August 29, 2014

A Playbook for Hybrid War in Cyberspace?

Reuters/Scanpix
A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin May 21, 2013. The Financial Times' website and Twitter feeds were hacked May 17, 2013, renewing questions about whether the popular social media service has done enough to tighten security as cyber-attacks on the news media intensify. The attack is the latest in which hackers commandeered the Twitter account of a prominent news organization to push their agenda. Twitter's 200 million users worldwide send out more than 400 million tweets a day, making it a potent distributor of news.
A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin May 21, 2013. The Financial Times' website and Twitter feeds were hacked May 17, 2013, renewing questions about whether the popular social media service has done enough to tighten security as cyber-attacks on the news media intensify. The attack is the latest in which hackers commandeered the Twitter account of a prominent news organization to push their agenda. Twitter's 200 million users worldwide send out more than 400 million tweets a day, making it a potent distributor of news.

With hybrid warfare, nation-states seem to prefer to outsource both kinetic and cyber attacks to non-state proxies in order to disclaim any responsibility. However, Russia’s ongoing military offensive in Ukraine shows that for more sophisticated kinetic operations, regular forces are apparently preferred to militias to avoid collateral damage, among other reasons. The same seems to be true in cyberspace – when stakes are higher, professionals are preferred over amateurs.

With hybrid warfare, nation-states seem to prefer to outsource both kinetic and cyber attacks to non-state proxies in order to disclaim any responsibility. However, Russia’s ongoing military offensive in Ukraine shows that for more sophisticated kinetic operations, regular forces are apparently preferred to militias to avoid collateral damage, among other reasons. The same seems to be true in cyberspace – when stakes are higher, professionals are preferred over amateurs.

Amid the Russian military invasion of Ukraine, sophisticated high-level cyber attacks were recently carried out against JPMorgan Chase and at least four other banks stealing sensitive information. The fact that the attackers seem not to have been seeking financial gain – the usual motivation for attacks on financial institutions – suggests in the opinion of a security expert that the attacks could have been politically motivated, and according to Bloomberg, investigators found some evidence of a government link. Another security expert believes that because the capabilities used were highly sophisticated, the perpetrator is likely to be a nation-state. Even though investigating law enforcement and intelligence agencies have not revealed who was responsible for attacks, initial evidence pointed to Russian hackers. It is suspected that the motivation for launching the attacks could be an attempt to retaliate against Western sanctions imposed on Russia over Ukraine.
Earlier in August, a contractor for the US Department of Homeland Security (DHS) suffered a data breach in which DHS employees’ personal information was likely stolen. This breach similarly had “all the markings of a state-sponsored attack.”
Recently, Norway was also faced with the “largest attacks of [this] kind” when the systems of 50 oil and energy companies were hacked. Norway’s National Security Authority warned another 250 firms to check their systems for possible breaches. Although the identities of those responsible have not yet been publicly revealed, Norwegian authorities have reportedly identified those responsible for the attacks.
It is not possible to tell whether these attacks were “business as usual”-type intelligence gathering operations of Russian hackers called Dragonfly (aka Energetic Bear) that have been targeting Western energy firms since 2011, politically motivated retaliations against Western political and economic sanctions, state-sponsored attacks, or something else. Attacks targeting the US banks and DHS stole personal information that is not “intellectual property” or other types of sensitive and classified infromation which states who conduct cyber espionage are generally seeking. Were the attacks politically motivated, they would probably seek to damage or disrupt the essential services rather than steal sensitive information. Linking the attacks against the US banks and Norway’s national interest to the Russian government cannot be confirmed, however, as the highly-sophisticated cyber tools used in these attacks indicate, a nation-state is likely to be directly responsible. How states choose to behave in cyberspace in the future is being curved out today.

Filed under: BlogTagged with:

No comment yet, add your voice below!


Add a Comment