The Usual Suspects? Nation State Cyber Attacks

Nation state sponsored cyber-attacks are growing in frequency, reach, and sophistication.

Within the previous year alone, a successful attack targeted the World Anti-Doping Agency, releasing the medical records of Olympic athletes from around the world. State sponsored hacking is also assumed to have played a role in the outcome of the US 2016 election, leading the US government to release a report detailing indicators of Russian involvement.

While countries have been conducting stealth attacks against each other for centuries, the digital era means these attacks can now be achieved remotely with technology.

From disrupting critical national infrastructure, stealing intellectual property, to eavesdropping on political and military discussions, spreading propaganda, and knocking down companies that have offended its leaders, there are plenty of reasons to motivate a nation state to sponsor an attack.

When an attack is launched, attribution is often tricky. Relationships between governments and private hackers are usually complex, with some countries engaging state hackers alongside freelancers. This makes it challenging to distinguish a nation state attack from those of independent groups.

On top of this, where nation states do not want to be identified as the perpetrators, they will go to great lengths to leave ‘false flags’ to mislead those tasked with finding out who is responsible.

For instance, a country might attempt to hide behind Russia by leaving false digital fingerprints. This could be a line of code that instructs the attack not to deploy if it detects a Russian keyboard or an error message that is written in Russian. Digital forensics on an attack could also show the peak times for compiling the code to be during the day in Moscow Standard Time. However, this could be a result of a country deliberately instructing its hackers to work specific hours or nights to complete the development of the attack. When combined, these false flags build a deceiving picture that deflects the blame away from the actual perpetrator. A nation’s efforts to mislead could result in misguided and misdirected attribution of a group or state with no connection whatsoever.

The difficulty of attribution often leads to speculation. Following the 2014 hack of Sony Pictures, rumours developed that North Korea had targeted the company in advance of the release of The Interview, a Seth Rogen comedy about two journalists hired to assassinate North Korean leader, Kim Jong-un.

However, the hackers only mentioned The Interview when the film had already been linked to the attack by the media. Initially, their only demands were monetary compensation.

Whether this attack was state-sponsored by North Korea, another country, or a group of independent cyber criminals seeking ransom money still requires further proof, and we may never know who is responsible.

As the lines between nation-state sponsored attacks and independent cyber criminals continue to blur, the difficulty in identifying the originators of an attack means that holding those accountable for hacks and cyberattacks can be near impossible.

Regardless of who is ultimately holding the smoking gun, organisations must remember that most data has a value to someone, and should continue to remain vigilant against cyber-attacks.