Reinventing Cold War Spy Craft

Have state-sponsored hackers been spending nights reading Cold War spy novelists like John Le Carré? It does seems that way. Because those classic espionage techniques are being reinvented as the latest strategies to compromise Western democracies.

Take the recent reports on Russia’s attack on a US company that provides voting support and systems to local election offices. According to these reports, Russian-sponsored hackers made their way into the company system by sending phishing emails to local officials. They hoped they were naïve enough to open the emails, which would have introduced malware into the voting infrastructure.

This “weakest link” approach is similar to how the KGB during the Cold War attempted to penetrate “target installations” to compromise vulnerable Americans.

So if we want to look forward and secure ourselves from hacking, we should look backward at how old-school spy-craft is being applied to new-school cyber-craft.  The principles have not changed. In fact, we are at greater risk now that sophisticated algorithms, artificial intelligence and other cutting-edge technologies are moving spy-craft to a new, almost super-human level.

Here are some striking parallels between the Cold War and the Cyber Wars, and some tools and tactics you can adopt to defend yourself:

1. Handlers haven’t gone away.
Old-School Spy-craft: In the good old days, the CIA and KGB’s operatives, spies, moles, and other agents, penetrated key organisations and stole crucial information. Shrewd handlers trained those spies, or “assets” to go undercover, penetrate their targets surreptitiously and assess the most essential information to pursue.
New-School Cyber-craft: There are still asset-controlling handlers, we call these handlers “state sponsors” and their assets “threat actors”, whose missions include penetrating strategic targets like governmental institutions, enterprise databases and even critical infrastructure. Cyber-oriented military units as well as state-sponsored groups of hackers hired by governments are controlled by these malicious puppeteers.

2. Humint-- Modelling our modern spies.
Old-School Spy-craft: Espionage 101 teaches spies to identify the sources of information that their government needs, and scoop them up faster than you can say “undercover agent wearing trench coat.”
Once successfully immersed in the right community, the spies often remain silent (sleeper agents), biding their time until receiving the order from their handlers to strike. These embedded agents avoid communication with their handlers for long periods of time so as not to arouse suspicion. This requires significant training and “Bourne”-like self-sufficiency, both physical and emotional.

  • New-School Cyber-craft: Like human spies, self-sufficient malware can be trained to enter surreptitiously into protected systems and search for specific information that fits the spy’s Modus Operandi, while blending into the scenery, or, on the contrary, “hiding in plain sight.” 
  • Self-sufficient malware. Like the spies of old, malware must also be able to overcome well-engineered sequences of security traps deployed to block their outbound communication. The more self-sufficient the malware, the more successful. While their old-school human counterparts had their own booze-and-caffeine fueled limits, unlike real people, bots never get burned out. 

And real spies didn’t have Artificial Intelligence to sift through a vast tonnage of communications and unstructured data, including phone conversations, emails and key data banks, automatically understanding context like humans do and identifying the relevant data they need.

The recent DNC hacks are a textbook example -- the sensitive emails were exposed to the outside world by self-sufficient malware that patiently lingered on the inside of DNC servers for almost a year, silently collecting information… until the right moment.

3. Double agents: Trust is a slippery thing.
Old-School Spy-craft: Handlers sent their most skilled agents into target-rich networks, such as an intelligence agency, to zero in on whoever on the inside had access to the most classified information and was vulnerable to being flipped into a double agent. Often it was someone with a weakness that made them susceptible to compromise, affairs, a drinking problem, gambling debts, etc. This was a classic tactic employed by the KGB and other intelligence agencies during the Cold War.
New-School Cyber-craft: In today’s world, insiders can turn against their employers, becoming the cyber equivalent of double agents. When you wreak havoc from within, you eliminate the need to penetrate well-protected, or even “air gapped” systems (those disconnected from the internet). Edward Snowden is the perfect example of an insider threat who became a very real one. Many companies fixated on outside threats overlook the hazards within.

Defending against new-school cyber craft.

It’s much more affordable to mount a cyberattack than invest in building a spy operation. That makes it easier for nations and organizations least expected to join in this newfangled cyber battle. With the barrier to entry so low, it is essential that we re-engineer our thinking to defend against new-school cyber-craft. Here are five ways to think differently:

1. Revert to methods of previous eras.
There are methods that seem antiquated but are un-hackable. The Dutch government, for example, has announced that it is returning to hand counting its ballots amidst fears of cyber-attacks during elections. And super-sensitive conversations are best handled in-person.

