Cyberwars Between Nations Are Difficult to Prove

Uploaded on 2015-06-30 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW

c23a04b5043e391c7a0f6a70670097cb.jpg

Katherine Archuleta, Director, Office of Personnel Management, gestures while she testifies before the Senate Appropriations subcommittee

It is a story that is becoming all-too-familiar: the US government had to admit that one of its key personnel databases, containing the records of up to 4 million staff, had been compromised in a large-scale hacking attack. Officials speaking off the record laid the blame at China’s door, though did not immediately provide any evidence for this claim.

The full scale of the information the attackers accessed remains unknown but could include highly sensitive data such as medical records, employment files and financial details, as well as information on security clearances and more.
The Office of Personnel Management attack is merely the latest of a number of high-profile hacking attacks in the US. Within the last few months, State Department officials had to abandon their email systems for several weeks after a long-term hack was discovered, while Sony executives spent a miserable few weeks watching their internal emails get reported across the world after their own attack.

Those are just a few of the hacking attacks attributed by US officials to nation states – most often China, Russia, or North Korea. But everything about such attacks is murky; finding the perpetrators is difficult if not impossible, as the architecture of the Internet allows for hackers to mask their attack through unwitting users and anonymisation software.
Nation states never claim responsibility – the Chinese embassy warned jumping to conclusions about the attack would be “counterproductive” – and no one has any idea of the full scale of hacking attacks, as even those that are discovered have often been going on for months with anyone noticing.

Attribution to nation states often relies merely on analysing the sophistication of the attack – while lone hackers such as Gary McKinnon may have once wandered through top secret databases, such efforts now often require far more resources than even sophisticated criminal gangs can muster.

The back-and-forth of hacking attacks between governments, somewhat melodramatically referred to as “cyberwar” (though they rarely, if ever, involve death), happen entirely in the shadows, with the method or reason behind any given attack hard to divine. 

The nature of the attacker would give some clues to the motive behind the dive into the Office of Personnel Management’s data. For criminals, the value of such a trove is obvious, with financial data aplenty and everything you would need for identity theft on a huge scale.

Similar factors could motivate the Chinese state, or its intelligence agencies, but they could also benefit in more subtle ways. Personnel directories, are an excellent route into finding individual targets for specific attacks. It might be tempting to think the senior managers of an agency would be the best target, but in reality it’s often the IT guy – get into his account, get the admin passwords, and you’re everywhere. Others have also suggested the hack may have been motivated by trying to find US personnel with security clearances. We will probably never know.

In the tangled and tortured world of espionage, even the state/criminal gang distinction can prove meaningless – intelligence agencies, including our own, target hacking groups, often not in a bid to shut them down but rather to “piggyback” onto their targets. A criminal gang might break in to steal credit card details, with no idea they’ve got an intelligence agency as an invisible passenger.

Such is the quagmire faced by the people trying to protect sensitive information online – which for governments, are often the same intelligence agencies that perform the hacks against rivals.
Building up defences, getting creative about looking for intruders, and trying to build up attribution for hacks are always going to be less fun and less glamorous than going on the offensive, but those are the measures likely to minimise the impact of similar hacks in future. If they are not given higher priority, Western governments are likely to face many more public embarrassments – or worse – in the near future. 

Ein News:
 

« Financial Institutions Face Increasing Cyber Attacks
Europol Tackles Cybercrime Ring »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Qualys

Qualys

Qualys is a pioneer and leading provider of cloud security and compliance solutions.

Seagate Technology

Seagate Technology

Seagate data storage systems are purpose-built for enterprise and data centre performance, scalability, reliability and security.

Materna Virtual Solution

Materna Virtual Solution

Materna Virtual Solution security solutions enable user-friendly, secure mobile working environments.

IronNet Cybersecurity

IronNet Cybersecurity

IronNet’s product and services provide enterprise-wide security management and visibility of your network, users and assets.

Sera-Brynn

Sera-Brynn

Sera-Brynn is one of the highest-ranked, pure-play cybersecurity compliance and advisory firms in the world.

Center for Research on Scientific & Technical Information (CERIST)

Center for Research on Scientific & Technical Information (CERIST)

CERIST is a scientific and technical research centre with activities focused in the area of networks, information systems and IT security.

Stratosphere Networks

Stratosphere Networks

Stratosphere Networks offer managed cybersecurity services rooted in Managed Detection and Response and Security Operations Center services that our team can tailor to meet your needs.

Cyber Security Operations Consulting (CyberSecOp)

Cyber Security Operations Consulting (CyberSecOp)

CyberSecOp is an ISO 27001 Certified Organization which provides cyber security operations services and risk management consulting.

Celera Networks

Celera Networks

Celera Networks is a managed services provider specializing in cybersecurity, cloud and managed IT services.

Myota

Myota

Myota intelligently equips each file to be resilient and achieve Zero Trust-grade protection. Withstand ransomware and data breach attacks. Reduce data restoration time and effort.

Finesse Global

Finesse Global

Finesse is a global system integration and digital business transformation company.

Tenchi Security

Tenchi Security

Tenchi Security are specialized in Third-Party Cyber Risk Management (TPCRM) and aim to reduce information asymmetry when it comes to third and Nth-Party security and compliance risk management.

Foghorn Consulting

Foghorn Consulting

Foghorn can analyze your cloud to enhance performance and security, while reducing costs. Based on AWS’ 6 Pillars, our AWS WAFR Certified Engineers Will Identify Areas of Improvement.

Vortacity Cyber

Vortacity Cyber

Vortacity is a boutique cybersecurity provider specializing in associations, nonprofits, and mission-based organizations.

CyFox

CyFox

CYFOX is at the forefront of cybersecurity innovation, specializing in providing cutting-edge AI-driven solutions tailored for any businesses.

Etalon Cyber

Etalon Cyber

Etalon Cyber provides a range of advanced features to ensure the highest level of security for your website.