Cyberwars Between Nations Are Difficult to Prove

Uploaded on 2015-06-30 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW

c23a04b5043e391c7a0f6a70670097cb.jpg

Katherine Archuleta, Director, Office of Personnel Management, gestures while she testifies before the Senate Appropriations subcommittee

It is a story that is becoming all-too-familiar: the US government had to admit that one of its key personnel databases, containing the records of up to 4 million staff, had been compromised in a large-scale hacking attack. Officials speaking off the record laid the blame at China’s door, though did not immediately provide any evidence for this claim.

The full scale of the information the attackers accessed remains unknown but could include highly sensitive data such as medical records, employment files and financial details, as well as information on security clearances and more.
The Office of Personnel Management attack is merely the latest of a number of high-profile hacking attacks in the US. Within the last few months, State Department officials had to abandon their email systems for several weeks after a long-term hack was discovered, while Sony executives spent a miserable few weeks watching their internal emails get reported across the world after their own attack.

Those are just a few of the hacking attacks attributed by US officials to nation states – most often China, Russia, or North Korea. But everything about such attacks is murky; finding the perpetrators is difficult if not impossible, as the architecture of the Internet allows for hackers to mask their attack through unwitting users and anonymisation software.
Nation states never claim responsibility – the Chinese embassy warned jumping to conclusions about the attack would be “counterproductive” – and no one has any idea of the full scale of hacking attacks, as even those that are discovered have often been going on for months with anyone noticing.

Attribution to nation states often relies merely on analysing the sophistication of the attack – while lone hackers such as Gary McKinnon may have once wandered through top secret databases, such efforts now often require far more resources than even sophisticated criminal gangs can muster.

The back-and-forth of hacking attacks between governments, somewhat melodramatically referred to as “cyberwar” (though they rarely, if ever, involve death), happen entirely in the shadows, with the method or reason behind any given attack hard to divine. 

The nature of the attacker would give some clues to the motive behind the dive into the Office of Personnel Management’s data. For criminals, the value of such a trove is obvious, with financial data aplenty and everything you would need for identity theft on a huge scale.

Similar factors could motivate the Chinese state, or its intelligence agencies, but they could also benefit in more subtle ways. Personnel directories, are an excellent route into finding individual targets for specific attacks. It might be tempting to think the senior managers of an agency would be the best target, but in reality it’s often the IT guy – get into his account, get the admin passwords, and you’re everywhere. Others have also suggested the hack may have been motivated by trying to find US personnel with security clearances. We will probably never know.

In the tangled and tortured world of espionage, even the state/criminal gang distinction can prove meaningless – intelligence agencies, including our own, target hacking groups, often not in a bid to shut them down but rather to “piggyback” onto their targets. A criminal gang might break in to steal credit card details, with no idea they’ve got an intelligence agency as an invisible passenger.

Such is the quagmire faced by the people trying to protect sensitive information online – which for governments, are often the same intelligence agencies that perform the hacks against rivals.
Building up defences, getting creative about looking for intruders, and trying to build up attribution for hacks are always going to be less fun and less glamorous than going on the offensive, but those are the measures likely to minimise the impact of similar hacks in future. If they are not given higher priority, Western governments are likely to face many more public embarrassments – or worse – in the near future. 

Ein News:
 

« Financial Institutions Face Increasing Cyber Attacks
Europol Tackles Cybercrime Ring »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Hyper Recruitment Solutions

Hyper Recruitment Solutions

Hyper Recruitment Solutions is a specialist and highly compliant recruitment consultancy dedicated to the Science and Technology sectors.

Fuel Recruitment

Fuel Recruitment

Fuel Recruitment is a specialist recruitment company for the IT, Telecoms, Engineering, Consulting and Marketing industries.

FlashRouters

FlashRouters

FlashRouters offers DD-WRT compatible router models with improved performance, privacy/security options, and advanced functionality.

We Watch Your Website

We Watch Your Website

We Watch Your Website provide website monitoring, protection, malware removal and root cause analysis services to help you keep your website secure.

FIRST Conference

FIRST Conference

Annual conference organised by the Forum of Incident Response and Security Teams (FIRST), a recognized global leader in computer incident response.

Kramer Levin

Kramer Levin

Kramer Levin is a full-service law firm with offices in New York and Paris. Practice areas include Cybersecurity, Privacy and Data Protection.

AdNovum Informatik

AdNovum Informatik

AdNovum Informatik provides a full set of IT services, ranging from consulting, the conception and implementation of customized business and security solutions to maintenance and support.

Ericom Software

Ericom Software

Ericom is a global leader in securing and connecting the digital workspace, offering solutions that secure browsing, and optimize desktop and application delivery to any device, anywhere.

Cyber Risk Aware

Cyber Risk Aware

Cyber Risk Aware provide a security awareness and phishing simulation platform that focuses on real threats and educates and empowers employees to be the first line of defence.

Thoma Bravo

Thoma Bravo

Thoma Bravo is a leading private equity firm with a 40+ year history and a focus on investing in software and technology companies.

Silent Sector

Silent Sector

Silent Sector is a cybersecurity services company that specializes in providing a wide range of managed security services.

Risk Strategies

Risk Strategies

Risk Strategies is a leading specialty risk management consultancy and insurance broker offering smarter, practical approaches to risk mitigation including Cyber Liability insurance.

Metabase Q

Metabase Q

Metabase Q protects you from financial and reputational losses with more efficient and intelligent cybersecurity, using the best worldwide in technologies, processes and specialists.

Metmox

Metmox

Metmox mission is to be trusted advisor and partner to protect our customer’s evolving Cloud, Network, Application, IT infrastructure and cybersecurity needs.

Nokod Security

Nokod Security

Nokod Security delivers an application security platform for low-code / no-code custom applications and Robotic Process Automation (RPA).

Camelot Secure

Camelot Secure

Camelot Secure Secure360 platform is a holistic redefinition of what world-class cybersecurity strategies can be. Prepare. Protect. Deploy.