Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Nation-State Cyberthreats: Why They Hack
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
Marilyn Cohodas,
 User Rank: Strategist
1/26/2015 | 9:25:03 AM
Re: Why the Hack Not?
Good points,@andregironda. If you haven't already, I hope you will take a few minutes to check out and comment on Mike's follow up blogs on why Russia and North Korea hack. Coming up next is Iran, then US & Israel. So stay tuned! 
andregironda
andregironda,
 User Rank: Strategist
1/26/2015 | 8:49:29 AM
Re: Why the Hack Not?
It is really simple to gauge the intentions of each country leading to cyber indications, based on a sort of personality test.

While the sociocultural theories are still under massive development, starter frameworks such as Hofstede's cultural dimensions theory should be used to explain the intracacies behind what is going on with cyber.

For China, it is merely about the feeling of overpopulation and raising the standard of living. They feel that breaking the rules is ok because of a sort of motherbearing complex.

Iran is surrounded by great countries of power: Oman and Qatar with huge financial success, Saudi Arabia with their GDP, UAE with their flexibility and popularity, and Iran's local enemy, Israel, with their advanced weapons research. So they build a brotherhood with Lebanon, Syria, Iraq, and the Caucasus.

Russia wants to take all. They want land and resources especially. There is a narcissism to this country that can't be staved.

North Korea has nothing to lose and everything to gain. There is always power in powerlessness and it comes out in cyber.

Part of the problem we have in the US is that we see things only from our perspective. There are many other players, but they may be sided with popular interests. For example, Taiwan -- an enemy of China or not? How do Europe and Russia relate? What of Central, South America, and the Carribean? Africa? You will see all of these in the foreign-relations-related media but rarely ever spoken of in terms of cyber capabilities or interests.
mwallsedgewave
mwallsedgewave,
 User Rank: Author
1/16/2015 | 12:26:18 PM
Re: Why the Hack Not?
Great points!  We agree that an understanding of motivation for malicious cyber activity provides insight into what hapopens after a successful attack.  We also agree that it is criitical that we defend against bad actors obtaining credentials.  I think we would also agree that both these points support the notion that we need a more holistic approach to cyber defense.  To truly understand how to defend, we need the complete or "Big" picture.  A little offensive cyber would also help...but we'll have to leave that to the Government.

Again, great points, Thanks!!!
ernesthemmingway
ernesthemmingway,
 User Rank: Apprentice
1/14/2015 | 3:10:17 PM
Re: Why the Hack Not?
Excellent article. Understanding the motives and expectations of an adversary is extremely critical to designing a response. As noted, 'ethics', are relative to cultures and are varied depending on your world view. China, Russia and Iran for example have significantly different histories, cultures and world views. Each would likely have diverse agendas for attacking your enterprise, which makes our job quite interesting.

What I might suggest is that while the adversaries are diverse, their means of attack do have a common thread- acquiring credentials from the target in some fashion. Regardless of their goals, our opponents need credentials. Their motivations and capabilities to me mainly become critical post credential compromise... what will they do with those credentials and why?

Doing all we can to make those credentials expensive to obtain seems to be the best solution at this point. I am hopeful that behavior analytics will mature to the extent we can identify anomolous activity to become aware of when the credentials have been compromised. For some highly sensitive accounts this can today be acheived to some degree, however for the most part, most identities are very difficult to recognize as compromised when in the hands of a skilled attacker.
Marilyn Cohodas
Marilyn Cohodas,
 User Rank: Strategist
1/14/2015 | 2:35:11 PM
Re: Why the Hack Not?
Yes , and, to me, the value of this series, is to better understand the context for various  nation-state actors in the  actions they choose to take. Thanks for enlightening us!
mwallsedgewave
mwallsedgewave,
 User Rank: Author
1/14/2015 | 2:15:40 PM
Re: Why the Hack Not?
Thanks Marilyn.  Your statement about China not having "any ethical problem with stealing intellecctual property to further its aims" really captures the point...Nations will act according to what they see as in their own best interest.
mwallsedgewave
mwallsedgewave,
 User Rank: Author
1/14/2015 | 2:01:17 PM
Re: Why the Hack Not?
I think Nations/governments "do things" for a number of reasons, but usually they are acting out of what they see as their "National Interests."  A question is whether they are justifiable, or "just" "National Interestes."
David Wagner
David Wagner,
 User Rank: Black Belt
1/13/2015 | 12:21:58 PM
Re: Why the Hack Not?
@Marilyn- Well, I find the article interesting, but I don't think the targets of hacking are the "whys" of hacking. If it wasn't medical technology it would be mining or anything else. Evne if the only thing left to take was vacation pictures, a government would take them. 
Marilyn Cohodas
Marilyn Cohodas,
 User Rank: Strategist
1/13/2015 | 12:17:48 PM
Re: Why the Hack Not?
Have to respectfully disagree with you @Dave. I think it's fascinating to learn, for instance, that China looks to the West for technology solutions, and doesn't have any ethical problem with stealing intellecctual property to further its aims. I also had no idea that the Chinese were focused on medical technology innovation and that they are invnesting in that sector of their own economy. Looking forward to reading about what's going on in North Korea, Russia and others in the series. 

 

 
David Wagner
David Wagner,
 User Rank: Black Belt
1/8/2015 | 11:17:33 AM
Why the Hack Not?
I guess my answer to the question of why countries hack is the same as why countries do anything-- governments tend to do whatever they can get away with unchecked. Until someone checks them, governments will do it. Sure, knowing the reason behind the espionage helps defend against it. But "because we can" is always the best reason. 


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1142
PUBLISHED: 2023-03-27
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.
CVE-2023-1143
PUBLISHED: 2023-03-27
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code.
CVE-2023-1144
PUBLISHED: 2023-03-27
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.
CVE-2023-1145
PUBLISHED: 2023-03-27
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
CVE-2023-1655
PUBLISHED: 2023-03-27
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.