• About Us
  • Contact
  • Careers
  • Send Us a Tip
Menu
  • About Us
  • Contact
  • Careers
  • Send Us a Tip
CyberNews logo
Newsletter
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
Menu
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
CyberNews logo

Home » Editorial » How nation-states hack each other: the (extra)ordinary routine

How nation-states hack each other: the (extra)ordinary routine

by Jurgita Lapienytė
4 December 2020
in Editorial
0

How nation-states hack each other: the (extra)ordinary routine (c) Shutterstock

189
SHARES

Cyber operations are part of statecraft, and every nation, no matter how big or small, engage in it, whether it’s espionage, cyber-attacks, or disruption, CyberNews learned at the MIT Tech Review conference Cyber Secure.

“This is the game that all nations play,” Ben Buchanan from the Georgetown University Center for Security and Emerging Technology said during a panel discussion about how nations hack each other.

Meanwhile, Field Chief Security Officer at Palo Alto Networks M. K. Palmore pointed out just how dangerous nation-state adversaries can be as they have deep pockets and resources to engage in cyber operations.

Nation-states are engaging in cyber operations more aggressively than before. Actually, they have moved beyond just espionage and now use cyber means to attack each other or cause chaos and disruption.

“Cyber operations are not extraordinary, and it’s not the end of the world when one is used. It’s not nuclear Armageddon. It’s not even war. Rather than imagining cyber 9/11 or cyber Pearl Harbour, we instead have to look at the cases that actually happen,” assured Ben Buchanan.

Cyber operations are not extraordinary, and it’s not the end of the world when one is used. It’s not nuclear Armageddon. It’s not even war. Rather than imagining cyber 9/11 or cyber Pearl Harbour, we instead have to look at the cases that actually happen,

Ben Buchanan said.

According to him, cyber operations actually aren’t that extraordinary. They are almost ordinary, and they happen every single day. 

“These operations are a fundamental part of statecraft, a fundamental part of how nations project power,” he added.

And we, as users, are often caught in the crossfire of nation-states’ efforts to spy on and hack each other.

Who is the enemy?

M. K. Palmore examined the emerging and ongoing threats in the cybersecurity landscape across industries. He was surprised that ransomware is still a viable force against enterprises. Most of the malware, he explained, heavily relies on known vulnerabilities. Therefore, companies are not doing their job well enough to protect themselves from ransomware.

Palmore put adversaries under four categories. Financially motivated actors fall under the first category and are responsible for the most cyber adversarial activity, he explained. Of course, then there are the insider threats, and hacktivists usually seeking disruption.

“Of course, you have advanced and persistent threats — nation-states with deep pockets, extensive resources, and strategic objectives,” he said.

The ability to monetize the attacks keeps criminals engaged in their activities. They typically use bitcoin to monetize their crimes. And the value of this digital currency recently saw a spike in value.

For a company to successfully achieve cyber-resiliency, it needs the full muscle of its leadership teams, across C-suites, boards, and investors. Discussing the emerging and existing threats on the cyber-threat landscape is @mk_palmore. #CyberSecureMIT #TechReviewEvents pic.twitter.com/mLlHMXeaxG

— MIT Technology Review (@techreview) December 2, 2020

Palmore also described this adversarial behavior. Cyber adversaries, according to him, are not ordinary and average criminals. They are highly skilled, intelligent men and women.

“They are some of the best that you can find in the industry. These individuals, if they were to be hired, they would be very highly paid,” he said.

Moreover, they are experts on high turn investment, and so they are using the path of least resistance to make the most value of their activities. 

When it comes to nation-state threat actors, Palmore emphasized, it’s important to remember that it is people’s job to get up and engage in cyber activities. They are given the necessary tools and resources to do that. And, as he mentioned, they are hired by a nation-state, which usually means that they have deep pockets for this kind of activity.

READ MORE: How Russia changed its hacking tactics in 2014

Three categories of cyberoperations

Ben Buchanan, Director of the CyberAI Project at the Georgetown University Center for Security and Emerging Technology, explained that through cyber operations, states project power, and he put them under three categories.

The first is espionage. Because data is more portable now, it enables cyber espionage at a level never seen before, and it allows countries to have big data sets on their adversaries.

Unfortunately, countries have moved beyond cyber espionage, and they now engage in cyberattacks, which fall under the second category. As an example, Buchanan mentioned the power blackout in Ukraine in 2015 and 2016. And while a Russian cyberattack on the Ukrainian power grid in 2015 was manual, the blackout in 2016 was automated. This is a sign of the ambition of hackers to have ever more powerful effects on targeted societies.

