Reinventing Cold War Spy Craft

Have state-sponsored hackers been spending nights reading Cold War spy novelists like John Le Carré? It does seems that way. Because those classic espionage techniques are being reinvented as the latest strategies to compromise Western democracies.

Take the recent reports on Russia’s attack on a US company that provides voting support and systems to local election offices. According to these reports, Russian-sponsored hackers made their way into the company system by sending phishing emails to local officials. They hoped they were naïve enough to open the emails, which would have introduced malware into the voting infrastructure.

This “weakest link” approach is similar to how the KGB during the Cold War attempted to penetrate “target installations” to compromise vulnerable Americans.

So if we want to look forward and secure ourselves from hacking, we should look backward at how old-school spy-craft is being applied to new-school cyber-craft.  The principles have not changed. In fact, we are at greater risk now that sophisticated algorithms, artificial intelligence and other cutting-edge technologies are moving spy-craft to a new, almost super-human level.

Here are some striking parallels between the Cold War and the Cyber Wars, and some tools and tactics you can adopt to defend yourself:

1. Handlers haven’t gone away.
Old-School Spy-craft: In the good old days, the CIA and KGB’s operatives, spies, moles, and other agents, penetrated key organisations and stole crucial information. Shrewd handlers trained those spies, or “assets” to go undercover, penetrate their targets surreptitiously and assess the most essential information to pursue.
New-School Cyber-craft: There are still asset-controlling handlers, we call these handlers “state sponsors” and their assets “threat actors”, whose missions include penetrating strategic targets like governmental institutions, enterprise databases and even critical infrastructure. Cyber-oriented military units as well as state-sponsored groups of hackers hired by governments are controlled by these malicious puppeteers.

2. Humint-- Modelling our modern spies.
Old-School Spy-craft: Espionage 101 teaches spies to identify the sources of information that their government needs, and scoop them up faster than you can say “undercover agent wearing trench coat.”
Once successfully immersed in the right community, the spies often remain silent (sleeper agents), biding their time until receiving the order from their handlers to strike. These embedded agents avoid communication with their handlers for long periods of time so as not to arouse suspicion. This requires significant training and “Bourne”-like self-sufficiency, both physical and emotional.

  • New-School Cyber-craft: Like human spies, self-sufficient malware can be trained to enter surreptitiously into protected systems and search for specific information that fits the spy’s Modus Operandi, while blending into the scenery, or, on the contrary, “hiding in plain sight.” 
  • Self-sufficient malware. Like the spies of old, malware must also be able to overcome well-engineered sequences of security traps deployed to block their outbound communication. The more self-sufficient the malware, the more successful. While their old-school human counterparts had their own booze-and-caffeine fueled limits, unlike real people, bots never get burned out. 

And real spies didn’t have Artificial Intelligence to sift through a vast tonnage of communications and unstructured data, including phone conversations, emails and key data banks, automatically understanding context like humans do and identifying the relevant data they need.

The recent DNC hacks are a textbook example -- the sensitive emails were exposed to the outside world by self-sufficient malware that patiently lingered on the inside of DNC servers for almost a year, silently collecting information… until the right moment.

3. Double agents: Trust is a slippery thing.
Old-School Spy-craft: Handlers sent their most skilled agents into target-rich networks, such as an intelligence agency, to zero in on whoever on the inside had access to the most classified information and was vulnerable to being flipped into a double agent. Often it was someone with a weakness that made them susceptible to compromise, affairs, a drinking problem, gambling debts, etc. This was a classic tactic employed by the KGB and other intelligence agencies during the Cold War.
New-School Cyber-craft: In today’s world, insiders can turn against their employers, becoming the cyber equivalent of double agents. When you wreak havoc from within, you eliminate the need to penetrate well-protected, or even “air gapped” systems (those disconnected from the internet). Edward Snowden is the perfect example of an insider threat who became a very real one. Many companies fixated on outside threats overlook the hazards within.

Defending against new-school cyber craft.

It’s much more affordable to mount a cyberattack than invest in building a spy operation. That makes it easier for nations and organizations least expected to join in this newfangled cyber battle. With the barrier to entry so low, it is essential that we re-engineer our thinking to defend against new-school cyber-craft. Here are five ways to think differently:

1. Revert to methods of previous eras.
There are methods that seem antiquated but are un-hackable. The Dutch government, for example, has announced that it is returning to hand counting its ballots amidst fears of cyber-attacks during elections. And super-sensitive conversations are best handled in-person.

