The Nation-State Cybercrime Problem

I’m an older American guy, and I grew up in the world of the Cold War where every enemy on TV or in the movies was a Russian. We had movies like “Red Dawn,” “FireFox,” “The Hunt for Red October” and many more. Then, the world changed and the Cold War era ended as we knew it. The question is, did the war ever actually end, or did it just evolve?

There is no doubt that the world has changed and evolved in many ways since those days when we all feared physical attack from the enemy. An important evolution in the warfare we remember is the shift to virtual attacks. These attacks cost the U.S. billions of dollars in financial losses and many more billions in defensive costs each year. We’re losing our digital Information almost as fast as we generate it, and this will impact us throughout our lifetimes. It used to be much more difficult for an adversary to gain information about a person in any usable intelligence format. It involved significant manpower to follow, track and otherwise monitor an individual. In the modern world, this has become so much simpler, as we continue to grow our digital footprint every day. The days of thick manila envelopes full of papers, traditional dossiers on people or stealthy microfilm cameras whisking away our information are gone. Now, it is all a bunch of ones and zeros in easily searched databases.  

Sadly, threats don’t stop with simple information theft. Cybercrime in the forms of business email compromise scams and ransomware are making huge amounts of money every year. While many of the gangs that partake in these attacks are independent, many also have an association with nation-states. Sometimes the association is loose, and sometimes the attackers may actually be part of the offensive forces of that nation state. In the past decade, we have seen several groups tied to nation-states unmasked and charged with crimes. Rarely, if ever, will this result in actual arrests, however it does send a message that they have been caught and are known. 

Some examples of this are when the U.S. charged 5 Chinese state actors with hacking in 2014. These five hackers from Unit 61398 of the Third Department of the Chinese People’s Liberation Army (PLA) were charged with numerous crimes and are said to have targeted America’s nuclear power, metals and solar products industries with the intent to steal trade secrets and intellectual property that would be   valuable to China. In other words, China used their military cyber capabilities for economic gain. 

In the latest example, six Russian Main Intelligence Directorate (GRU) soldiers have been charged with hacking and cybercrime charges allegedly linked to almost a billion dollars in losses through ransomware attacks and ploys to disrupt the 2017 French elections and the 2018 winter Olympic Games. These six Russian soldiers are said to be responsible for some of the most devastating ransomware attacks we have seen, including the NotPetya ransomware variant, which was not really ransomware at all, as it lacked the ability to decrypt its victims files, but was in fact a destructive tool. 

Given Vladimir Putin’s rise to power from the KGB, it is no surprise that Russia has developed some highly advanced cyber warfare and espionage capabilities. China and Russia are not alone, however. Iran and North Korea are also known to have skilled teams of state-sponsored or trained groups that are focused on stealing money or information and disrupting the economies and activities of other countries.  

The lesson behind all of this is that there is a war going on, but it is not the kind of visible war we are used to. Many day-to-day citizens likely have no idea about the capabilities of these groups or the damage their efforts have caused. As security professionals, we have an obligation to be aware of these dangers and to educate people, especially those in the leadership roles within organizations, but we must do this without sounding like we support the idea of tinfoil hats. Stories like those mentioned here, where the U.S. government has charged foreign countries with this sort of criminal activity, are ways to introduce others to the idea that these battles are taking place through credible sources. From there, we educate people about the mechanisms of these attacks, especially phishing and social engineering attacks that target people and seem to work extremely well. This helps us build our case for the protections needed within our organizations and underlies the severity of the challenges we face.

Who knows, maybe if we continue to bring light to the subject, we will get that sequel to the FireFox movie after all.