The recent Gauss malware attack has been the hot topic of the cyber community and several technology magazines have dedicated lengthy articles about the seriousness of the virus. We asked Dr. Herbert Lin, cyber attack expert and chief scientist at the Computer Science and Telecommunications Board of the National Research Council, to weigh in and explain the significance of the Gauss malware virus currently affecting the Middle East. Here’s what he had to say:
“A number of public reports have asserted that Gauss is state-sponsored malware directed against customers of Middle Eastern banks for the purpose of gathering intelligence on those banks and customers. If this is its only purpose (and no reports have yet surfaced indicating that Gauss is an agent intended to steal money), then Gauss is an agent of cyber exploitation rather than cyber attack. But even if Gauss is state-sponsored, it would be just one more example of how nations conduct espionage operations against entities of interest with all the tools at their disposal.
The details of financial transactions in the Middle East are clearly interesting to those who follow the development of weapons of mass destruction, the evasion of sanctions, and terrorist activities, and it would not be surprising if nations use cyber espionage to obtain information that they could not otherwise obtain from the banking systems in question.”
The National Research Council has produced a number of significant reports on cyber security and related subjects, which are all free to download from www.NAP.edu.