2. Increase utilisation of data encryption.
These methods have existed for years, but typically have not been used on personal computers and phones because they slow them down and can require additional integration. The risk of cyber threats counters those objections. Institutions must widen their definition of “critical infrastructure” to include data encryption both in data centers and on PCs of key political and business figures.

3. Smarter anti-malware.
Much as sophisticated counter-intelligence units ferret out moles in intelligence organizations, we need smarter anti-malware software, such as tools that can sniff out concealed AI capabilities in software, that can be “trained” to hunt self-sufficient bots.

4. Behavior analytics.
Intelligence agencies have internal measures used to identify double agents. It's time to accelerate deployment of network and identity behavior analytics able to identify insiders (i.e. employees and contractors) acting in strange and anomalous fashions. Someone who suddenly shows up on a Sunday night to download files is the equivalent of a mid-level intelligence agent who is suddenly driving a BMW and buying a vacation home.

5. Collaboration
Organisations should collaborate by exchanging threat information (TTPs) and knowledge about the threat actors behind them, so they can proactively implement more targeted security measures.

To protect ourselves from clear and present dangers, we must go back to the future. Today’s security strategists would be well-advised to look to the ways of the past and adapt their lessons to cyber-security of today to create a safer tomorrow.

Entrepreneur:

You Might Also Read:

Getting Intelligence Agencies To Adapt To Life Out Of The Shadows:

Is Edward Snowden Really A Russian Agent?:

US Intelligence Agencies Fear Insiders As Much As Spies:

 

« Do British Police Take Cyber Crime Seriously?
Half Of US Firms Do Not Buy Cyber Insurance »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Blue Solutions

Blue Solutions

Blue Solutions is a consultancy-led, accredited software distributor who provides IT solutions and support to small and medium enterprises.

TeleTrusT

TeleTrusT

TeleTrust is an IT Security association and network for IT security comprising members from industry, administration, consultancy and research.

Cyber8Lab

Cyber8Lab

Cyber8Lab provides cybersecurity training programmes simulating real world cybersecurity incidents such as web defacement, malware, phishing, digital forensics analysis and wireless intrusion.

Nullcon

Nullcon

Nullcon provides an integrated platform for exchanging information on the latest attack vectors, zero-day vulnerabilities and unknown threats.

Think Cyber Security (ThinkCyber)

Think Cyber Security (ThinkCyber)

ThinkCyber is a Tel Aviv-based Israeli company with a team of cybersecurity professionals who are experts in both information and operations technology.

Echoworx

Echoworx

Echoworx primary and exclusive focus is providing organizations with secure email services.

Jobsora

Jobsora

Jobsora is an innovative job search platform in the UK and more than 35 other countries around the world. Sectors covered include IT and cybersecurity.

SearchInform

SearchInform

SearchInform is a leading risk management product developer, protecting business and government institutions against data theft, harmful human behavior, compliance breaches and incomplete audit.

Data Storage Corp (DSC)

Data Storage Corp (DSC)

Data Storage Corporation is a provider of data recovery and business continuity services that help organizations protect their data, minimize downtime and recover and restore data.

Gulf Business Machines (GBM)

Gulf Business Machines (GBM)

GBM is a leading end-to-end digital solutions provider, offering the broadest portfolio, including industry-leading digital infrastructure, digital business solutions, security and services.

CloudScale365

CloudScale365

CloudScale365 offers state-of-the-art managed IT services and cloud, hosting, security, and business continuity solutions.

The Cyber Scheme

The Cyber Scheme

The Cyber Scheme provides NCSC certified and assured assessments, training and career support for security testers & technical cyber professionals.

Baidam Solutions

Baidam Solutions

Baidam Solutions is a 100% Australian owned and operated First Nations information technology business.

StepSecurity

StepSecurity

StepSecurity provides a comprehensive security platform for GitHub Actions.

Bell Canada

Bell Canada

Bell is the leading provider of network and communications services for Canadian businesses and the partner for delivering network, IoT, cloud, voice, collaboration and security solutions.

Hydden

Hydden

Hydden gives security teams the ability to create a solid foundation to build a truly next-gen identity security practice by bridging the gaps between siloed teams and technologies.