I was recently asked why it seems the Russians Cyber-Intelligence agencies seemingly have the jump on the US in the Cyber Espionage Departments.
This is a pretty serious question – but before we answer that, we really we need to ask – do they?
First off – we actually don’t know that they do have the jump on US intelligence. And the reason we don’t know that they are ahead, is because the US intelligence community does not publicize their activities; nor should they.
The whole point of clandestine activities from our intelligence agencies, and that of our allies (the UK, France, Germany etc) – is that they should remain clandestine!
We only hear about failures or successes, when they hit the news. For example – the accusations of Russian involvement in the US election …
I need to address this… Russia hacked the US Elections – right?
Not so fast … we do NOT have any evidence that Russia, or any other foreign government entity, was able to interfere with the election process at the ballot box. There is simply no evidence of there ANYWHERE. That said, there might be evidence that the Russian had a hand in the hacking of the DNC.
Although there is also evidence that John Podesta’s email was simply hacked because he foolishly clicked on a link in a phishing email. Even though Mr Podesta was suspicious, and asked his ‘tech support’ – he was given bad advice (now claimed to be a ‘mistake’) – and he clicked the link, and compromised his own email. That is typically your common or garden phishing attack – which might or might not be nation state initiated (probably isn’t though).
However – there we do know that the DNC had their servers hacked. And the Remote Access Toolkit – or RAT – that was left behind. And that RAT shows striking similarities to a RAT used to hack Ukrainian Military Commanders’ smartphones. Furthermore, this RAT is supposedly not being widely sold in public crimeware forums. Which might indicate that it is a closely held and powerful tool belonging to the Russian cyber-intelligence agencies. It might also indicate that the author of such a tool has a very limited number of clients. ie, we have NOTHING to link this RAT to Russia conclusively.
But enough of this – why is Russia seemingly able to do this stuff – and are not?
Again – there is no evidence available that says we are not doing the same. But – there is a perception that we might not be that ‘advanced’. And I think part of this might come a difference in publicized hiring strategies. Yes – Russia might be hiring more devious cyber-attackers. Or are they?
How could they get better hackers?
They are not restricted in the same way – US government operated on the basis that we don’t hire felons. So when a REALLY talented hacker is found, he (or she) cannot be hired by the government. He (or she) can find employment in the private sector – and their employer might get government contracts. But is that person going to get clearance to work on the super-secret stuff? No – they are not. At least not publicly.
Is ‘Fancy Bears’ a nation-state hacker collective?
So – it looks like the US cannot use or hire the very best cyber-talent perhaps?
Maybe… maybe not. I’m not so certain that the top talent used by the US isn’t as talented as the Russian talent. Again – we don’t know what the US has – they won’t broadcast it!! There is also nothing to say that the top cyber talent is criminal and therefore the US cannot hire ‘top talent’.
But I would say that the spy or criminal might think a little differently… that doesn’t mean someone who is honest cannot think like a criminal or a spy.
Have we concluded anything… umm… no, I don’t think so.
So – if you want to speculate some more on this – go and read the NYT article here… How Russia Recruited Elite Hackers for Its Cyberwar
It has some nice points which I have brought across as quotes here:
“There have been cases where cybercriminals are arrested but never ended up in prison,” said Dmitri Alperovitch, the co-founder and chief technology officer of CrowdStrike, the cybersecurity company that first identified the group known as Fancy Bear as the perpetrator of the Democratic National Committee hacking.
and
“Almost all developed countries in the world, unfortunately, are creating offensive capabilities, and many have confirmed this,” said Anton M. Shingarev, a vice president at Kaspersky, a Russian antivirus company.
Recruitment by Russia’s military should be expected, he said. “You or I might be angry about it, but, unfortunately, it’s just reality. Many countries are doing it. This is the reality.”
and
American intelligence agencies, including the National Security Agency, have for decades recruited on college campuses. In 2015, the N.S.A. offered a free summer camp to 1,400 high school and middle school students, where they were taught the basics of hacking, cracking and cyberdefense.
In Russia, recruiters have looked well beyond the nation’s school system.
In 2013, as Russia’s recruitment drive was picking up, Dmitry A. Artimovich, a soft-spoken physicist, was awaiting trial in a Moscow jail for designing a computer program that spammed email users with advertisements for male sexual enhancement products.
One day a cellmate, who had been convicted of selling narcotics online, sidled up to him with some news. The cellmate said that people incarcerated for cybercrimes could get out before trial, in exchange for working for the government. Another inmate had already taken a deal, he said.
So – do we think that the US plays by a different set of rules? Perhaps… but one thing I would comment on..