Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

6/2/2021
10:00 AM
Adam Darrah
Adam Darrah
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Chaos for the Sake of Chaos? Yes, Nation-States Are That Cynical

Many nation-state-backed attacks are intended to destabilize the US government, not steal from it.

We're hearing more and more about cyber-espionage activity launched by nation-states, but this doesn't necessarily mean these cyberattacks, hacks, and disinformation campaigns are happening more often. Cyber-enabled operations by criminals, nation-states, and curious dilettantes have been constants that are increasingly reported, examined, and weaponized. Furthermore, reports often place cyber espionage, hacks, data breaches, and influence campaigns under the "cyberattack" umbrella, which conjures up the feeling that individuals, communities, and nations are under perpetual attack by hostile external forces.

By clarifying the difference between cyber-intelligence operations and hacking, we can better understand espionage and the motives of US adversaries:

Related Content:

Nation-State Attacks Force a New Paradigm: Patching as Incident Response

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: The Makings of a Better Cybersecurity Hire

  • Espionage is intelligence derived from a technology-enabled, intrusive operation sponsored and executed by a nation-state's intelligence service. It does not necessarily mean that a country has been attacked. All nations seek insight into their adversaries' leadership, military, economic, and political plans and intentions, and use espionage to gain those insights.

  • Hacking is a bit more nuanced. Hacking can be the unauthorized access of another person or entity's technical equipment, systems, or software with intent to do harm. Hacking can also be part of an intelligence operation for the purpose of releasing embarrassing information about a rival country's political elite to destabilize the rival while demonstrating its own virtues.

This juxtaposition is useful in authoritarian-leaning countries where political and economic stability is more fragile. Knowing the purpose of a hack (versus what it did) can help discern if it was an act of war, criminal behavior, a hack-and-dump operation designed to embarrass, or an attempt to infiltrate a group to sow dissent.

But why does this matter to the average person, and what role do citizens play?

Raising Awareness of Nation-State Motivations
It's hard for Americans to imagine that nation-states just want to "watch the United States burn," but our adversaries are that cynical. This also provides them cover. In addition to gaining political intelligence and stealing intellectual property, a lot of cyber espionage is focused on political interference and creating chaos. These campaigns create a sense of "look at what these Americans are about" and aim to build an internal power base with propaganda to showcase a false view of the instability of democracy.

A great example of this positioning is Vladimir Putin's interview with Megyn Kelly in March 2018, which showcased the vast amount of knowledge our adversaries have. Putin seized the moment to message Russian strength at the expense of a smart, well-prepared veteran journalist. Messaging matters, period. Putin also meant to send a message to the United States that it was time to stop the tit-for-tat meddling in each other's internal politics (from the Russian perspective). It was a master's course in Russian messaging.

Another platform for US adversaries is social media, which has become an extremely divisive place. I argue that a lot of the politically charged content being shared online — you know, the totally outlandish posts you either can't believe or seem so crazy that you think maybe they're true — result from nation-state misinformation and disinformation campaigns.

Misinformation is objectively false information disseminated unintentionally by an unwitting entity. Disinformation is the willful, intentional dissemination of inaccurate or false information with the intention to polarize, propagandize, and deceive a population. From an intelligence standpoint, this tool is used to interfere in another country's politics. One example is the 2016 presidential election, where nation-states worked hard to keep various ideological camps at each other's throats. Or in 2020, where nation-states made counteraccusations about the "true" origin of the COVID-19 pandemic to keep people confused, scared, angry, and constantly questioning.

Individuals' Role in Combatting Disinformation and Misinformation
Our adversaries' motivations include creating distrust and sowing dissent. So, how can individuals avoid becoming unwitting victims of misinformation that supports our adversaries' goals? One way is to know that if you are reading something extremely hyperbolic, it is most likely false. Take a breath; pause before you believe it, take a minute to digest the information, and don't just click and share it. Algorithms know us and our habits, and adversaries are monitoring that too. Make sure you are doing your research to seek validated news sources to confirm any story you read online.

People should understand that what they know, who they know, and what they have access to matters. They may not feel that they would add value to a nation-state's misinformation campaign, but everything people do matters. Even average people have more access, insight, and connections than they realize.

No one should be complacent in thinking they are off-limits. We are all targets to our adversaries and threat actors, who are extremely sophisticated in understanding American culture. They don't trust our society, and they think we are doing the same things to them. It's time to rethink the rules of the game our adversaries are playing because they are not even on the same playing field as we are.

Adam Darrah is an experienced intelligence analyst, skilled in putting international affairs into cultural and political context. Adam spent eight years working for the US government, coordinating across several federal agencies to fill critical knowledge gaps on national ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.
CVE-2021-32553
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.