Mercenary Hackers Funded By Nation-States

Uploaded on 2017-12-08 in TECHNOLOGY--Hackers, INTELLIGENCE--USA, FREE TO VIEW

Lines between government-backed hackers and cyber criminals are getting blurred, as indicated by recent the FBI indictment of two Russian intelligence officers and two criminal co-defendants for a major breach of the Yahoo email service.

Earlier this FBI Director Christopher Wray told the US Congressional Homeland Security Committee, “We are seeing an emergence of that kind of collaboration which used to be two separate things, nation-state actors and criminal hackers." 

The Homeland Security Department is also following the trend, acting Secretary Elaine Duke told the committee. “What we’re having to do is really understand, as the director said earlier, the difference between state actors, people [who are] maybe just looking for financial gain and those hybrid actors and that’s become more difficult,” she said. Homeland Security leads civilian government cyber-security and helps critical infrastructure providers, such as airports, banks and hospitals, secure their computer networks.

US officials have long feared that cyber-criminal networks, which operate with relative impunity in parts of Russia, could be deputised for hacking operations that serve the Kremlin’s interests.

Russian President Vladimir Putin even speculated that “patriotic hackers” in Russia might have been responsible for email breaches at Democratic political organisations that sowed chaos during the 2016 US presidential election. He’s disputed, however, US intelligence agencies’ conclusion that the Russian government ordered those breaches.

Historically this type of government/criminal action goes a long way back and one relevant association was/is with pirates on the seas and oceans where the pirates that were commissioned by a government were called privateers and many governments used them against their opposition/enemy including the English against the Spanish in the 16th/17th centuries.  

Such hybrid government-criminal breaches are increasingly becoming a reality, Wray told lawmakers. “You have the blend of a nation-state actor, in that case, the Russian intelligence service, using the assistance of criminal hackers, which you think of almost like mercenaries, being used to commit cyberattacks,” the FBI director said. “Russia is attempting to assert its place in the world and relying more creatively on a form of asymmetric warfare to damage and weaken this country economically and otherwise,” he said.   

It’s highly unlikely the Russian Yahoo hackers will see a US courtroom because the US does not have an extradition agreement with Russia, Wray acknowledged. “On the other hand, if they travel, that’s going to be a challenge for them because they are now, at that point, fugitives wanted by the FBI,” he said.

DefenseOne

You Might Also Read

Nation State Hacking Has A Big Commercial Impact:

The Nation State Hack-Attack:

Yahoo Hack Affects 1 Billion Accounts:

Hackers For Hire:

 

 

« Fake News & Botnets: Russia Has Weaponised The Web
Australia To Challenge Facebook & Google Over Media Disruption »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Tripwire

Tripwire

Tripwire are a leading provider of risk-based security, compliance and vulnerability management solutions.

Lastline

Lastline

Lastline is the leader in advanced malware protection.

Sapien Cyber

Sapien Cyber

Sapien Cyber is an Australian company bringing leading-edge cyber security and threat intelligence solutions.

Bugraptors

Bugraptors

BugRaptors is a certified software testing company with extensive experience as a third-party testing vendor, effectively proven as a leader in software testing & QA Services.

Founder Shield

Founder Shield

Founder Shield is a data driven insurance brokerage focused excusively on rapidly evolving high-growth companies.

Keeper Security

Keeper Security

Keeper is a leading enterprise password manager and cybersecurity platform for preventing password-related data breaches and cyberthreats.

Avancer Corporation

Avancer Corporation

Avancer Corporation is a multi-system integrator focusing on Identity and Access Management (IAM) Technology. Founded in 2004.

Dazz

Dazz

Dazz is the cloud security remediation platform for smart security and development teams.

Infoline Tec Group Berhad

Infoline Tec Group Berhad

Infoline Tec Group Berhad is principally involved in providing IT infrastructure solutions, cybersecurity service provider and solutions, managed IT and other IT services.

Cyber Proud

Cyber Proud

Cyber proud is leading a talent revolution to promote and create an inclusive skilled cyber workforce.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZeroGPT

ZeroGPT

ZeroGPT.com stands at the forefront of AI detection tools, specializing in the precise identification of ChatGPT-generated text.

CODA Intelligence

CODA Intelligence

CODA's AI-powered attack surface management platform helps you sort out the important remediations needed in order to avoid exploits on your systems.

Emantra

Emantra

Emantra specialises in the enablement of Secure Cloud services through it’s comprehensive Sovereign Cloud Hosting, Secure Access Service Edge, and managed services.

IndoSec

IndoSec

IndoSec is an annual cybersecurity summit that powers an in-person gathering of cybersecurity leaders from Indonesia’s major corporations, leading businesses and key government entities.

Anthropic

Anthropic

Anthropic is a Public Benefit Corporation, whose purpose is the responsible development and maintenance of advanced AI for the long-term benefit of humanity.