Mercenary Hackers Funded By Nation-States

Lines between government-backed hackers and cyber criminals are getting blurred, as indicated by recent the FBI indictment of two Russian intelligence officers and two criminal co-defendants for a major breach of the Yahoo email service.

Earlier this FBI Director Christopher Wray told the US Congressional Homeland Security Committee, “We are seeing an emergence of that kind of collaboration which used to be two separate things, nation-state actors and criminal hackers." 

The Homeland Security Department is also following the trend, acting Secretary Elaine Duke told the committee. “What we’re having to do is really understand, as the director said earlier, the difference between state actors, people [who are] maybe just looking for financial gain and those hybrid actors and that’s become more difficult,” she said. Homeland Security leads civilian government cyber-security and helps critical infrastructure providers, such as airports, banks and hospitals, secure their computer networks.

US officials have long feared that cyber-criminal networks, which operate with relative impunity in parts of Russia, could be deputised for hacking operations that serve the Kremlin’s interests.

Russian President Vladimir Putin even speculated that “patriotic hackers” in Russia might have been responsible for email breaches at Democratic political organisations that sowed chaos during the 2016 US presidential election. He’s disputed, however, US intelligence agencies’ conclusion that the Russian government ordered those breaches.

Historically this type of government/criminal action goes a long way back and one relevant association was/is with pirates on the seas and oceans where the pirates that were commissioned by a government were called privateers and many governments used them against their opposition/enemy including the English against the Spanish in the 16th/17th centuries.  

Such hybrid government-criminal breaches are increasingly becoming a reality, Wray told lawmakers. “You have the blend of a nation-state actor, in that case, the Russian intelligence service, using the assistance of criminal hackers, which you think of almost like mercenaries, being used to commit cyberattacks,” the FBI director said. “Russia is attempting to assert its place in the world and relying more creatively on a form of asymmetric warfare to damage and weaken this country economically and otherwise,” he said.   

It’s highly unlikely the Russian Yahoo hackers will see a US courtroom because the US does not have an extradition agreement with Russia, Wray acknowledged. “On the other hand, if they travel, that’s going to be a challenge for them because they are now, at that point, fugitives wanted by the FBI,” he said.

DefenseOne

You Might Also Read

Nation State Hacking Has A Big Commercial Impact:

The Nation State Hack-Attack:

Yahoo Hack Affects 1 Billion Accounts:

Hackers For Hire:

 

 

« Fake News & Botnets: Russia Has Weaponised The Web
Australia To Challenge Facebook & Google Over Media Disruption »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

April 4, 2024 | 11:00 AM PT: Join this webinar to find out about six emerging trends dominating the cloud cybersecurity landscape.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Ionic Security

Ionic Security

Ionic provide a high-assurance data protection and control platform built on strong encryption, fine-grain control and contextual analytics.

Claranet

Claranet

Claranet are experts in modernising and running critical applications and infrastructure through end-to-end professional services, managed services and training.

Unitrends

Unitrends

Unitrends helps IT pros do more with less by providing an all-in-one enterprise backup and continuity solution.

Watchdata Technologies

Watchdata Technologies

Watchdata Technologies is a pioneer in digital authentication and transaction security.

Redbelt Security

Redbelt Security

Redbelt is a cyber security consultancy. We integrate people, systems, services and products to transform how your information security is delivered.

Finnish Accreditation Service (FINAS)

Finnish Accreditation Service (FINAS)

FINAS is the national accreditation body for Finland. The directory of members provides details of organisations offering certification services for ISO 27001.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

Madrona Venture Group

Madrona Venture Group

Madrona Venture Group invests in seed and early-stage technology companies in areas including cybersecurity.

SIA Group

SIA Group

SIA Group, an Indra company, combines Consulting, Systems Integration and Managed Services in four specialized business areas: Information Security, Storage, IT Management and IT Mobility.

Mobileum

Mobileum

Mobileum is a leading provider of Telecom analytics for roaming, security and risk management and end-to-end domestic and roaming testing solutions.

Theta432

Theta432

THETA432 is a cybersecurity firm that provides 24/7/365 managed prevention, detection, response, Hybrid SOC, cyber defense monitoring services with dynamically defined defense (3D™).

Secuna Software Technologies

Secuna Software Technologies

Secuna is the most trusted Cybersecurity Testing Platform in the Philippines. Our pool of vetted security researchers will find and ethically report security vulnerabilities in your product.

Finesse Global

Finesse Global

Finesse is a global system integration and digital business transformation company.

NetApp

NetApp

The NetApp portfolio includes intelligent cloud services, data services, and storage infrastructure that helps organizations manage applications and data everywhere across hybrid cloud environments.

Cyrex

Cyrex

Cyrex is a Web3 security and development company. Our mastery over decentralized applications, smart contracts and blockchain will keep you secure across Web3.

CyberXpert

CyberXpert

CyberXpert is your cybersecurity partner for the public and private sector in Belgium.