Cyberwars Between Nations Are Difficult to Prove

c23a04b5043e391c7a0f6a70670097cb.jpg

Katherine Archuleta, Director, Office of Personnel Management, gestures while she testifies before the Senate Appropriations subcommittee

It is a story that is becoming all-too-familiar: the US government had to admit that one of its key personnel databases, containing the records of up to 4 million staff, had been compromised in a large-scale hacking attack. Officials speaking off the record laid the blame at China’s door, though did not immediately provide any evidence for this claim.

The full scale of the information the attackers accessed remains unknown but could include highly sensitive data such as medical records, employment files and financial details, as well as information on security clearances and more.
The Office of Personnel Management attack is merely the latest of a number of high-profile hacking attacks in the US. Within the last few months, State Department officials had to abandon their email systems for several weeks after a long-term hack was discovered, while Sony executives spent a miserable few weeks watching their internal emails get reported across the world after their own attack.

Those are just a few of the hacking attacks attributed by US officials to nation states – most often China, Russia, or North Korea. But everything about such attacks is murky; finding the perpetrators is difficult if not impossible, as the architecture of the Internet allows for hackers to mask their attack through unwitting users and anonymisation software.
Nation states never claim responsibility – the Chinese embassy warned jumping to conclusions about the attack would be “counterproductive” – and no one has any idea of the full scale of hacking attacks, as even those that are discovered have often been going on for months with anyone noticing.

Attribution to nation states often relies merely on analysing the sophistication of the attack – while lone hackers such as Gary McKinnon may have once wandered through top secret databases, such efforts now often require far more resources than even sophisticated criminal gangs can muster.

The back-and-forth of hacking attacks between governments, somewhat melodramatically referred to as “cyberwar” (though they rarely, if ever, involve death), happen entirely in the shadows, with the method or reason behind any given attack hard to divine. 

The nature of the attacker would give some clues to the motive behind the dive into the Office of Personnel Management’s data. For criminals, the value of such a trove is obvious, with financial data aplenty and everything you would need for identity theft on a huge scale.

Similar factors could motivate the Chinese state, or its intelligence agencies, but they could also benefit in more subtle ways. Personnel directories, are an excellent route into finding individual targets for specific attacks. It might be tempting to think the senior managers of an agency would be the best target, but in reality it’s often the IT guy – get into his account, get the admin passwords, and you’re everywhere. Others have also suggested the hack may have been motivated by trying to find US personnel with security clearances. We will probably never know.

In the tangled and tortured world of espionage, even the state/criminal gang distinction can prove meaningless – intelligence agencies, including our own, target hacking groups, often not in a bid to shut them down but rather to “piggyback” onto their targets. A criminal gang might break in to steal credit card details, with no idea they’ve got an intelligence agency as an invisible passenger.

Such is the quagmire faced by the people trying to protect sensitive information online – which for governments, are often the same intelligence agencies that perform the hacks against rivals.
Building up defences, getting creative about looking for intruders, and trying to build up attribution for hacks are always going to be less fun and less glamorous than going on the offensive, but those are the measures likely to minimise the impact of similar hacks in future. If they are not given higher priority, Western governments are likely to face many more public embarrassments – or worse – in the near future. 

Ein News:
 

« Financial Institutions Face Increasing Cyber Attacks
Europol Tackles Cybercrime Ring »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clifford Chance

Clifford Chance

Clifford Chance are one of the world's pre-eminent law firms with resources across five continents. Practice areas include Cyber Security & Information Protection

Covenco

Covenco

Covenco is a data management and IT infrastructure specialist. Working with customers to transform their IT environments, with data protection and security at the forefront of everything we do.

Haltdos

Haltdos

Haltdos is an AI driven website protection service that secures websites against today's cyber threats.

ReSec Technologies

ReSec Technologies

ReSec provides total protection against all types of known and unknown malware threats including viruses, Trojans, ransomware and phishing, regardless of their delivery method.

BlueRiSC

BlueRiSC

BlueRiSC invent cutting-edge system assurance solutions for the 21st century with novel software and hardware designs focusing on security technologies that can be game changing.

ProofID

ProofID

ProofID is a specialist provider of Identity Access Management (IAM) solutions. We focus on the solving the complex needs of the modern enterprise.

Evina

Evina

Evina offers the most advanced cybersecurity and fraud protection for mobile payment.

CyberAcuView

CyberAcuView

CyberAcuView is a company dedicated to enhancing cyber risk mitigation efforts across the insurance industry.

Luxembourg House of Financial Technology (LHoFT)

Luxembourg House of Financial Technology (LHoFT)

Offering start-up incubation, co-working spaces including a soft-landing platform, the LHoFT connects and creates value for the entire Luxembourg FinTech ecosystem.

Avocado Consulting

Avocado Consulting

Avocado helps clients deliver with certainty on their complex IT change, with technology services that automate, monitor and optimise.

Privasee

Privasee

Make GDPR compliance simple with Privasee. Our software makes it easy to protect your data and ensure you’re compliant with the new regulations.

Maltego Technologies

Maltego Technologies

Maltego is a comprehensive tool for graphical link analyses that offers real-time data mining and information gathering. Applications include cybersecurity threat intelligence and incident response.

Binarii Labs

Binarii Labs

Binarii are focused on helping enterprises to design and deploy SaaS solutions that utilise DLT (Digital Ledger Technology) effectively, efficiently and sensibly.

Azerbaijan Cybersecurity Center (ACC)

Azerbaijan Cybersecurity Center (ACC)

Azerbaijan Cybersecurity Center is a state-of-the-art facility to deliver advanced cyber training programs and build the next generation of Azerbaijan’s cybersecurity professionals.

TetherView

TetherView

TetherView provides leading virtual desktop and email security technology to help businesses stand up and manage digital workspaces.

Togggle

Togggle

Togggle offers seamless identity verification solutions and distributed infrastructure, enabling organizations to combat fraud and ensure compliance with data protection regulations.