More and more, headlines are drawing attention to instances of cyber-espionage. Beyond basic hacking, cyber-espionage targets governments or companies with the goal of extracting information or trade secrets. In this secret world, what motivates these hackers and what can be done to stop them.
Cyber-attacks, cyber espionage and cybercrimes are on the rise as the world becomes more and more connected. Targets can be either governments or business, however, the end goal is the same – to gain information to bring a system down. Like all technology security trends, cyber espionage is an ever changing environment, and even the industry’s experts are caught off guard now and then.
“The first thing we need to acknowledge is that there is a continuum of threat actors out there with their own motivations, strategies and goals in mind. This is a complex and ever-changing landscape, from the ‘noise’ of the generic and simply opportunistic actors seeking short-term economic gain, to the more specifically targeted campaigns, explicitly aiming to extract data from organisations and various verticals,” says Simon Mullis, Global Technical Lead for Strategic Alliances, FireEye. Due to political circumstances, or even a simple changing of the guard, the lines between these groups can often be quite gray. What may start out as a non-targeted attack can quickly change focus or fall into the hands of a more dangerous bad actor.
Cyber espionage takes on a number of forms these days. Whether government or corporate driven, in general, the individuals who carry out the attack are – for lack of a better word – independent contractors. “If a nation-state has limited capabilities or experience in cyberespionage – but clear motives and strategic imperatives – then the only option is to subcontract the activities to a private group,” says Mullis.
These hackers are now, more often than not, relying on behaviour-based attacks. “In this type of cyber-attack, a group of hackers – black hats in tradition definition – can launch a campaign against government departments or corporate networks,” explains Rohit Aggarwal – CEO and founder, Koenig Solutions Limited. “They approach the target using Facebook, LinkedIn and Twitter and steal their sensitive information by sending malicious links to the victim. They are not doing it for themselves, of course, these hackers have been especially hired for cyber-espionage purposes.”
“The links between sophisticated nation-states and criminal groups seem to be proven by the fact that we regularly see techniques, tactics, procedures and tools being used first by nation-states and later by criminal groups, and subsequently by hacktivists,” says Mullis.
As they are often times hired by governments or organisations, the motives of the actual hackers are easy to discern. But what of the motivation of their employers? “The motives for a cyberattack are many and we must understand that these tools and techniques are simply another way for attackers to reach their strategic goals. A cyberattack is best understood not as an end in itself, but as a potentially powerful means to a wide variety of political, military and economic goals,” says Mullis.
Simon Bryden, Consulting Systems Engineer, Fortinet, agrees. “The motivation is generally to gain strategic information for political or economic gain. Examples include stealing of industrial intellectual property, both civil and military, information about trade negotiations and policy, and financial data. Other motivations may include the acquisition of data relating to political activist groups or individuals.”
In general, hackers – and the powers behind them – are looking for data and information, over monetary gain. Sometimes, however, a hack can simply be a way to distribute propaganda. Recently, there have been a number of attacks that have resulted in the takeover of a political party’s web presence. The hackers replace existing information with misleading information, or their own agenda.
Though these attacks can seem innocuous, the gravity of such an attack should not be ignored. Many experts agree that partnerships – between governments and between private security firms – will be key in fighting such attacks. “Espionage driven cyber-attacks pose a great threat to national security. With this key concern in mind, governments are now seeking strategic solutions to help effect more data protection. This will have a major impact on private-public partnerships, since it will increase their demand in order to effectively address the current cyber security issues,” says Koenig.
Recently, many security firms have been partnering with entities such as Interpol to track and mitigate cyber-espionage attacks. There are benefits and risks to this kind of data sharing, however, most say the pros outweigh the cons. “Despite the obvious risk of entrusting the operations and resulting intelligence to a third party, such partnerships can allow access to new and innovative cyber technologies, which could take years to develop in-house,” says Bryden.
Mullis agrees, but takes the need to exchange information to the next level. “The sharing of threat intelligence data between enterprises needs to be automated, as much as legislation allows. Government can be a huge help in establishing the appropriate governance, legislation and the regulatory framework to allow their enforcement. The challenge is to ensure that these steps are initiated in as timely a manner as possible.”
As hackers blur the lines between nations and jurisdictions, regulatory agencies too need to see beyond traditional borders. Sharing of information between governments and private security firms may, indeed, be the key to protecting our respective nations.