Cyber-collection


Cyber-collection refers to the use of cyber-warfare techniques in order to conduct espionage. Cyber-collection activities typically rely on the insertion of malware into a targeted network or computer in order to scan for, collect and exfiltrate sensitive information.
Cyber-collection started as far back as 1996, when widespread deployment of Internet connectivity to government and corporate systems gained momentum. Since that time, there have been numerous cases of such activity.
In addition to the state sponsored examples, cyber-collection has also been used by organized crime for identity and e-banking theft and by corporate spies. Operation High Roller used cyber-collection agents in order to collect PC and smart-phone information that was used to electronically raid bank accounts. The Rocra, aka Red October, collection system is an "espionage for hire" operation by organized criminals who sell the collected information to the highest bidder.

Platforms and functionality

Cyber-collection tools have been developed by governments and private interests for nearly every computer and smart-phone operating system. Tools are known to exist for Microsoft, Apple, and Linux computers and iPhone, Android, Blackberry, and Windows phones. Major manufacturers of Commercial off-the-shelf cyber collection technology include Gamma Group from the UK and Hacking Team from Italy. Bespoke cyber-collection tool companies, many offering COTS packages of zero-day exploits, include Endgame, Inc. and Netragard of the United States and Vupen from France. State intelligence agencies often have their own teams to develop cyber-collection tools, such as Stuxnet, but require a constant source of zero-day exploits in order to insert their tools into newly targeted systems. Specific technical details of these attack methods often sells for six figure sums.
Common functionality of cyber-collection systems include:
There are several common ways to infect or access the target:
Cyber-collection agents are usually installed by payload delivery software constructed using zero-day attacks and delivered via infected USB drives, e-mail attachments or malicious web sites. State sponsored cyber-collections efforts have used official operating system certificates in place of relying on security vulnerabilities. In the Flame operation, Microsoft states that the Microsoft certificate used to impersonate a Windows Update was forged; however, some experts believe that it may have been acquired through HUMINT efforts.

Examples of operations