362 Part Two  Information Technology Infrastructure



                Information Security Threats and Policies in Europe

                                                   CASE STUDY

        T        he IT sector is one of the key drivers of   in the Ministry of Defense, the city of Manchester’s
                 the European economy. It has been esti-
                                                             city council and police IT network, some hospitals
                                                             in the city of Sheffield, and other government offices
                 mated that 60 percent of Europeans use
                 the Internet regularly. Additionally, 87 per-  across the country. Computers in the network of the
        cent own or have access to mobile phones. In 2009,   German army were also reported as infected. Once
        the European broadband market was the largest in     installed on a computer, Conflicker is able to down-
        the world. These facts demonstrate the importance    load and install other malware from controlled Web
        of ensuring the security and safe operation of the   sites, thus infected computers could be under full
        Internet for the well-being of the European economy.   control of the hackers.
        The safety and security of the Internet have been      More recently, a sophisticated malware threat tar-
        threatened in recent years, as Internet-based cyber   geting industrial systems was detected in Germany,
        attacks have become increasingly sophisticated.      Norway, China, Iran, India, Indonesia, and other
           In 2007, Estonia suffered a massive cyber attack that   countries. The malware, known as Stuxnet, infected
        affected the government, the banking system, media,   Windows PCs running the Supervisory Control and
        and other services. The attack was performed using   Data Acquisition (SCADA) control system from the
        a variety of techniques, ranging from simple indi-   German company Siemens. Stuxnet was propagated
        vidual ping commands and message flooding to more    via USB devices. Experts estimated that up to 1,000
        sophisticated distributed denial of service (DDoS)   machines were infected on a daily basis at the peak
        attacks. Hackers coordinated the attack by using a   of the infection. The malware, hidden in shortcuts
        large number of compromised servers organized in     to executable programs (files with extension .lnk),
        a botnet distributed around the world. A botnet is a   was executed automatically when the content of an
        network of autonomous malicious software agents      infected USB drive was displayed. Employing this
        that are under the control of a bot commander. The   same technique, the worm was capable of installing
        network is created by installing malware that exploits   other malware. Initially, security experts disclosed
        the vulnerabilities of Web servers, operating systems,   that Stuxnet was designed to steal industrial secrets
        or applications to take control of the infected comput-  from SIMATIC WinCC, a visualization and control
        ers. Once a computer is infected it becomes part of a   software system from Siemens. However, data gath-
        network of thousands of “zombies,” machines that are   ered later by other experts indicates that the worm
        commanded to carry out the attack.                   was actually looking for some specific Programmable
           The cyber attack on Estonia started in late April   Logic Controllers (PLC) devices used in a specific
        2007 and lasted for almost 3 weeks. During this      industrial plant, a fact that points to the possibil-
        period, vital parts of the Estonian Internet network   ity that the malware was part of a well-planned act
        had to be closed from access from outside the coun-  of sabotage. Even though none of the sites infected
        try, causing millions of dollars in economic losses.  with Stuxnet suffered physical damage, the signifi-
           At around the same time, Arsys, an important      cance that such a sophisticated threat represents to
        Spanish domain registration company, was also tar-   the industrial resources in Europe and other parts of
        geted by international hackers. Arsys reported that   the world cannot be underestimated.
        hackers had stolen codes that were then used to insert   As of 2001, EU member states had independent
        links to external servers containing malicious codes   groups of experts that were responsible for respond-
        in the Web pages of some of its clients.             ing to incidents in information security. These groups
           In 2009, an estimated 10 million computers were   lacked coordination and did not exchange much
        infected with the Conflicker worm worldwide. France,   information. To overcome this, in 2004 the European
        the UK, and Germany were among the European          Commission established the European Network
        countries that suffered the most infections. The     and Information Security Agency (ENISA) with the
        French navy had to ground all military planes when   goal of coordinating efforts to prevent and respond
        it was discovered that its computer network was      more effectively to potentially more harmful secu-
        infected. In the UK, the worm infected computers     rity threats. ENISA’s main objectives are to secure









   MIS_13_Ch_08 Global.indd   362                                                                             1/17/2013   3:10:24 PM