Russian state hackers get the headlines, but nations across the globe are pouring money into cyber espionage units, a development, security experts say, that is allowing smaller nations to close the espionage gap without the satellites or tech muscle of big nations.
“It’s very inexpensive. It’s very efficient,” said John Hultquist, a cyber espionage analyst who’s studied the growth of hacking among smaller nations for iSight Partners, a division of FireEye, a Milpitas, California, cybersecurity firm.
Hultquist said his firm was tracking several new players, which he declined to identify – “I’d get in trouble for naming them” – that had no prior experience in cyber espionage.
“These would be smaller developing countries that would appear to be building out their own capability,” Hultquist said. “It’s not just the Chinese anymore or the North Koreans. Some of them are quite good.”
Other cybersecurity firms and independent analysts echo FireEye’s findings.
“We’ve seen activity spiking in India,” said Jon DiMaggio Sr., who is part of a unit studying cyber espionage at Symantec, the giant security software and storage company in Mountain View, California. “They’re absolutely evolving.”
To counter India, neighboring rival Pakistan has also invested heavily in a cyber spying unit. Other countries, ranging from small Macedonia to Ethiopia and Malaysia, are among nations with cyber units targeting regional rivals or dissident citizens abroad.
If a hacking unit in a less developed country can penetrate and crack open the emails of key politicians or military officers in another country of interest, it may be able to harvest thousands upon thousands of documents.
“It’s a golden age of espionage in terms of stealing information,” said Kenneth Geers, a senior fellow at the Atlantic Council and a cybersecurity analyst at Comodo, a New Jersey company that offers internet infrastructure certificates. “Many, many governments, I think, have probably become addicted to cyber espionage because it’s so much information. You get it very cheaply, and you don’t have to risk lives.”
The spate of global cyber espionage has unfolded largely under the public radar, partly because of headline-grabbing accusations against Russia, a swell of cyber criminal attacks, public boredom with news of breaches and the reticence of governments to take retaliatory action when they themselves engage in the same activities.
James Clapper, director of national intelligence in the Obama administration, made that point in a speech last Wednesday in Washington, where he talked about his explanation to Congress of why the Obama administration had not struck back at China for hacking U.S. government agencies.
“I always try respectfully to remind members (of Congress) that people who live in glass houses should at least think before throwing rocks,” Clapper said.
A Russian hacking operation to support the presidential campaign of Donald Trump in 2016 has roiled the early months of his presidency and led to investigations by the FBI and other federal agencies as well as parallel inquiries on Capitol Hill.
Clapper led an interagency investigation that concluded in an unclassified report Jan. 6 that Russia had sought to influence the presidential elections through hacks and fake news stories.
Russian hacking is in the headlines again – now in Europe. A big cybersecurity firm, Trend Micro, said in a report that it had detected that likely Russia-based state hackers sought to penetrate the campaign of a leading French presidential candidate, Emmanuel Macron, and two German foundations linked to its major political parties.
Danish officials said last week that Russian state hackers, presumably an elite military cyber unit sometimes referred to as Fancy Bear, had gained access to the emails of Defense Ministry employees in 2015 and 2016.
“If you’re a small state, what can you do?” said Jeppe T. Jacobsen, a Danish visiting scholar at New York University’s international relations department.
Turns out, plenty.
Cybersecurity firms increasingly are drawing attention to the rise of hacking by previously unseen nations. The Moscow-based Kaspersky Lab said in a quarterly report last week that “we continue to observe a sharp rise in the sophistication of attacks with nation-state backing and a merger of tactics . . . (with) financially motivated cybercriminals.”
The Middle East has become “one of the major cyber battlefields,” it said.
Some of the cyber weapons are sophisticated, powerful and mysterious – and may be associated with U.S. intelligence.
Symantec, in a report released last Thursday, noted that a group it dubbed Strider was using a sophisticated hacking tool, known as a Trojan, in highly selective strikes against groups and individuals in Russia, an airline in China, an organization in Sweden and an embassy in Belgium.
The hacking tool’s designer left a calling card of sorts, tucking the phrase “eye of Sauron” into the code – a reference to the all-seeing symbol from J.R.R. Tolkien’s The Lord of the Rings book trilogy and subsequent movies.
“This was someone who was way into Western type of culture,” said DiMaggio, the Symantec investigator, adding that he couldn’t say for sure which country was responsible.
An incredible explosion of criminal hacks worldwide has provided a fog of sorts for nations to probe each other with cyber espionage. The Symantec annual report said that in 2016, one in every 131 emails contained a malicious link or attachment, usually designed to extract data. Ransomware demands – hackers seeking payments to release computer systems they’ve frozen – spiked 266 percent worldwide, it says.
Even as breaches have become bigger, they also have become ho-hum.
“It used to be that if we, the security vendors, found a new unknown nation-state cyber espionage group from China, that would be front-page news. Now we don’t always even publicize it,” said DiMaggio of Symantec. “When you have a new one happen, it’s kind of like, eh, so what?”
Strategists say the militaries of nations large and small view cyber activity today as necessary to secure their own safety and prepare for conflict tomorrow.
“It’s a very active space, and it’s dangerous,” said Geers, of the Atlantic Council, noting that while espionage is not banned under international law “the line between exploitation and attack is almost nonexistent.”
It’s an arms race that is largely invisible.
“We’re going to see a massive investment across the board in offensive cyberattack tools,” said Eric O’Neill, a former FBI counterintelligence operative who now is a national security strategist at Carbon Black, a software security company in Waltham, Massachusetts. “Double all the attacks from last year. That’s what we’ll see.”