“If you look at the last 20 years of cyber operations, you can see that the attacks are getting more scalable and more sophisticated, and they are doing real damage,” he explained.

As espionage and cyberattacks sometimes are not accurate to describe nation-states’ operations, the concept of destabilization and subversion becomes handy. The most obvious example is Russian interference in the US elections in 2016, but Buchanan did not retell this story and used a lesser known example instead.

In August of 2016, a Twitter account called Shadow Brokers appeared online, claiming that the National Security Agency’s (NSA) cyberweapons were for sale and that they were going to have an auction.

“Unlike in many other cases, that would be easy to dismiss, saying that they are just conspiracy theories, Shadow Brokers were for real. They did have access to NSA tools,” he explained.

And over the course of next year, they began dripping these tools out, as Buchanan put it, in oddly worded messages revealing a lot of American hacking capabilities for all the world to see.

“Unlike Edvard Snowden or unlike previous press reporting on NSA hacking capabilities, which just revealed the existence of the capability or the use of it, the Shadow Brokers actually revealed the tools themselves. It’s like taking arrows out of NSA quiver and distributing them for anyone to use,” he explained.

The most devastating cyberattack in history was in part enabled by the most devastating cyber destabilization in history,

Ben Buchanan said.

And the effect of this was twofold. First of all, this weakened American hacking capabilities as these tools became less useful. It also destabilized the broader internet because these tools were out there for anyone to use.

“The first major instance of the use of these tools was North Korea that took the most powerful tool – Eternal Blue. It was so powerful that an NSA operator once compared it to fishing with dynamite, and North Koreans re-used this to carry out an attack called Wannacry, which did 4 billion dollars of damage in 2017,” Ben Buchanan said.

Just a month later, the Russian Petya attack occurred, also using NSA’s Eternal Blue tool.

“The most devastating cyberattack in history was in part enabled by the most devastating cyber destabilization in history,” he said.

Even to this day, it is unknown who these Shadow Brokers are.

Both experts, when asked by CyberNews, admitted that all nations, no matter how big or small, engage in cyber operations, and we as users are often caught in the crossfire.

Share189TweetShareShare

Related Posts

Google on laptop and mobile

Google vs Australia: The Battle of the Precedents

25 January 2021
Is there life on Mars?

Is there life on Mars?

22 January 2021
Woman using VR glasses

Why Businesses Are Preparing for an Extended Reality (XR)

21 January 2021
Satellites are not safe enough. Here’s why that should worry you

Satellites are not safe enough. Here’s why that should worry you

21 January 2021
Next Post
Ai hand and a human hand

Trump signs order on principles for U.S. government AI use

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Popular News

  • 70TB of Parler users’ messages, videos, and posts leaked by security researchers

    70TB of Parler users’ messages, videos, and posts leaked by security researchers

    83034 shares
    Share 83024 Tweet 0
  • The ultimate guide to safe and anonymous online payment methods in 2021

    13 shares
    Share 13 Tweet 0
  • Bitcoin emergence as ‘digital gold’ could lift price to $146,000, says JPM

    56 shares
    Share 56 Tweet 0
  • ProtonMail review: have we found the most secure email provider in 2021?

    69 shares
    Share 69 Tweet 0
  • How to deactivate or delete your Facebook account

    0 shares
    Share 0 Tweet 0
Teespring data leaked on hacker forum

8+ million Teespring user records leaked on hacker forum

25 January 2021
Italy consumer association sues Apple for planned iPhone obsolescence

Italy consumer association sues Apple for planned iPhone obsolescence

25 January 2021
Google on laptop and mobile

Google vs Australia: The Battle of the Precedents

25 January 2021
Makers of Sophia the robot plan mass rollout amid pandemic

Makers of Sophia the robot plan mass rollout amid pandemic

25 January 2021
Elon Musk

Elon Musk to offer $100 million prize for ‘best’ carbon capture tech

22 January 2021
Is there life on Mars?

Is there life on Mars?

22 January 2021
Newsletter

Subscribe for security tips and CyberNews updates.

Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Categories
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
  • VPNs
  • Password Managers
  • Secure Email Providers
  • Antivirus Software Reviews
Tools
  • Personal data leak checker
  • Strong password generator
About Us

We aim to provide you with the latest tech news, product reviews, and analysis that should guide you through the ever-expanding land of technology.

Careers

We are hiring.

  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • In the News
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!