Mercenary Hackers Funded By Nation-States

Lines between government-backed hackers and cyber criminals are getting blurred, as indicated by recent the FBI indictment of two Russian intelligence officers and two criminal co-defendants for a major breach of the Yahoo email service.

Earlier this FBI Director Christopher Wray told the US Congressional Homeland Security Committee, “We are seeing an emergence of that kind of collaboration which used to be two separate things, nation-state actors and criminal hackers." 

The Homeland Security Department is also following the trend, acting Secretary Elaine Duke told the committee. “What we’re having to do is really understand, as the director said earlier, the difference between state actors, people [who are] maybe just looking for financial gain and those hybrid actors and that’s become more difficult,” she said. Homeland Security leads civilian government cyber-security and helps critical infrastructure providers, such as airports, banks and hospitals, secure their computer networks.

US officials have long feared that cyber-criminal networks, which operate with relative impunity in parts of Russia, could be deputised for hacking operations that serve the Kremlin’s interests.

Russian President Vladimir Putin even speculated that “patriotic hackers” in Russia might have been responsible for email breaches at Democratic political organisations that sowed chaos during the 2016 US presidential election. He’s disputed, however, US intelligence agencies’ conclusion that the Russian government ordered those breaches.

Historically this type of government/criminal action goes a long way back and one relevant association was/is with pirates on the seas and oceans where the pirates that were commissioned by a government were called privateers and many governments used them against their opposition/enemy including the English against the Spanish in the 16th/17th centuries.  

Such hybrid government-criminal breaches are increasingly becoming a reality, Wray told lawmakers. “You have the blend of a nation-state actor, in that case, the Russian intelligence service, using the assistance of criminal hackers, which you think of almost like mercenaries, being used to commit cyberattacks,” the FBI director said. “Russia is attempting to assert its place in the world and relying more creatively on a form of asymmetric warfare to damage and weaken this country economically and otherwise,” he said.   

It’s highly unlikely the Russian Yahoo hackers will see a US courtroom because the US does not have an extradition agreement with Russia, Wray acknowledged. “On the other hand, if they travel, that’s going to be a challenge for them because they are now, at that point, fugitives wanted by the FBI,” he said.

DefenseOne

You Might Also Read

Nation State Hacking Has A Big Commercial Impact:

The Nation State Hack-Attack:

Yahoo Hack Affects 1 Billion Accounts:

Hackers For Hire:

 

 

« Fake News & Botnets: Russia Has Weaponised The Web
Australia To Challenge Facebook & Google Over Media Disruption »

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Tenable Network Security

Tenable Network Security

Tenable Network Security - Need to Evolve to a Risk-Based Vulnerability Management Strategy but Don’t Know How? This Guide Will Show You.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 5,000+ specialist service providers.

IntaForensics

IntaForensics

IntaForensics offer a full range of digital investigation services and are able to adapt to the individual needs of solicitors, private clients, Law Enforcement Agencies and commercial businesses.

Cybereason

Cybereason

Cybereason provides real-time detection of malicious activity enabling you to identify the cause and scope of an attack and ensure an effective response.

CERT-PY

CERT-PY

CERT-PY is the national Computer Emergency Response Team for Paraguay.

FTAPI Software

FTAPI Software

FTAPI SecuTransfer is a software solution for end-to-end encrypted data exchange of large and sensitive data with customers and partners.

Repulsa

Repulsa

Repulsa provides state-of-the-art, patented, fast filtering with over 700 million malicious IP addresses and over 30 million categorized site listings updated daily.

NetSecurity

NetSecurity

NetSecurity is a Brazilian company specializing in Information Security. We provide Managed Security Services (MSS), network security solutions and other specialist services.

C2SEC

C2SEC

C2Sec provides an innovative analytics platform that assesses and quantifies cyber risks in financial terms based on combining patented big data, AI, and cybersecurity technologies.

Cyber Smart Defense

Cyber Smart Defense

Cyber Smart Defense is a specialist provider of penetration testing services and IT security audits.