By Jeremy Henley
Director of Breach Services, ID Experts
Three years ago, MI5’s head of cyber—who wished to remain anonymous—told BBC, “There are now three certainties in life—there’s death, there’s taxes and there’s a foreign intelligence service on your system.”
The sure-certainty of cyber espionage is troubling, to say the least. Cyber espionage is costly to both nations and companies, damaging reputations, eroding economies, and disrupting daily life for citizens, in some cases.
The definition of cyber espionage varies, depending on who you talk to, but the InfoSec Institute cites a helpful description: “The science of covertly capturing e-mail traffic, text messages, other electronic communications, and corporate data for the purpose of gathering national security or commercial intelligence.”
According to Villanova University, cyber espionage targets four categories of information:
- Internal data such as operations, salaries, and research and development
- Intellectual property, including top-secret projects, formulas, and plans
- Client and customer information, such as client names, what services they’re using, and how much they are paying
- Marketing and competitive intelligence
Who’s Spying on Whom?
When it comes to state-sponsored cyber espionage, few countries are more notorious than China. Consider the infamous Anthem breach last year, which involved the theft of 80 million records. This attack, tied to a group of Chinese state-sponsored hackers, are similar to other such thefts of medical data—data used by foreigners as a backdoor into the “personal lives and computers of…defense contractors, government workers and others,” according to one U.S. government official.
According to a recent report by FireEye, however, it appears that Chinese cyber espionage is on the decline. FireEye’s analysis revealed that since mid-2014 there has been an overall drop in “successful network compromises” by Chinese groups against organizations in 26 countries, including the United States.
The report did find that while the quantity of China’s cyber activity has decreased, the quality has increased. A spokesperson for FireEye told SC Magazine UK that Chinese groups have sharpened their focus on more specific targets, such as “dual-use technologies” that could serve civilian or military purposes as well as “high-tech insights that would allow the Chinese economy to ‘move up the value chain’ from a manufacturing- to consumer-based economy.”
Britain was seeing about 70 cyber espionage operations against government or industry systems as of July 2013, according to British intelligence. And this July, The Telegraph reported that the UK railway network was hit by at least four “major” cyber attacks in the last 12 months. These attacks may have been surveillance exercises by nation-states to gather information—classic cyber espionage activity.
If the Cloak and Dagger Fit…
Of course, cyber espionage is not a one-way street. Nikolai Patrushev, a secretary of the Russian Security Council, has said that the number of cyber-attacks on web servers at Russian state bodies and critical infrastructure have increased significantly since the beginning of 2016, according to SC Magazine UK. In this year alone, Russian state agencies and bodies have been the victims of more than 10 million attacks, the magazine reported.
At the end of last year, the Web server of Russia’s president Vladimir Putin was attacked, causing denial of service for several hours on the Kremlin’s web servers. Similar, although largely unsuccessful, attacks have been mounted this year against the Russian president’s official Web server. According to the CEO of a Russian cybersecurity firm, most of the Web server attacks were motivated by cyber espionage and propaganda.
China sees itself as a victim, too. According to BBC, the Asian nation feels that the United States is accusing China of economic espionage to draw attention from its own “aggressive” cyber activities. “China is one of those countries suffering most by hacker attacks,” Dr. Huang Huikang, China’s lead negotiator on cyber issues, said in 2013. “They are misunderstanding what happened in China and sometimes we think this is a political game. It’s not true and not fair to China.”
Cyber Espionage: A Potential Energy Drain
We’ve written before about the vulnerability of critical infrastructure to cyber attacks. Now, researchers at SentinelOne recently discovered a sophisticated type of malware targeted at an energy company that could “potentially shut down an energy grid.”
Based on their analysis of the malware, researchers believe that it was likely sponsored by a nation-state and may have originated in Eastern Europe. Experts designed this malware—they knew Windows “to the bone,” Udi Shamir, chief security officer at SentinelOne, told Motherboard. “This was not the work of a kid,” he said. “It was cyberespionage at its best.”
Declaring War on Cyber Espionage
Cyber espionage will always be as sure as death and taxes. Nation-states and other entities will continue to use stealth and technology for economic or political gain, putting citizens and infrastructure and governments at risk. But that doesn’t mean we can’t minimize its impact and frequency.
The U.S. government, for example, has declared war on cyber espionage. In 2015, President Obama and Chinese President Xi Jinping signed a cyber-espionage agreement, and in July 2016, a Chinese national was sentenced to nearly four years in federal prison for conspiring to hack into the computer networks of major U.S. defense contractors.
Besides political action, much can also be done within an organization to prevent or curtail cyber espionage attacks. A few tips from a Computerweekly.com article include:
- Educating employees about security, especially social engineering attacks such as spear phishing.
- Understanding what intellectual property you have.
- Ensuring all systems are regularly patched with Microsoft, Java, Adobe, and other application patches.
- Making sure all systems used by employees have updated antivirus software.
When it comes to cyber espionage—indeed, any form of cyber attack—we needn’t be helpless victims. On both organizational and national levels, we can do much to take a bite out of this costly crime.
[clickToTweet tweet=”High-Tech Spying and the Art of Cyber Espionage” quote=”High-Tech Spying and the Art of Cyber Espionage” theme=”style3″]