Is there anyone who believes the internet is not used for cyberespionage?
The world of espionage has been ensconced within the internet seemingly since the first packet was sent via the ARPANET some 45-plus years ago, as the concept of packet switching and the attendant protocols that are the cornerstone of the internet of 2018 were funded by the U.S. Department of Defense to improve communications.
Throughout the evolution of the internet, some nation states have excelled at exploiting both content and capability to advance their causes. If one listened carefully to the worldwide threat brief provided by the U.S. director of national intelligence to the Senate Select Committee on Intelligence, one would know that China, Russia, North Korea and Iran are conducting cyberespionage against the United States with regularity.
What may be illuminating, however, is that the United States is but one of the many target nations that have fallen into the crosshairs of these nation’s targeteers. Furthermore, the reason for their cyberespionage varies widely.
Russia, for example, has evolved direct cyberespionage capability within its governmental ranks, both civilian and military. When a target is within the Russian Federation, it is within a few key strokes of having its electronics diddled. No, Russia is not the Soviet Union, and there no longer may be an attendant on the floor turning on the listening devices in the hotel when the foreigner enters the room, but rest assured the ability to listen and capture information when desired remains.
External to Russia, civilian and military intelligence entities have evolved the use of surrogates to conduct their forays into the infrastructure of countries or to lift sensitive data from within government databases. While the surrogate may be a common cybercriminal and monetizing the theft of personal identifying information on a regular basis, rest assured if the target was sanctioned by the intelligence apparatus, the information was shared with the Russian sponsor.
A recent example of the above involved Germany. For many months the German domestic intelligence and security service, Bundesamt für Verfassungsschutz (BfV), has been advising both public and private sectors that they were being scanned and measured by Russia (and China, North Korea and Iran). It was as if the cold war mentality had returned, déjà vu.
Then in early March the Germans declared they were investigating a “cybersecurity incident concerning the federal government’s information technology networks.” Which German network was penetrated? The most sensitive of networks, the IVBB (Informationsverbund Berlin-Bonn) a specially designed network that sits apart from public networks for exclusive use within the government. NPR reported that the attackers were the Russian surrogate group Fancy Bear, who were blamed for the successful penetration of the Democratic National Committee in 2016.
If you have something of interest you are trying to protect from Russia’s prying eyes, know that they are working as hard to get a peek or garner possession.
Which brings us to China, which also has been repeatedly accused of cyberespionage, and rightly so. Most recently, Japanese public and private sector entities were subjected to successful Chinese cyberattacks resulting in the loss of intellectual property. And, we also noted how the German government had highlighted the Chinese use of social networks to engage in elicitation and surveillance of various entities that were being targeted for exploitation.
Add to the above the audacious cyberespionage operation, which took place in Addis Ababa, Ethiopia, when the Chinese left an easter egg for the occupants—a store-and-forward capability on their IT network and, allegedly, listening devices throughout the building—when they handed the keys over to the African Union for their new, Chinese-built headquarters building.
The penetration of the U.S. Office of Personnel Management database—which compromised millions of background investigations files on both employees, applicants and annuitants who enjoyed the trust of the U.S. by virtue of their having been granted a security clearance—produced a lot of real pain. No doubt when this data hit the Chinese databases, they rang the bell and had many rounds in celebration.
China isn’t stopping. They will continue to purloin that for which the research and development will take more time than allocated to fit into their multiyear plans. Their commercial investments into infrastructure abroad and the various trade deals are all necessary to keep China’s booming populace mollified with adequate goods and services. When they can, they will conduct economic espionage via a non-attributable hand.
Is the Sky Falling?
The CEO of WhiteHat Security Craig Hinkley said: “A vigilant approach is the best way forward in a time of cold-cyberwarfare by identifying current and old vulnerabilities, threat hunting and staying ahead with new intelligence. The best way to overcome hackers is to provide a smooth attack surface without obvious holes, to improve security knowledge internally and for enterprises to be proactive in continuously scanning and testing themselves to discover potential vulnerabilities that are lurking.”
What is certain, cyberespionage is a growth sector, and those who are focused on evolving cyberdefenses may look forward to many years of full employment.
We’ll talk about North Korea and Iran in the next piece, as their motivations are less global geopolitical and economic, and more focused on keeping leadership in their seats.