2. Increase utilisation of data encryption.
These methods have existed for years, but typically have not been used on personal computers and phones because they slow them down and can require additional integration. The risk of cyber threats counters those objections. Institutions must widen their definition of “critical infrastructure” to include data encryption both in data centers and on PCs of key political and business figures.

3. Smarter anti-malware.
Much as sophisticated counter-intelligence units ferret out moles in intelligence organizations, we need smarter anti-malware software, such as tools that can sniff out concealed AI capabilities in software, that can be “trained” to hunt self-sufficient bots.

4. Behavior analytics.
Intelligence agencies have internal measures used to identify double agents. It's time to accelerate deployment of network and identity behavior analytics able to identify insiders (i.e. employees and contractors) acting in strange and anomalous fashions. Someone who suddenly shows up on a Sunday night to download files is the equivalent of a mid-level intelligence agent who is suddenly driving a BMW and buying a vacation home.

5. Collaboration
Organisations should collaborate by exchanging threat information (TTPs) and knowledge about the threat actors behind them, so they can proactively implement more targeted security measures.

To protect ourselves from clear and present dangers, we must go back to the future. Today’s security strategists would be well-advised to look to the ways of the past and adapt their lessons to cyber-security of today to create a safer tomorrow.

Entrepreneur:

You Might Also Read:

Getting Intelligence Agencies To Adapt To Life Out Of The Shadows:

Is Edward Snowden Really A Russian Agent?:

US Intelligence Agencies Fear Insiders As Much As Spies:

 

« Do British Police Take Cyber Crime Seriously?
Half Of US Firms Do Not Buy Cyber Insurance »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

April 4, 2024 | 11:00 AM PT: Join this webinar to find out about six emerging trends dominating the cloud cybersecurity landscape.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Huawei

Huawei

Huawei is a leading global ICT solutions provider. with end-to-end capabilities across the carrier networks, enterprise, consumer, and cloud computing fields.

Wisegate

Wisegate

Wisegate is a community of IT experts providing advisory services on all areas of IT including security.

Digital DNA

Digital DNA

Digital DNA provides Law-Enforcement-Grade Computer Forensics, Cyber Security and E-Discovery Investigations.

Cysec - TU Darmstadt

Cysec - TU Darmstadt

CYSEC is the Cybersecurity faculty of the Technical University of Darmstadt and performs internationally renowned research in numerous areas of cybersecurity.

Potomac Institute for Policy Studies

Potomac Institute for Policy Studies

Potomac Institute undertakes research on key science, technology, and national security issues facing society, Study areas include cybersecurity.

Grimm Cyber

Grimm Cyber

GRIMM makes the world a more secure place by increasing the cyber resiliency of our client’s systems, networks, and products.

IQ Solutions

IQ Solutions

IQ Solutions is a Digital Integrator and an ICT Services Provider, focusing on innovative Cyber Secured ICT managed solutions tailored to the needs of the Maritime Industry.

_cyel

_cyel

_cyel is introducing a new cybersecurity strategy: not a new generation of patches and firewalls, but moving target security – we take away the targets. Without replacing your existing system.

S2T

S2T

S2T builds cyber intelligence solutions based on deep expertise in diverse domains such as intelligence, machine learning and AI, big data processing, statistics and linguistics.

The Security Company (TSC)

The Security Company (TSC)

The Security Company is a leading provider of creative employee security awareness programmes.

HENSOLDT Cyber

HENSOLDT Cyber

HENSOLDT Cyber introduces a paradigm shift to cyber security. Our products have been designed to ensure the integrity of embedded systems at the core: the operating system and the processor.

Bright Pixel Capital

Bright Pixel Capital

Bright Pixel Capital is a venture capital company with a focus on Cybersecurity, Retail Technologies, Digital Infrastructure and Emerging Technologies.

Distology

Distology

Distology are an award-winning cloud security distributor bringing a wealth of experience and strong relationships with a huge breadth of partners covering the UK, Ireland and Benelux.

Cranium

Cranium

AI is being implemented into every business process, but nobody knows whether their AI is secure. Our mission is to deliver security and trust to the AI revolution.

Theos Cyber Solutions

Theos Cyber Solutions

Theos Cyber provides service-first cybersecurity solutions to digital businesses in Asia.

DART Consulting & Training

DART Consulting & Training

DART is a leading cyber training and consultancy company. We enhance our clients’ cyber capabilities by growing and strengthening their frontline defense – the cyber teams.