Sophisticated virus writers are targeting computers at the very heart of Great Britain's infrastructure, a British government agency warned on Thursday.
The warning offered only limited details of the attacks, but indicated they are widespread and sophisticated. Central government computers have been the most popular target, but corporations and individuals are also at risk, the report said. Attackers are using specially-crafted Trojan horse programs designed to sneak onto computers and steal information.
"The attackers’ aim appears to be covert gathering and transmitting of commercially or economically valuable information," the warning said. The attacks had recently become more sophisticated, according to the agency.
The normally quiet National Infrastructure Security Coordination Center, which reports to Britain's Home Office, issued the warning.
"We have never seen anything like this in terms of the industrial scale of this series of attacks," NISCC Director Roger Cumming said. "This is not a few hackers sitting in their bedroom trying to steal bank account details from individuals."
There was no mention of specific agencies or firms that had been attacked. But the warning was specific in some areas: It listed more than a dozen Trojan horse programs that the agency said had been used in the attacks since January of this year.
Employees are tricked into installing the malicious programs by cleverly-crafted e-mails loaded with infected documents. In some cases, the attackers download publicly-available documents off the Internet, load the documents with the Trojan horse, then e-mail them to carefully-selected employees who would be likely to open such a file. To make the notes even more realistic, the e-mail appears to come from a co-worker.
"The attackers are able to receive, Trojanise and re-send a document within 120 minutes of its release, indicating a high level of sophistication," the warning says. The attacks normally focused on individuals who have jobs working with commercially or economically sensitive data, the NISCC said.
The warning also gives this pessimistic advice: "Anti-virus software and firewalls do not give complete protection," it said. "There is no complete mitigation for computers connected to the Internet."
The next big thing: Targeted attacks
Word of the potential digital espionage in Britain comes on the heels of a widespread corporate espionage case revealed in Israel late last month. Executives in Israel's top telecommunications companies have been arrested in connection with several cases of espionage there, linked to a Trojan horse program.
The two incidents appear to be unrelated, according to the British warning. But the news speaks to an increase in targeted attacks, which some experts say are a rising threat to Internet users.
"We've seen a tremendous increase in specific attacks," said Howard Schmidt, former White House cybersecurity advisor. "The whole hacker thing used to be about saying 'I am the biggest kid now the block.’ Now it is shifting, it's about greed and corporate gain."
Schmidt also said it was unlikely that the virus writers have limited their attack to UK institutions, suggesting U.S. firms and agencies might also be at risk.
"I don't think they are being targeted in isolation," he said. "The British government is being proactive in putting this information out there, telling anybody who lives there or works there or does business there to be aware."
It was not clear if the British government issued the warning principally as a stern reminder to urge safer computer habits, or because there had been significant successful attacks against government computers. A spokesman at the National Infrastructure Security Coordination Center couldn't say how many computers were attacked, or provide additional details. An anonymous spokesman told the Associated Press that the agency is "not aware of any loss of information."
On the other hand, the spokesman quoted by the Associated Press added, "We can't be certain of that, that's part of the reason we are broadening our sphere of advice. We recognize we need some feedback to see how big this is."
Richard Wang, who manages antivirus research at Sophos Labs in the U.S., says the presence of a specific hit list of Trojan horses to watch for in the warning indicates some of the attacks have probably been successful.
"It is a little unusual that they would come out and issue a list," he said, suggesting the Trojan horse programs were probably found on infected computers. "That underlines the point that this is not just a document saying, 'Here are some useful things to do.' "
The Associated Press contributed to this report.