The Stuxnet worm, which brought a large part of the Iranian nuclear programme to a standstill, was just the beginning. The Stuxnet is so complex that many believe a foreign government was behind the attack, probably the US and Israel together. China is also believed to carry out in cyber sabotage. Nowadays, every conflict has a cyber element, says Aart Jochem from the Dutch government’s GovCERT, the Cyber security and Incident Response Team:
*“You see certain conflicts are being fought and are reinforced by attacks on the internet. You see it with WikiLeaks, in which the conflict between the US and WikiLeaks is manifested in all kinds of cyber conflicts.”*
The era of fun computer viruses is over, says Mr Jochem. *“At the end of the eighties you saw a little figure cross your screen and jumble up what was on it.”* Now organised crime has tens of thousands of forms of malware. They can do anything from emptying internet accounts to threatening government systems.
These days, being a cyber criminal can be a full time job. They work hard to evade the investigators, and earn more than they would in the drugs trade. Meanwhile, GovCERT is also working overtime. It doesn’t have investigative powers, but works closely with the police and Public Prosecution Office and uses the expertise of anti-virus companies to limit damage.
You don’t have to do something stupid to get a computer virus, says Eddy Willems of the anti-virus company G Data.
*“Even the internet is a threat. It sounds stupid, but all you have to do is enter an infected website and you’ve got problems. Where floppy disks used to be used to spread viruses now it’s done via USB sticks. They are just as dangerous or even more dangerous. And then there’s the threat to large companies, organisations or even governments called cyber espionage or cyber sabotage.”*
There are around 200 CERT teams in 43 countries around the world. Each works for a specific group, such as governments or hospitals. The Netherlands, well-known as a hub of cyber technology, is using its vast expertise to help others. The Dutch helped South Africa set up a CERT team and Dutch software is being used by 20 countries to spot new threats on the internet. Likewise, other countries pass their information on to the Dutch.
*“This helps you catch up with the cyber criminals, who also cooperate internationally. If you had to develop it yourself, you wouldn’t be able to keep up the pace.”*
Nevertheless the chance of catching cyber criminals is small. As a result they are becoming more professional and are setting their sights on new targets.
Public services have become more aware than ever before how vulnerable they are, says Mr Jochem.
*“You see they are behind in technology and software updates. In the old days that wasn’t a problem because their systems were not connected to the internet and were therefore difficult to infect. But Stuxnet shows that even these systems could be infected.”*
The danger is that updates can cause systems to malfunction, because new software is not compatible. According to Mr Jochem, the risks and the costs have to be considered. But even if all software is replaced, it is out of date within a year. It’s a continuous process and nothing is 100 percent secure.