Cyberwars Between Nations Are Difficult to Prove

c23a04b5043e391c7a0f6a70670097cb.jpg

Katherine Archuleta, Director, Office of Personnel Management, gestures while she testifies before the Senate Appropriations subcommittee

It is a story that is becoming all-too-familiar: the US government had to admit that one of its key personnel databases, containing the records of up to 4 million staff, had been compromised in a large-scale hacking attack. Officials speaking off the record laid the blame at China’s door, though did not immediately provide any evidence for this claim.

The full scale of the information the attackers accessed remains unknown but could include highly sensitive data such as medical records, employment files and financial details, as well as information on security clearances and more.
The Office of Personnel Management attack is merely the latest of a number of high-profile hacking attacks in the US. Within the last few months, State Department officials had to abandon their email systems for several weeks after a long-term hack was discovered, while Sony executives spent a miserable few weeks watching their internal emails get reported across the world after their own attack.

Those are just a few of the hacking attacks attributed by US officials to nation states – most often China, Russia, or North Korea. But everything about such attacks is murky; finding the perpetrators is difficult if not impossible, as the architecture of the Internet allows for hackers to mask their attack through unwitting users and anonymisation software.
Nation states never claim responsibility – the Chinese embassy warned jumping to conclusions about the attack would be “counterproductive” – and no one has any idea of the full scale of hacking attacks, as even those that are discovered have often been going on for months with anyone noticing.

Attribution to nation states often relies merely on analysing the sophistication of the attack – while lone hackers such as Gary McKinnon may have once wandered through top secret databases, such efforts now often require far more resources than even sophisticated criminal gangs can muster.

The back-and-forth of hacking attacks between governments, somewhat melodramatically referred to as “cyberwar” (though they rarely, if ever, involve death), happen entirely in the shadows, with the method or reason behind any given attack hard to divine. 

The nature of the attacker would give some clues to the motive behind the dive into the Office of Personnel Management’s data. For criminals, the value of such a trove is obvious, with financial data aplenty and everything you would need for identity theft on a huge scale.

Similar factors could motivate the Chinese state, or its intelligence agencies, but they could also benefit in more subtle ways. Personnel directories, are an excellent route into finding individual targets for specific attacks. It might be tempting to think the senior managers of an agency would be the best target, but in reality it’s often the IT guy – get into his account, get the admin passwords, and you’re everywhere. Others have also suggested the hack may have been motivated by trying to find US personnel with security clearances. We will probably never know.

In the tangled and tortured world of espionage, even the state/criminal gang distinction can prove meaningless – intelligence agencies, including our own, target hacking groups, often not in a bid to shut them down but rather to “piggyback” onto their targets. A criminal gang might break in to steal credit card details, with no idea they’ve got an intelligence agency as an invisible passenger.

Such is the quagmire faced by the people trying to protect sensitive information online – which for governments, are often the same intelligence agencies that perform the hacks against rivals.
Building up defences, getting creative about looking for intruders, and trying to build up attribution for hacks are always going to be less fun and less glamorous than going on the offensive, but those are the measures likely to minimise the impact of similar hacks in future. If they are not given higher priority, Western governments are likely to face many more public embarrassments – or worse – in the near future. 

Ein News:
 

« Financial Institutions Face Increasing Cyber Attacks
Europol Tackles Cybercrime Ring »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cigniti Technologies

Cigniti Technologies

Cigniti Technologies provides Independent Software Testing (IST) Services including software security testing.

Logscape

Logscape

Logscape provides a big data analytical tool for log file analysis and operational analytics.

BlueID

BlueID

BlueID is an IDaaS technology product which enables your objects to securely connect and interact with your users’ smart phones and smart watches.

NopSec

NopSec

NopSec provides automated IT security control measurement and risk remediation solutions to help businesses protect their IT environments from security breaches.

Mitre ATT&CK

Mitre ATT&CK

MITRE ATT&CK™ is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

SMESEC

SMESEC

SMESEC is a lightweight Cybersecurity framework for protecting small and medium-sized enterprises (SME) against Cyber threats.

Quantea

Quantea

Our multi-patented solutions - QP Series Network Analytics Accelerator appliance and PureInsight Analytics Software Suite allows you to capture, analyze, store, replay, network traffic data.

Tetrad Digital Integrity (TDI)

Tetrad Digital Integrity (TDI)

TDI is a world-class consulting firm offering cybersecurity services to government agencies and commercial clients around the world.

KrCERT/CC

KrCERT/CC

KrCERT/CC is the National Computer Emergency Response Team in Korea.

WhiteHawk

WhiteHawk

WhiteHawk is the first online Cyber Security Exchange. We help you understand your cyber risk and match you to tailored and affordable solutions.

MetaCert

MetaCert

MetaCert’s Zero Trust browser software reduces the risk of organizations being compromised with a phishing-led cyberattack by more than 98%.

Toothpic

Toothpic

ToothPic has invented, designed, developed and patented a solution to enable companies to turn every smartphone into a secure key for a user-friendly online authentication.

Valeo Nertworks

Valeo Nertworks

Valeo Nertworks is a full-service Managed Security Service Provider (MSSP). We partner with organizations to remove the burden of technology so that they can focus on growing their business.

Readynez

Readynez

Readynez is the digital skills concierge service that helps you ensure your workforce has the tech skills and resources needed to stay ahead of the digital curve.

Borwell

Borwell

Borwell delivers software and IT solutions to the UK MoD and to UK Government departments, which are secure by design.

ECIT

ECIT

ECIT is your preferred provider of finance and IT services. We believe in the value of combining financial and IT services to streamline and improve the operation of your business.