• Keine Ergebnisse gefunden

State-sponsored hackers: hybrid armies?

N/A
N/A
Info
Herunterladen
Protected

Academic year: 2022

Aktie "State-sponsored hackers: hybrid armies?"

Copied!
2
0
0

Wird geladen.... (Jetzt Volltext ansehen)

Jetzt herunterladen ( 2 Seite )

Volltext

(1)

5

2 0 1 5

Cyber-attacks are rarely disconnected from politi- cal realities. CyberBerkut – a pro-Russian group of ‘patriot’ hackers – has, for example, hacked German government websites in retaliation for the political support offered to Kiev by Berlin.

The Syrian Electronic Army – a hacker collective thought to be linked to Syrian President Bassar al-Assad – regularly targets Western media out- lets, most recently Le Monde.

Due to this blurring of the virtual and physical worlds, governments, which are familiar with stateless actors such as al-Qaeda or the Islamic State of Iraq and the Levant (ISIL), may now have to learn to deal with equally hostile, amorphous and often state-sponsored ‘hacktors’.

Using the past but shaping the present

While maritime disputes between China and its neighbours often grab the headlines in the Asia-Pacific, cyber-attacks are comparatively un- derreported. Each year, for instance, the com- memoration of the Sino-Japanese conflict which began on 18 September 1931 (and resulted in Japan’s occupation of three provinces in northeast China) witnesses a virtual offensive on Japanese websites.

The ‘9/18’ cyber-attacks in recent years have been fuelled by a host of diplomatic disputes. In

2010, the collision of a Chinese fishing boat with a Japanese coast guard vessel and the subsequent detainment of its Chinese captain and crew caused a flurry of malicious cyber activity. Attacks in lat- er years were triggered by the 80th anniversary of the 1931 Manchuria incident or the ongoing controversy over the Senkaku/Diaoyu islands.

Non-state cyber armies have also been employed in ongoing conflicts. CyberBerkut is but the most recent example: the group not only man- aged to hack governmental websites in Germany, Ukraine and Poland, but also successfully took down three NATO websites, including that of the Cooperative Cyber Defence Centre of Excellence in Tallinn.

Other Russian political movements, which are or- ganised and partially sponsored by the state, also have an important role in non-state cyber offensive capabilities. For instance, a group called ‘Nashi’

claimed responsibility for the Distributed-Denial- of-Service attack in Estonia in 2007. The group is also active domestically, targeting the Russian opposition and those critical of the government, including newspapers such as Kommersant.

Smaller and militarily less advanced countries ap- pear to readily embrace the actions of such ‘pa- triotic’ hackers as they benefit from the tactical asymmetry – a sort of virtual guerrilla warfare – that the cyberspace offers. The Syrian Electronic Army, active since the outbreak of protests in Syria

State-sponsored hackers: hybrid armies?

by Patryk Pawlak and Gergana Petkova

SUPerStock/AP/SIPA

european Union Institute for Security Studies January 2015 1

(2)

© eU Institute for Security Studies, 2015. | QN-AL-15-005-2A-N | ISBN 978-92-9198-300-1 | ISSN 2315-1129 | DOI 10.2815/341983

in 2011, claims to be driven by patriotism and denies any official affiliation with the government.

The group is behind some of the more audacious cyber-attacks, including the defacement and hack- ing of numerous media websites and Twitter ac- counts (e.g. the BBC, The Guardian, The New York Times, Human Rights Watch, and Forbes), opposi- tion Facebook pages, chat messengers like Skype and Viber, as well as foreign government institu- tions (e.g. Saudi Arabia’s Ministry of Defence).

Examples of malware and state-linked cyber-attacks

Flame: Malware described as ‘the most so- phisticated cyber weapon yet unleashed’.

Detected in the Middle East, it shares many characteristics with Duqu and Stuxnet. Flame begins by sniffing the network traffic, taking screenshots, recording audio conversations, and intercepting keyboard presses.

Red October: Malware used for a cyber-espi- onage campaign that has affected hundreds of bodies around the world – including dip- lomatic and government agencies, research institutions, energy and nuclear groups, and trade and aerospace organisations.

MiniDuke: Malware designed to steal data from government agencies and research in- stitutions. Kaspersky Labs uncovered 59 high-profile victim organisations in 23 coun- tries, including Belgium, the Czech Republic, Hungary, Ireland, Portugal, Romania, Ukraine, and the US.

