Security Specialists Support Cyberwarfare

"Nuke 'em."

That's the surprising -- albeit paraphrased -- finding of a recent survey conducted by Sophos, asking information security aficionados for their perspective on so-called cyberwarfare, and whether or not they think nation states have a right to spy on or attack each other online.

The survey results were detailed by Sophos Tuesday in a report outlining information security trends for the first half of 2010.

Interestingly, nearly two-thirds of the more than 1,000 people surveyed -- visitors to the Sophos website, all -- think that government-backed online spying, hacking, or surreptitious malware installs are acceptable.

In addition, 49% of respondents think that "crippling denial of service attacks against another country's communication or financial websites" is okay during wartime, and 7% think it's acceptable during peacetime, too. Furthermore, 9% say their country should be able to hack into foreign companies and spy -- for economic advantage -- during peacetime, jumping to 32% during wartime.

The Sophos survey theme was sparked by the prevalence of attacks in the first half of 2010 which may have been government-initiated, such as Operation Aurora, in which Google accused Chinese hackers of infiltrating its systems to hack the e-mail accounts of Chinese human rights activists.

A related trend has been "the actions of so-called hacktivists, who are sympathetic to the goals of certain nations, but who act semi-independently of them," said Richard Wang, manager of SophosLabs U.S. These groups' activities may include hacking into Twitter pages or defacing websites, which is what a group calling itself the Iranian Cyber Army did to a Chinese search engine in January. "Now, it's unclear whether that's directly related to the nation of Iran, or if it's just people sympathetic to their position," said Wang. Same goes for Aurora.

Popular opinion aside, that known unknown highlights the difficulty of any "strike back" cyberwarfare doctrine. Namely, correctly identifying an attacker is often impossible.

"Even if you can trace the machine attacking you, it's very likely not going to be owned by the person who's attacking you. No one's going to be using their own PC for this type of activity," said Wang. Indeed, why not just rent a botnet?

The same goes for malware distribution. Here, the United States leads the world, with 42% of all malware originating from the U.S., versus just 11% from the closest competitor, China, followed by Russia (6%), Germany (5%), and France (4%), according to Sophos.

Why does so much malware come from the United States? "If the hackers are trying to attack people for financial gain, then they want to be looking for people in the most affluent areas," said Wang. Furthermore, attackers often try to hack websites and PCs local to their targets. But most malware emanates from compromised PCs and servers, and while they may overwhelmingly target U.S. residents, they're also attacking PCs and servers outside the country.