Reinventing Cold War Spy Craft

Uploaded on 2017-07-18 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

Have state-sponsored hackers been spending nights reading Cold War spy novelists like John Le Carré? It does seems that way. Because those classic espionage techniques are being reinvented as the latest strategies to compromise Western democracies.

Take the recent reports on Russia’s attack on a US company that provides voting support and systems to local election offices. According to these reports, Russian-sponsored hackers made their way into the company system by sending phishing emails to local officials. They hoped they were naïve enough to open the emails, which would have introduced malware into the voting infrastructure.

This “weakest link” approach is similar to how the KGB during the Cold War attempted to penetrate “target installations” to compromise vulnerable Americans.

So if we want to look forward and secure ourselves from hacking, we should look backward at how old-school spy-craft is being applied to new-school cyber-craft.  The principles have not changed. In fact, we are at greater risk now that sophisticated algorithms, artificial intelligence and other cutting-edge technologies are moving spy-craft to a new, almost super-human level.

Here are some striking parallels between the Cold War and the Cyber Wars, and some tools and tactics you can adopt to defend yourself:

1. Handlers haven’t gone away.
Old-School Spy-craft: In the good old days, the CIA and KGB’s operatives, spies, moles, and other agents, penetrated key organisations and stole crucial information. Shrewd handlers trained those spies, or “assets” to go undercover, penetrate their targets surreptitiously and assess the most essential information to pursue.
New-School Cyber-craft: There are still asset-controlling handlers, we call these handlers “state sponsors” and their assets “threat actors”, whose missions include penetrating strategic targets like governmental institutions, enterprise databases and even critical infrastructure. Cyber-oriented military units as well as state-sponsored groups of hackers hired by governments are controlled by these malicious puppeteers.

2. Humint-- Modelling our modern spies.
Old-School Spy-craft: Espionage 101 teaches spies to identify the sources of information that their government needs, and scoop them up faster than you can say “undercover agent wearing trench coat.”
Once successfully immersed in the right community, the spies often remain silent (sleeper agents), biding their time until receiving the order from their handlers to strike. These embedded agents avoid communication with their handlers for long periods of time so as not to arouse suspicion. This requires significant training and “Bourne”-like self-sufficiency, both physical and emotional.

  • New-School Cyber-craft: Like human spies, self-sufficient malware can be trained to enter surreptitiously into protected systems and search for specific information that fits the spy’s Modus Operandi, while blending into the scenery, or, on the contrary, “hiding in plain sight.” 
  • Self-sufficient malware. Like the spies of old, malware must also be able to overcome well-engineered sequences of security traps deployed to block their outbound communication. The more self-sufficient the malware, the more successful. While their old-school human counterparts had their own booze-and-caffeine fueled limits, unlike real people, bots never get burned out. 

And real spies didn’t have Artificial Intelligence to sift through a vast tonnage of communications and unstructured data, including phone conversations, emails and key data banks, automatically understanding context like humans do and identifying the relevant data they need.

The recent DNC hacks are a textbook example -- the sensitive emails were exposed to the outside world by self-sufficient malware that patiently lingered on the inside of DNC servers for almost a year, silently collecting information… until the right moment.

3. Double agents: Trust is a slippery thing.
Old-School Spy-craft: Handlers sent their most skilled agents into target-rich networks, such as an intelligence agency, to zero in on whoever on the inside had access to the most classified information and was vulnerable to being flipped into a double agent. Often it was someone with a weakness that made them susceptible to compromise, affairs, a drinking problem, gambling debts, etc. This was a classic tactic employed by the KGB and other intelligence agencies during the Cold War.
New-School Cyber-craft: In today’s world, insiders can turn against their employers, becoming the cyber equivalent of double agents. When you wreak havoc from within, you eliminate the need to penetrate well-protected, or even “air gapped” systems (those disconnected from the internet). Edward Snowden is the perfect example of an insider threat who became a very real one. Many companies fixated on outside threats overlook the hazards within.

Defending against new-school cyber craft.

It’s much more affordable to mount a cyberattack than invest in building a spy operation. That makes it easier for nations and organizations least expected to join in this newfangled cyber battle. With the barrier to entry so low, it is essential that we re-engineer our thinking to defend against new-school cyber-craft. Here are five ways to think differently:

1. Revert to methods of previous eras.
There are methods that seem antiquated but are un-hackable. The Dutch government, for example, has announced that it is returning to hand counting its ballots amidst fears of cyber-attacks during elections. And super-sensitive conversations are best handled in-person.

