The rise of state-sponsored hacking

The battle for international supremacy has migrated to the internet, adding an extra layer of intrigue to an increasingly complex cybersecurity landscape.

By Jo Best

Thu 19 Jul 2018 @ 14:26

War has historically been a public act, a fight between two sides that takes place on a muddy battlefield to further national interests. The conflicts and manoeuvrings for advantage haven’t changed, but today the battles have now gone underground, and hackers instead of soldiers are helping nation-states get the upper hand against their enemies.

The appeal of engaging in cyberwarfare instead of the real-world equivalent is obvious: there are fewer soldiers who don’t come home, fewer political obstacles to overcome, and no struggle to get public opinion on side. Running state-sponsored hackers also offers countries plausible deniability: conflict conducted through online proxies means war fought in the shadows, with countries able to strike at rivals anonymously.

One of the earliest cyberattacks attributed to a nation-state was directed at Estonia. In 2007, the small European country saw a number of its high-profile organisations – including banks, press agencies, parliament and government organisations – taken offline using coordinated DDoS attacks. It was one of the first times that a cyber weapon was thought to have been sponsored by one country to attack another.

While such cyberattack strategies can be successful, they also attract attention. Such incidents and the digital trail they can leave behind are picked over in great depth by politicians and the world’s media alike. State-sponsored hacking, however, offers countries a chance to get a drop on rivals and further their interests – but without the same degree of public exposure.

Since then, every major – and some minor – world powers have been accused of hacking, attacking or otherwise targeting the online infrastructure of rivals. In recent times, ‘troll farms’ have been used to spread online propaganda and there have been attempts to target country officials through specially-crafted malware or email-hacking campaigns.

Take the hacking of former presidential candidate Hillary Clinton’s emails. It’s thought the hacking and release of the emails was an attempt to sway the results of the US presidential election. Whether this was achieved or not is up for debate, but the hack was widely condemned by the international community.

State-sponsored hacking initiatives have continued apace nonetheless. The hacking group Fancy Bears, for example, has been associated with several incidents. The group has been linked to hacks of the International Olympic Committee, US journalists and German ministries.

There is evidence to suggest that state-sponsored groups have hacked government bodies and commercial organisations from a number of countries, with a view to stealing sensitive documents.

While numerous countries have been quick to accuse others of using state-sponsored hackers, all nations prefer to distance themselves from running such operations. Although, for now, countries are keeping their activities secret, several have gone public about how they’re increasing their cyber capabilities to deal with such threats.

GCHQ, the UK’s intelligence agency, has made no secret that it’s building up its cyber capabilities, not just to target threats like terrorism and organised crime, but also to counter adversaries that are building up their own hacking operations. Denmark has also previously said it would upgrade its cyber capabilities, specifically its offensive capabilities.

Like every area of cybersecurity, from email security to corporate perimeter defence, state-sponsored hacking is an arms race: as one country pours more resources into its homegrown hackers, so others are forced to up their own efforts to compete.

In this particular race, the starter’s gun has only just fired.