The rise in state-sponsored hacking in 2020
While the popular perception of hackers are lone wolves operating in isolation, it’s increasingly common for cyberattacks to have a state-sponsored element, with countries taking to the internet to wage subterraneous warfare on others. Russia has perhaps been the most obvious example of this approach, with accusations of cyberattacks diminishing western elections, hacking into key infrastructure, and releasing confidential information into the public domain, but the problem is a widespread one.
Indeed, only last year Microsoft was said to have warned around 10,000 people that they had been victims of state-sponsored hacking, with the accusations about Saudi Arabian hacking of Amazon’s Jeff Bezos the latest example. Most of the victims identified by Microsoft were businesses, and the tech giant revealed that their findings highlighted the extent to which countries were using cyberattacks to influence geopolitics and gain intelligence. They also revealed over 750 instances of state-sponsored incidents via its AccountGuard technology, which is used for political campaigns.
It’s a situation that Georgetown University’s Ben Buchanan believes is only going to worsen in the coming years, and his latest book joins a number of new publications exploring the new field of state-sponsored cyber warfare. In The Hacker and the State, he deftly argues that the digital battleground has become increasingly aggressive over recent years, with states such as Iran, China, North Korea, and Russia able to go toe to toe with the western powers.
New methods of battle
Cyber warfare offers a range of unique weapons for states to deploy, which Buchanan believes have fundamentally changed the geopolitical landscape. The lower barriers to entry have meant traditionally poorer countries have been able to not only punch well above their weight but have even been able to steal opponents tools for their own ends.
With a few generations of technological hegemony, this has traditionally been an advantage held by the United States, and its allies, with the central role agencies such as DARPA played in the creation of the internet an undoubted advantage in terms of cyber espionage and warfare. Buchanan believes this central position has helped America not only in wars overseas but in areas such as trade negotiations internationally.
Journalist Andy Greenberg focuses primarily on Russia in his latest book, Sandworm, where he explores attacks on the Olympics, Ukrainian infrastructure and on the Democratic National Committee. It’s a battleground that Greenberg describes as largely lawless, as whereas traditional warfare has various rules developed over the years to try and ensure it remains as humane as warfare ever can be, cyber warfare is still something of a wild west.
Is it ever justified, for instance, to target individuals or facilities such as hospitals? Is it right for elections to be compromised by targeted cyber attacks? None of these seem to be off-limits to the state-sponsored hackers of today, with Russia’s Sandworm group on the front lines of Russia's war with Ukraine in 2014, with the group's attack on the Ukrainian infrastructure a key element in undermining Ukrainian defences.
“It was a quintessential example of a nation-state disruptive attack on an adversary in the midst of a kinetic war,” Greenberg told the CyberwarCon conference last year.
Undoubtedly the most pressing concern across much of the western world, however, is the potential interference in the running of elections, especially the presidential elections taking place in the United States later this year, where the incumbent candidate has long-held allegations of collusion with Russian forces against his name.
In Hacker States, British academics Adam Fish and Luca Follis chart the role of cyber warfare in democratic elections back to the hacking of Barack Obama’s campaign for office in 2008. It reminds us that hacking attempts don’t even need to be successful to have an impact, as the very risk of elections being compromised can undermine public faith in the robustness of their democratic processes.
These concerns are only likely to intensify as countries take greater advantage of electronic voting systems. Fish and Follis highlight how Russian hackers targeted these systems during the 2016 presidential elections, and were able to compromise over 100 local elections as a result. Even if the attacks aren’t successful, the belief that elections are compromised can reduce the motivation of people to vote, as we’ve seen in countries such as Hungary, where a growing proportion of people believe their elections are rigged in some way.
Given the growing threat of cyber warfare, there have been calls for a 'cyber Geneva Convention' to oversee the use of cyber weapons around the world. Just as it took the horrors of World War II to bring about the Geneva Convention, it will perhaps take a catastrophic cyber breach to encourage the world to cooperate sufficiently to bring about a cyber specific version.
Whilst the threat of cyberattack was identified by the World Economic Forum in its annual Global Risks Report, they also identified the diminishing willingness to act cooperatively against global challenges. In an increasingly dog-eat-dog world, it seems the threat of cyber warfare will not be going away any time soon.