2. Increase utilisation of data encryption.
These methods have existed for years, but typically have not been used on personal computers and phones because they slow them down and can require additional integration. The risk of cyber threats counters those objections. Institutions must widen their definition of “critical infrastructure” to include data encryption both in data centers and on PCs of key political and business figures.

3. Smarter anti-malware.
Much as sophisticated counter-intelligence units ferret out moles in intelligence organizations, we need smarter anti-malware software, such as tools that can sniff out concealed AI capabilities in software, that can be “trained” to hunt self-sufficient bots.

4. Behavior analytics.
Intelligence agencies have internal measures used to identify double agents. It's time to accelerate deployment of network and identity behavior analytics able to identify insiders (i.e. employees and contractors) acting in strange and anomalous fashions. Someone who suddenly shows up on a Sunday night to download files is the equivalent of a mid-level intelligence agent who is suddenly driving a BMW and buying a vacation home.

5. Collaboration
Organisations should collaborate by exchanging threat information (TTPs) and knowledge about the threat actors behind them, so they can proactively implement more targeted security measures.

To protect ourselves from clear and present dangers, we must go back to the future. Today’s security strategists would be well-advised to look to the ways of the past and adapt their lessons to cyber-security of today to create a safer tomorrow.

Entrepreneur:

You Might Also Read:

Getting Intelligence Agencies To Adapt To Life Out Of The Shadows:

Is Edward Snowden Really A Russian Agent?:

US Intelligence Agencies Fear Insiders As Much As Spies:

 

« Do British Police Take Cyber Crime Seriously?
Half Of US Firms Do Not Buy Cyber Insurance »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NuHarbor Security

NuHarbor Security

NuHarbor is a leading information security consulting and advisory firm specializing in Information Security, Compliance, and Risk Management.

Clifford Chance

Clifford Chance

Clifford Chance are one of the world's pre-eminent law firms with resources across five continents. Practice areas include Cyber Security & Information Protection

baramundi software

baramundi software

baramundi software AG provides companies and organizations with efficient, secure, and cross-platform management of workstation environments.

SISA

SISA

SISA is a global forensics-driven cybersecurity solutions company, trusted by leading organizations for securing their businesses with robust preventive and corrective cybersecurity solutions.

Positive Technologies

Positive Technologies

Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection.

BEAM Teknoloji

BEAM Teknoloji

BEAM Technology is an independent Software Quality and Security Testing Center in Turkey.

Hack The Box

Hack The Box

Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with thousands of people in the security field.

Com Laude

Com Laude

Com Laude is a domain name management company that provides strategic consulting to help companies strengthen digital brand, safeguard customers & protect brand IP.

NetTech

NetTech

NetTech’s Managed CyberSecurity and Compliance/HIPAA services are designed to help your company prevent security breaches and quickly remediate events if they do happen to occur.

Goldilock

Goldilock

Goldilock is redefining how sensitive data, devices, networks and critical infrastructure can be secured.

Zitec

Zitec

One of Europe's largest and most prominent full-cycle software development services companies, Zitec is the digital transformation partner to companies in the EU, UK, USA, Canada and ME.

inWebo

inWebo

inWebo is the specialist in multi-factor strong authentication (MFA). We guarantee the security of data and identities in a digital world with increasingly important economic and political stakes.

Chugach Government Solutions (CGS)

Chugach Government Solutions (CGS)

CGS performs work for the Federal Government across 4 unique core lines of business, including: Facilities Management and Maintenance, Construction, Technical IT and Cyber Services, and Educational Se

Network Contagion Research Institute (NCRI)

Network Contagion Research Institute (NCRI)

NCRI provides pioneering technology, research, and analysis to identify and forecast cyber-social threats targeting individuals, organizations, and communities.

Excite Cyber

Excite Cyber

Excite Technology Services (formerly Cipherpoint) is focused on improving the security posture of our customers.

Aurascape AI

Aurascape AI

Aurascape is working on advanced cybersecurity solutions powered by grounds-up generative AI architecture.