of suspicions that some major cyber attacks are carried out by governments themselves.
In addition to well publicised and notorious exploits of hacking collectives like LulzSec, the last year has seen a significant increase in reported cyber attacks linked to governments, from apparent attempts at data theft at the International Monetary Fund and elsewhere, often blamed on China, to the Stuxnet computer worm attack on Iran’s nuclear programme linked to Israel and the United States.
And on the eve of the conference, Beijing rejected the claim, by the US-China Economic and Security Review Commission, that China may have been responsible for hacking incidents on US environment-monitoring satellites.
At least two such satellites were interfered with four or more times in 2007 and 2008 via a ground station in Norway, and China’s military is a prime suspect, according to the draft report to Congress.
The suggestion provoked a terse reaction from Chinese Foreign Ministry spokesman Hong Lei, who claimed “(the committee) has always been viewing China with coloured lenses… this report is untrue and has ulterior motives. It’s not worth a comment.”
Mr Hong added that China “is also a victim of hacking attacks and will oppose any form of cyber crime, including hacking.”
Professor Peter Sommer, an expert on computer security and cyber-terrorism from the London School of Economics (LSE), told Channel 4 News: “The conference is not going to address directly the rules of engagement for cyber offence; those discussions take place out of the public gaze in the major think tanks. I think this conference is just going to glide very, very superficially over some very difficult issues and probably not come to any useful conclusions.”
Prof Sommer expressed concern that the conference involving high-ranking members of state from the across the world could be wasted because its ambitions are too broad.
“We are going over old ground. I would have preferred the ambitions to be much more limited,” he said.
“One of the things we could be doing, for example, is getting a general agreement to protect the essential resources of the internet – everyone agrees that that’s necessary – we could be saying something about protecting humanitarian resources, medical resources on the internet. That’s much more achievable.”
Meanwhile, Facebook also chose to make a cyber attack-related announcement on the eve of the conference.
It revealed that the social networking website receives some 600,000 log-ins per day from imposters attempting to access users’ messages, photos and other personal information.