Reinventing Cold War Spy Craft

Have state-sponsored hackers been spending nights reading Cold War spy novelists like John Le Carré? It does seems that way. Because those classic espionage techniques are being reinvented as the latest strategies to compromise Western democracies.

Take the recent reports on Russia’s attack on a US company that provides voting support and systems to local election offices. According to these reports, Russian-sponsored hackers made their way into the company system by sending phishing emails to local officials. They hoped they were naïve enough to open the emails, which would have introduced malware into the voting infrastructure.

This “weakest link” approach is similar to how the KGB during the Cold War attempted to penetrate “target installations” to compromise vulnerable Americans.

So if we want to look forward and secure ourselves from hacking, we should look backward at how old-school spy-craft is being applied to new-school cyber-craft.  The principles have not changed. In fact, we are at greater risk now that sophisticated algorithms, artificial intelligence and other cutting-edge technologies are moving spy-craft to a new, almost super-human level.

Here are some striking parallels between the Cold War and the Cyber Wars, and some tools and tactics you can adopt to defend yourself:

1. Handlers haven’t gone away.
Old-School Spy-craft: In the good old days, the CIA and KGB’s operatives, spies, moles, and other agents, penetrated key organisations and stole crucial information. Shrewd handlers trained those spies, or “assets” to go undercover, penetrate their targets surreptitiously and assess the most essential information to pursue.
New-School Cyber-craft: There are still asset-controlling handlers, we call these handlers “state sponsors” and their assets “threat actors”, whose missions include penetrating strategic targets like governmental institutions, enterprise databases and even critical infrastructure. Cyber-oriented military units as well as state-sponsored groups of hackers hired by governments are controlled by these malicious puppeteers.

2. Humint-- Modelling our modern spies.
Old-School Spy-craft: Espionage 101 teaches spies to identify the sources of information that their government needs, and scoop them up faster than you can say “undercover agent wearing trench coat.”
Once successfully immersed in the right community, the spies often remain silent (sleeper agents), biding their time until receiving the order from their handlers to strike. These embedded agents avoid communication with their handlers for long periods of time so as not to arouse suspicion. This requires significant training and “Bourne”-like self-sufficiency, both physical and emotional.

  • New-School Cyber-craft: Like human spies, self-sufficient malware can be trained to enter surreptitiously into protected systems and search for specific information that fits the spy’s Modus Operandi, while blending into the scenery, or, on the contrary, “hiding in plain sight.” 
  • Self-sufficient malware. Like the spies of old, malware must also be able to overcome well-engineered sequences of security traps deployed to block their outbound communication. The more self-sufficient the malware, the more successful. While their old-school human counterparts had their own booze-and-caffeine fueled limits, unlike real people, bots never get burned out. 

And real spies didn’t have Artificial Intelligence to sift through a vast tonnage of communications and unstructured data, including phone conversations, emails and key data banks, automatically understanding context like humans do and identifying the relevant data they need.

The recent DNC hacks are a textbook example -- the sensitive emails were exposed to the outside world by self-sufficient malware that patiently lingered on the inside of DNC servers for almost a year, silently collecting information… until the right moment.

3. Double agents: Trust is a slippery thing.
Old-School Spy-craft: Handlers sent their most skilled agents into target-rich networks, such as an intelligence agency, to zero in on whoever on the inside had access to the most classified information and was vulnerable to being flipped into a double agent. Often it was someone with a weakness that made them susceptible to compromise, affairs, a drinking problem, gambling debts, etc. This was a classic tactic employed by the KGB and other intelligence agencies during the Cold War.
New-School Cyber-craft: In today’s world, insiders can turn against their employers, becoming the cyber equivalent of double agents. When you wreak havoc from within, you eliminate the need to penetrate well-protected, or even “air gapped” systems (those disconnected from the internet). Edward Snowden is the perfect example of an insider threat who became a very real one. Many companies fixated on outside threats overlook the hazards within.

Defending against new-school cyber craft.

It’s much more affordable to mount a cyberattack than invest in building a spy operation. That makes it easier for nations and organizations least expected to join in this newfangled cyber battle. With the barrier to entry so low, it is essential that we re-engineer our thinking to defend against new-school cyber-craft. Here are five ways to think differently:

1. Revert to methods of previous eras.
There are methods that seem antiquated but are un-hackable. The Dutch government, for example, has announced that it is returning to hand counting its ballots amidst fears of cyber-attacks during elections. And super-sensitive conversations are best handled in-person.

