Whenever you look at cybercrime/eCrime, the question always pops up – what is the link between this highly sofisticated economy and aggregation of technologies, with government affairs or cyberwarfare. The answer would usually be “it depends”… Actually depending on who you ask, and what level of involvement they have with studying cyberwarfare as well as cybercrime.
When I spoke at DefCon last month it was a great opportunity to catch up with some of the leaders in the study of cyberwarfare and cybercrime, and as always the discussions were really eye opening as we all had a chance to “compare notes” and fill in some pieces of the puzzle where crime turns into warfare and vice-versa. Following DefCon and BlackHat with almost perfect timing, the US-CCU (United States Cyber Consequence Unit) has published a research which again alludes to the links between cyberwarfare and the involvement of cybercrime. The study talks about the fact that companies and individuals may be targeted as part of a campaign, and may also be part of the attack when looking at things from the other side.
What’s important to remember is that some of the research relied on studying the last Russia-Georgia conflict in which attacks were also launched using commercial botnets – a fact that may skew the stats a bit and throw innocent individuals and companies into the same pool as premeditated attackers, just because their systems were infected and part of the botnet.
Just a quick word of advice – always remember to look at the whole picture when reading such studies, as even the most professional research may focus on specific aspects of the subject in matter and might skew the conclusions (as implicit or explicit as they may be) as a result.