A cyber-assault that compromised iPhones owned by a Russian technology corporation is being attributed to hackers affiliated with the US government. Could the incident, and the retaliatory measures enacted by the Russian government, be resetting the definition of who is perceived as the “good guys” and “bad guys” in cyber-space?
Camaro Dragon, Fancy Bear, Static Kitten, and Stardust Chollima - these are not fictitious characters from the latest Marvel movie but rather, some of the most dreaded hacking collectives on the planet.
For many years, these exclusive cyber squads have been followed from one breach to another, allegedly on orders from their countries’ governments, as they acquire confidential information and sow chaos.
Cyber-security firms have come up with cartoon depictions of them.
Marketeers from these companies often caution their customers about the origins of "advanced persistent threats" (APTs), marked on a world map by dots - typically pointing to Russia, China, North Korea and Iran.
In contrast to other areas, certain components of the map are blank.
It is uncommon to hear about hacking groups and cyber-attacks from the West.
An extensive breach that occurred in Russia a while back may give us some insights.
From his vantage point overlooking the Moscow Canal, the cyber-security worker observed as peculiar pings appeared on the organization's wi-fi network.
Scores of employees' cell phones were transmitting data to unfamiliar segments of the web at the same time.
This, however, was not just a regular firm.
Kaspersky, one of Russia's most significant cyber corporations, looked into the possibility of a strike on its personnel.
Igor Kuznetsov, the chief security researcher, states that, initially, their thoughts went to spyware; however, they were extremely doubtful about it.
It's common knowledge that there are powerful cyber tools that can be used to make a mobile phone into a spying device, but I was of the opinion that this was just an urban myth that occurred to people in some distant place.
Following a prolonged examination of around "several dozen" affected iPhones, Igor realised that their suspicion had been correct and that they had actually exposed a wide-scale, advanced surveillance-hacking effort aimed at their workers.
The attack they had uncovered was a great source of anxiety for cyber defenders.
The hackers developed a strategy to infect iPhones by sending an iMessage that self-destructed once the harmful program was injected into the gadget.
Igor states, "You are unaware, yet you have already been infected."
The perpetrators were being sent back the victims' entire phone content at regular intervals. This included messages, emails, pictures and even access to cameras and microphones.
Staying in line with Kaspersky's steadfast principle of not assigning blame, Igor declares they have no interest in determining the origin of this cyber espionage offense.
"Data bytes possess no nation-state affiliations - insinuations that a certain nation state was the source of a cyber-attack are made in a deliberate way," he states.
However, the Russian government is not as preoccupied with this.
On the day Kaspersky made known its discovery, Russian security services released an imperative notice which revealed that they had identified an exploration conducted by American intelligence organizations making use of Apple mobile gadgets.
The Russian cyber-intelligence service refrained from any mention of Kaspersky, yet stated that "several thousand telephone sets" belonging to Russian and foreign diplomats had been infected.
The bulletin mentioned that Apple might have been complicit in the hacking scheme, to which the company responded by denying any such involvement.
The United States National Security Agency (NSA), which is suspected to be the perpetrator, informed BBC News that it had no comment.
Igor maintains that Kaspersky had no prior knowledge of the Russian security services and the announcement made by the government had come as an unexpected shock.
Many in the cyber-security sphere will be taken aback by this - the Russian government seemed to be releasing a shared statement in conjunction with Kaspersky, for maximum effect, a technique that is becoming more frequently used by Western countries to reveal hacking efforts and openly accuse.
Last month, the US government and Microsoft jointly declared that Chinese government hackers had infiltrated energy networks in US territories.
This was quickly and as expected followed by confirmation from the United States' cyber allies - the UK, Australia, Canada and New Zealand, more widely known as the Five Eyes.
China replied quickly, denying the story was part of a "coordinated disinformation effort" by the Five Eyes nations.
Mao Ning, a representative of the Chinese Foreign Ministry, restated China's typical position, saying, "The reality is that the US is a hacking empire."
Currently, China appears to be utilizing a more forceful strategy of blaming Western cyber intrusion.
China Daily, a news outlet operated by the state, has cautioned that hackers under the sponsorship of foreign governments pose the greatest danger to the country's cyber-security.
A warning was issued by Chinese company 360 Security Technology, which had discovered 51 hacker organisations that were targeting China.
The company did not give any comments in response to queries.
In September of last year, China leveled an accusation of US-conducted hacking against a government-funded university which was responsible for aeronautics and space related research programmes.
"Stone notes that China and Russia have recently realized just how successful the cyber exposure model used in the West is, and this seems to be causing a change in the dynamics," states Rubrik Zero Labs Head Steve Stone, who previously worked in cyber intelligence.
I will also express that I consider this to be a positive development. I have no objection to other countries disclosing the activities of Western countries. I believe it's only right and reasonable.
Lots of people don't take the Chinese accusation that the US is an empire of hacking seriously - but it does contain some truth.
The IISS states that the US is the sole superpower in the cyber world when it comes to attack, defence and impact.
The second tier consists of:
According to researchers at the Belfer Centre for Science and International Affairs, the United States is viewed as the world's most powerful nation in terms of cyber capabilities, based on the National Cyber Power Index.
Julia Voo, the chief researcher for the paper, has observed a change.
She states that espionage is common among governments, now typically taking the form of cyber-attacks, and raises the question of who is ruling the cyber world in a responsible or irresponsible manner.
She claims that making a roster of APT groups and disregarding the presence of Western ones is not presenting an accurate picture of reality.
Ms Voo claims that reading only one side of the reports concerning hacking attacks aggravates a general lack of knowledge.
The public should be broadly educated, since this holds the key to resolving future disputes between countries.
Ms Voo commends the British government for releasing its first transparency report on the activities of the National Cyber Force.
She states that it is not highly detailed, but it is more than what other countries have.
The deficiency of disclosure can also be a result of companies in the cyber-security field.
Mr Stone dubs it a "data bias" - Western cyber-security companies are not cognizant of western hacking due to their lack of customers in countries that are their competitors.
It is possible that less effort may have been deliberately put into certain investigations.
Mr Stone expressed his belief that some firms may be suppressing knowledge of a potential Western offensive.
He has never been part of a team that has refrained from giving its all.
Governments like the UK or US offer lucrative contracts which are a huge moneymaker for many cyber-security businesses.
A Middle Eastern cyber-security researcher remarked that the cyber-security intelligence market is largely dominated by Western vendors and greatly shaped by the desires and requirements of their clients.
An expert who wished to not be named is one of the numerous volunteers frequently contributing to the APT Google Sheet which is a free-to-access online spreadsheet cataloging all recognized occurrences of malicious actor activities, regardless of their sources.
The Nato tab has monikers like Longhorn, Snowglobe and Gossip Girl, yet the expert concedes that it is quite barren in comparison to tabs concerning other countries and regions.
He states that a potential explanation for why there is not much data regarding Western cyber-attacks might be because they tend to be conducted with a greater degree of secrecy, and therefore lead to fewer damaging side effects.
The expert noted that western countries are likely to execute their cyber operations more accurately and strategically, compared to the more belligerent and wide-reaching assaults typically linked to nations such as Iran and Russia.
Consequently, Western cyber operations often produce less of a disturbance.
A second factor associated with not reporting could be a lack of trust.
Russian and Chinese hacking allegations are frequently disregarded because there is usually a lack of proof.
Despite often criticizing others, Western governments rarely provide evidence to support their claims.
top of page
bottom of page
Comentarios