Mercenary Hackers Funded By Nation-States

Lines between government-backed hackers and cyber criminals are getting blurred, as indicated by recent the FBI indictment of two Russian intelligence officers and two criminal co-defendants for a major breach of the Yahoo email service.

Earlier this FBI Director Christopher Wray told the US Congressional Homeland Security Committee, “We are seeing an emergence of that kind of collaboration which used to be two separate things, nation-state actors and criminal hackers." 

The Homeland Security Department is also following the trend, acting Secretary Elaine Duke told the committee. “What we’re having to do is really understand, as the director said earlier, the difference between state actors, people [who are] maybe just looking for financial gain and those hybrid actors and that’s become more difficult,” she said. Homeland Security leads civilian government cyber-security and helps critical infrastructure providers, such as airports, banks and hospitals, secure their computer networks.

US officials have long feared that cyber-criminal networks, which operate with relative impunity in parts of Russia, could be deputised for hacking operations that serve the Kremlin’s interests.

Russian President Vladimir Putin even speculated that “patriotic hackers” in Russia might have been responsible for email breaches at Democratic political organisations that sowed chaos during the 2016 US presidential election. He’s disputed, however, US intelligence agencies’ conclusion that the Russian government ordered those breaches.

Historically this type of government/criminal action goes a long way back and one relevant association was/is with pirates on the seas and oceans where the pirates that were commissioned by a government were called privateers and many governments used them against their opposition/enemy including the English against the Spanish in the 16th/17th centuries.  

Such hybrid government-criminal breaches are increasingly becoming a reality, Wray told lawmakers. “You have the blend of a nation-state actor, in that case, the Russian intelligence service, using the assistance of criminal hackers, which you think of almost like mercenaries, being used to commit cyberattacks,” the FBI director said. “Russia is attempting to assert its place in the world and relying more creatively on a form of asymmetric warfare to damage and weaken this country economically and otherwise,” he said.   

It’s highly unlikely the Russian Yahoo hackers will see a US courtroom because the US does not have an extradition agreement with Russia, Wray acknowledged. “On the other hand, if they travel, that’s going to be a challenge for them because they are now, at that point, fugitives wanted by the FBI,” he said.

DefenseOne

You Might Also Read

Nation State Hacking Has A Big Commercial Impact:

The Nation State Hack-Attack:

Yahoo Hack Affects 1 Billion Accounts:

Hackers For Hire:

 

 

« Fake News & Botnets: Russia Has Weaponised The Web
Australia To Challenge Facebook & Google Over Media Disruption »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The Josef Group (TJG)

The Josef Group (TJG)

The Josef Group Inc. is a certified woman-owned permanent staffing agency specializing in Information Technology, Engineering, and US Government "cleared" IT candidates.

CW Jobs

CW Jobs

CWJobs.co.uk is a leading specialist IT recruitment website covering all areas of IT including Cyber Security.

ManagedMethods

ManagedMethods

ManageMethods Cloud Access Monitor is the only Cloud Access Security Broker (CASB) that can be deployed in minutes, with no special training, and with no impact on users or networks.

TeachPrivacy

TeachPrivacy

TeachPrivacy provides computer-based privacy and data security training that is engaging, memorable, and understandable.

Salt Security

Salt Security

Salt Security protects the APIs that are the core of every SaaS, web, mobile, microservices and IoT application.

National Cybersecurity Society (NCSS) - USA

National Cybersecurity Society (NCSS) - USA

The National Cybersecurity Society is a non-profit organization focused on providing cybersecurity education, awareness and advocacy to small businesses.

Cyber Security Africa

Cyber Security Africa

Cyber Security Africa is a full-service Information Security Consulting firm offering a comprehensive range of Services and Products to help organizations protect their valuable assets.

Randstad

Randstad

Randstad provide outsourcing, staffing, consulting and workforce solutions in the USA across a wide range of job sectors including IT and cybersecurity.

Genius Guard

Genius Guard

Genius Guard specializes in DDoS Protection, DDoS Protected Webhosting, HYIP Hosting, Bitcoin Hosting, Cryptocurrency Hosting.

Open Data Security (ODS)

Open Data Security (ODS)

Open Data Security is a market leader in the information security sector, offering services to companies, governments and individuals, helping them shield from hackers and cyber attacks.

Ostra Cybersecurity

Ostra Cybersecurity

As a next-generation MSSP, Ostra Cybersecurity combines best-in-class tools, proprietary technology and exceptional talent to deliver Fortune 100-level protection for businesses of all sizes.

People Driven Technology

People Driven Technology

People Driven Technology is a customer-obsessed organization. We leverage our decades of business, technology, and engineering experience to deliver outcomes for our clients.

Prophet Security

Prophet Security

Prophet Security empowers organizations to triage, investigate, and respond to alerts with unparalleled speed and accuracy.

Assura

Assura

Assura provides innovative cybersecurity advisory and managed services to all industries including government, healthcare, financial, manufacturing, and transportation sectors.

SignPath

SignPath

SignPath provides leading-edge software and SaaS services that ensure code integrity from development to distribution.

MODUS X

MODUS X

MODUS X is a Ukrainian IT product and service company created from the IT department of the DTEK Group of Companies.