Home Content Area

Home Navigator

breadcrumb navigation

End Navigator

Increase in espionage and data theft - Eleventh report of the Reporting and Analysis Centre for Information Assurance

In the first half of 2010, the number of cases of espionage and stolen data rose worldwide. Websites and networks were often hacked for this purpose. Hacking is also used to distribute malicious software or to pursue politically motivated goals. To find Swiss websites harmed in this way, the Reporting and Analysis Centre for Information Assurance (MELANI) has been employing a new tool since this year. MELANI can now also request the blocking of .ch domains for the purpose of combating misuse of Internet addresses.

Data is often obtained unlawfully for purely financial and criminal interests, but also as part of government-condoned espionage. Business enterprises and public authorities are at special risk.

Espionage as a trend
In the first half of 2010, major ICT companies such as Google and the software manufacturer Adobe were the focus of targeted espionage attacks. In these cases, there were indications of similarities in the infrastructure used, so that they cannot be seen as isolated cases. Rather, it is suspected that all of these incidents were perpetrated by the same attacker.

MELANI checks Swiss websites for infections
As in previous reporting periods, websites were infected with the goal of harming unsuspecting Internet users. To manipulate websites and infect them with malicious software, FTP access data such as passwords and logins are usually stolen to access the webserver, or vulnerabilities in the web software are exploited. Since April of this year, MELANI has operated a special check tool to verify whether .ch domains have been infected. A first analysis of the months June to August 2010 shows that MELANI was able to identify 148 infected cases in over 237,000 websites checked.

Blocking of suspicious .ch domains
If there is suspicion that a Swiss Internet address is being misused to obtain sensitive data or to disseminate malicious software, this must be stopped. The revised Ordinance on Address Elements in Telecommunications (AEFV), which entered into force at the beginning of the year, provides the legal basis for this purpose: SWITCH, the registrar for .ch domains, can now block Swiss Internet addresses and suspend the assignment to the corresponding name server, if there is a suspicion of misuse and an agency recognized by the Federal Office of Communications (OFCOM) so requests. Since 15 June of this year, MELANI has been recognized by OFCOM for this purpose and may now request SWITCH to block addresses.

Back to overview Newsletter

Last updated on: 02.11.2010

End Content Area