Cyberwars Between Nations Are Difficult to Prove

Uploaded on 2015-06-30 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW

c23a04b5043e391c7a0f6a70670097cb.jpg

Katherine Archuleta, Director, Office of Personnel Management, gestures while she testifies before the Senate Appropriations subcommittee

It is a story that is becoming all-too-familiar: the US government had to admit that one of its key personnel databases, containing the records of up to 4 million staff, had been compromised in a large-scale hacking attack. Officials speaking off the record laid the blame at China’s door, though did not immediately provide any evidence for this claim.

The full scale of the information the attackers accessed remains unknown but could include highly sensitive data such as medical records, employment files and financial details, as well as information on security clearances and more.
The Office of Personnel Management attack is merely the latest of a number of high-profile hacking attacks in the US. Within the last few months, State Department officials had to abandon their email systems for several weeks after a long-term hack was discovered, while Sony executives spent a miserable few weeks watching their internal emails get reported across the world after their own attack.

Those are just a few of the hacking attacks attributed by US officials to nation states – most often China, Russia, or North Korea. But everything about such attacks is murky; finding the perpetrators is difficult if not impossible, as the architecture of the Internet allows for hackers to mask their attack through unwitting users and anonymisation software.
Nation states never claim responsibility – the Chinese embassy warned jumping to conclusions about the attack would be “counterproductive” – and no one has any idea of the full scale of hacking attacks, as even those that are discovered have often been going on for months with anyone noticing.

Attribution to nation states often relies merely on analysing the sophistication of the attack – while lone hackers such as Gary McKinnon may have once wandered through top secret databases, such efforts now often require far more resources than even sophisticated criminal gangs can muster.

The back-and-forth of hacking attacks between governments, somewhat melodramatically referred to as “cyberwar” (though they rarely, if ever, involve death), happen entirely in the shadows, with the method or reason behind any given attack hard to divine. 

The nature of the attacker would give some clues to the motive behind the dive into the Office of Personnel Management’s data. For criminals, the value of such a trove is obvious, with financial data aplenty and everything you would need for identity theft on a huge scale.

Similar factors could motivate the Chinese state, or its intelligence agencies, but they could also benefit in more subtle ways. Personnel directories, are an excellent route into finding individual targets for specific attacks. It might be tempting to think the senior managers of an agency would be the best target, but in reality it’s often the IT guy – get into his account, get the admin passwords, and you’re everywhere. Others have also suggested the hack may have been motivated by trying to find US personnel with security clearances. We will probably never know.

In the tangled and tortured world of espionage, even the state/criminal gang distinction can prove meaningless – intelligence agencies, including our own, target hacking groups, often not in a bid to shut them down but rather to “piggyback” onto their targets. A criminal gang might break in to steal credit card details, with no idea they’ve got an intelligence agency as an invisible passenger.

Such is the quagmire faced by the people trying to protect sensitive information online – which for governments, are often the same intelligence agencies that perform the hacks against rivals.
Building up defences, getting creative about looking for intruders, and trying to build up attribution for hacks are always going to be less fun and less glamorous than going on the offensive, but those are the measures likely to minimise the impact of similar hacks in future. If they are not given higher priority, Western governments are likely to face many more public embarrassments – or worse – in the near future. 

Ein News:
 

« Financial Institutions Face Increasing Cyber Attacks
Europol Tackles Cybercrime Ring »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The Networking People (TNP)

The Networking People (TNP)

TNP supplies independent advice allowing large organisations to design, build and operate their own networks independently of the established telecoms companies.

CYBER 1

CYBER 1

CYBER 1 provides cyber security solutions to customers wanting to be resilient against new and existing threats.

Lacework

Lacework

Lacework brings speed, scale, and automation to cloud security and allows security and DevOps teams to collaborate on keeping data and applications safe.

Six Degrees

Six Degrees

Six Degrees is a leading secure, integrated cloud services provider. We protect UK organisations and help them thrive in the cloud by giving them secure platforms to innovate and grow.

MrLooquer

MrLooquer

MrLooquer provide a solution to automatically discover the assets of organizations on the internet, determine the level of exposure to attacks and help to manage risk accurately.

Keynetic Technologies

Keynetic Technologies

Keynetic focuses on developing cybersecurity solutions for Industry 4.0.

Cambridge Cybercrime Centre

Cambridge Cybercrime Centre

The Cambridge Cybercrime Centre is a multi-disciplinary initiative combining expertise from the Department of Computer Science and Technology, Institute of Criminology and Faculty of Law.

Baker Donelson

Baker Donelson

Baker Donelson is a law firm with a team of more than 700 attorneys and advisors representing more than 30 practice areas including Data Protection, Privacy and Cybersecurity.

DatChat

DatChat

DatChat Inc. is a blockchain, cybersecurity, and social media company that focuses on protecting privacy on our devices and also protecting our information after we have shared it with others.

CodeHunter

CodeHunter

CodeHunter is a malware hunting SaaS platform designed to detect all variations of malware, known and unknown, without the need for source code or signatures.

Ciphertex Data Security

Ciphertex Data Security

Ciphertex is a leading data security company that specializes in portable data encryption and privacy protection storage systems.

Noerr

Noerr

Noerr is one of the top European law firms with 500 professionals in Germany, Europe and the USA. We provide solutions to complex and sophisticated legal matters including cyber risks.

Moro Hub

Moro Hub

Moro Hub, a subsidiary of Digital DEWA, is a UAE-based digital data hub focused on digital transformation and operational services.

Third Point Ventures

Third Point Ventures

Third Point brings deep technical expertise, a strong network of relationships, and decades of investing experience to add value to our partners throughout their journey from idea to IPO and beyond.

Verisign

Verisign

Verisign is a Global Leader in Domain Names & Internet Security, providing protection for websites and enterprises around the world.

Operant Networks

Operant Networks

Operant Networks mission is to provide Operational Technology (OT) teams with solutions that simplify their increasingly complex worlds.