#DEFCON Government Attacks and Surveillance Continue to Increase

#DEFCON Government Attacks and Surveillance Continue to Increase

Speaking at DEFCON to deliver research on “a comprehensive list of Nation-State Big Brothers,” security researcher Eduardo Lzycki said that there had been an increased number of governments both censoring and shutting down online services, as well as acquiring cyber espionage and offensive tools.

Saying that the internet was something that “people gathered around as a common idea without a top down authority,” his research – done with colleague Rodrigo Colli – found that the “most active actor in cyber space is states doing things – attacking – and [conducting] attacks against other states and other groups.”

Drawing from five sources: academia and NGOs, data leaks, censorship and transparency reports, Lzycki said that what they had seen showed that 55% of attacks had some sort of state-sponsored level of attribution, from 402 single APT groups, which includes 19 countries with “a state sponsored threat.” Showing the map below, Lzycki said that that it was interesting to see how diffused the number of actors were.

“When you look at the types of targets, it is interesting to notice that in 46 cases we had political targets: opposition parties, NGOs, and in the first place ahead of military and diplomatic targets was evidence that attacks were directed to political targets.”

The research further showed that 71 countries acquired offensive solutions, and Lzycki and Colli were able to identify the user or buyer in 41 cases, which they said was typically military and defense.

Speaking on the research around censorship and government shutdowns of social media, Lzycki said that they detected 40 countries who had an examples of censorships, and 74% of which (32 countries) where a shutdown reached the national level.

He said that 54.9% of people live in countries which have been attacked, and 56.7% of users were subject to shutdowns. Also, 92.2% of countries have some sort of offensive capability.

Source: Information Security Magazine