2. Increase utilisation of data encryption.
These methods have existed for years, but typically have not been used on personal computers and phones because they slow them down and can require additional integration. The risk of cyber threats counters those objections. Institutions must widen their definition of “critical infrastructure” to include data encryption both in data centers and on PCs of key political and business figures.

3. Smarter anti-malware.
Much as sophisticated counter-intelligence units ferret out moles in intelligence organizations, we need smarter anti-malware software, such as tools that can sniff out concealed AI capabilities in software, that can be “trained” to hunt self-sufficient bots.

4. Behavior analytics.
Intelligence agencies have internal measures used to identify double agents. It's time to accelerate deployment of network and identity behavior analytics able to identify insiders (i.e. employees and contractors) acting in strange and anomalous fashions. Someone who suddenly shows up on a Sunday night to download files is the equivalent of a mid-level intelligence agent who is suddenly driving a BMW and buying a vacation home.

5. Collaboration
Organisations should collaborate by exchanging threat information (TTPs) and knowledge about the threat actors behind them, so they can proactively implement more targeted security measures.

To protect ourselves from clear and present dangers, we must go back to the future. Today’s security strategists would be well-advised to look to the ways of the past and adapt their lessons to cyber-security of today to create a safer tomorrow.

Entrepreneur:

You Might Also Read:

Getting Intelligence Agencies To Adapt To Life Out Of The Shadows:

Is Edward Snowden Really A Russian Agent?:

US Intelligence Agencies Fear Insiders As Much As Spies:

 

« Do British Police Take Cyber Crime Seriously?
Half Of US Firms Do Not Buy Cyber Insurance »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

HyTrust

HyTrust

HyTrust specialises in security, compliance and control software for virtualization and cloud environments.

Lumen Technologies

Lumen Technologies

Lumen is an enterprise technology platform that enables companies to capitalize on emerging applications and power the 4th Industrial Revolution (4IR).

Hypersecu Information Systems

Hypersecu Information Systems

Hypersecu Information Systems, Inc. is a solution provider dedicated to multi-factor authentication, public key infrastructure and software copyright protection.

Bright Machines

Bright Machines

Bright Machines delivers intelligent, software-defined manufacturing by bringing together our flexible factory robots with intelligent software, production data and machine learning.

Nordic Cyber Summit

Nordic Cyber Summit

Nordic Cyber Security Summit addresses a wide range of technological issues from the IT Security spectrum and also provides a wider perspective from all aspects of the industry.

SOFTwarfare

SOFTwarfare

SOFTwarfare deliver high-quality, reliable and secure enterprise application integrations through RESTful APIs for Cyber, Ops & Dev.

Ukrainian Academy of Cyber Security (UACS)

Ukrainian Academy of Cyber Security (UACS)

UACS is a professional non-profit public organization established to promote the development of an extensive network and ecosystem of education and training in the field of cyber security.

Cyvatar

Cyvatar

Cyvatar is a technology-enabled cyber security as a service (CSaaS) provider delivering smarter managed security to help you achieve compliance and security faster and more efficiently.

National Institute for Research & Development in Informatics (ICI Bucharest)

National Institute for Research & Development in Informatics (ICI Bucharest)

ICI Bucharest is the most important institute in the field of research, development and innovation in information and communication technology (ICT) in Romania.

UncommonX

UncommonX

UncommonX offers enterprise-class cybersecurity protection for mid-size organizations by combining adaptive threat and intelligence software with 24/7 industry experts.

Advantage

Advantage

Advantage exists to provide peace of mind in an evolving technology reliant world. We were created by visionaries who for nearly 4-decades have been passionate about providing world-class solutions.

DigitalWell

DigitalWell

DigitalWell provide fully managed IT and communications solutions for a truly innovative end-to-end experience - for your customers and teams.

ExchangeDefender

ExchangeDefender

ExchangeDefender provides cybersecurity services that secures your company email and data, and guarantees 24/7 email access.

StrongBox IT

StrongBox IT

Strongbox IT provides solutions to secure web applications and infrastructure.

Gomboc.ai

Gomboc.ai

Gomboc solve cloud infrastructure security policy deviations by providing tailored remediations to the IaC (Infrastructure as Code).

Arculus Cyber Security

Arculus Cyber Security

Arculus Cyber Security enables customers to securely realise the benefits of digital transformation through pragmatic solutions, guidance and services.