GhostNet: Malware allegedly originating in China which infiltrated targets in about 103 countries, including the systems of NATO SHAPE headquarters, various embassies and foreign ministries, and the office of the Dalai Lama.

Moonlight Maze – Suspected state-sponsored attacks by Russian hackers targeting the Pentagon, the US Department of Energy, NASA and several universities and research labs.

Titan Rain – Suspected state-sponsored at- tacks by Chinese hackers targeting the com- puter networks of US defence contractors in search of military secrets. The networks of the British and German governments appear to have been targeted at the same time.

Looking into the future

In addition to governmental or political targets, state-linked hackers have also damaged private businesses. In 2014, the US-based security compa- ny Crowdstrike blamed a Chinese PLA-associated group ‘Putter Panda’ for a series of cyber-espionage actions directed at high-profile aerospace, satellite and communications targets. More recently, an- other group called ‘Guardians of Peace’ – suppos- edly linked to North Korea – claimed responsibil- ity for an attack on Sony Entertainment Pictures which resulted in the loss of personal information of employees and their families and the exposure of executive-level salaries and company email ex- changes.

Available data suggest that cyber-espionage by state-affiliated groups is on the rise. The 2014 Data Breach Investigations Report by Verizon, a US tel- ecommunications company, shows that 87% of all such incidents in 2013 (511) were performed by state-linked groups originating from either East Asia (49%) or eastern Europe (21%).

With state and non-state actors ever more inter- ested in developing both offensive and defensive cyber capabilities, designing the rules of the game will be complicated. Authoritarian regimes enjoy significant freedom to set and adapt rules as they please. Their opponents have, alas, more limited options. In democratic states, governments are bound by the rule of law and operate under strict public scrutiny. Legal cooperation among like- minded countries is moving forward, but at a very slow pace.

Little can be done if certain actors choose not to play by the rules. The US indictment of five Chinese military officers for cyber-espionage in 2014 was, for example, practically ignored by Beijing. And the use of sanctions – as was the case against North Korea following the attacks on Sony – may just aggravate the delicate situation on the peninsula further.

Accordingly, a preventive cyber-attack on – or quick retaliation against – the computer networks of other countries suspected of providing support to hackers may appear the only response capable of deterring future incidents.Such actions, howev- er, may undermine the international system in the long run – and further muddy the already difficult international debate surrounding cyber norms.

Patryk Pawlak is a Senior Analyst and Gergana Petkova is a Junior Analyst at the EUISS.

european Union Institute for Security Studies January 2015 2

Referenzen

Jetzt herunterladen ( PDF - 2 Seite - 575.29 KB )

ÄHNLICHE DOKUMENTE

RUSSIAN HYBRID WARFARE A study of disinformation

This pattern could be observed, for instance, during the invasion of Crimea, where generally state-controlled media uncritically applauded the actions of the Russian regime,

Hizbullah’s hybrid posture: three armies in one

After Hizbullah ambushed an Israeli patrol in retalia- tion for an airstrike which killed six of its command- ers at end of January, its leader Hassan Nasrallah de- clared

Local Government Support for Ukraine . . . .

Resolutions or statements by representatives of Polish local and regional governments in support of the Ukrainian civil society and its aspirations and condemnation of

T The Risks Posed by Jihadist Hackers

the public emergence of Twelver Shi`a 1 foreign fighter militias operating with Syrian government forces loyal to President Bashar al-Assad, together with the recent

General Models for Handwritten Text Recognition: Feasibility and State-of-the Art. German Kurrent as an Example

Its primary focus is on general models which train recognition models that are capable of recognizing not just one specific hand but similar scripts from different hands that

Retaliation and the Role for Punishment in the Evolution of Cooperation

Within this framework, we show that punishing cooperators still can play two roles: they can break up an equilibrium of omnilateral defection and pave the way for a stable polymor-

THE GLOBAL MOBILITIES OF RUSSIAN MUSEUMS: THE STATE RUSSIAN MUSEUM GOES TO MÁLAGA

She explores the role of art in international relations with a focus on Russian actors in the transnational field of art, examining practices of cultural diplomacy,

Assessing the Structural Prerequisites for an Efficient Russian Political Market

Considering these problems and the attitude held by Russian civil society organizations towards state-society relations, many of the measures initiated in recent years by