Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

// // //
6/2/2021
10:00 AM
Adam Darrah
Adam Darrah
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv

Chaos for the Sake of Chaos? Yes, Nation-States Are That Cynical

Many nation-state-backed attacks are intended to destabilize the US government, not steal from it.

We're hearing more and more about cyber-espionage activity launched by nation-states, but this doesn't necessarily mean these cyberattacks, hacks, and disinformation campaigns are happening more often. Cyber-enabled operations by criminals, nation-states, and curious dilettantes have been constants that are increasingly reported, examined, and weaponized. Furthermore, reports often place cyber espionage, hacks, data breaches, and influence campaigns under the "cyberattack" umbrella, which conjures up the feeling that individuals, communities, and nations are under perpetual attack by hostile external forces.

By clarifying the difference between cyber-intelligence operations and hacking, we can better understand espionage and the motives of US adversaries:

Related Content:

Nation-State Attacks Force a New Paradigm: Patching as Incident Response

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: The Makings of a Better Cybersecurity Hire

  • Espionage is intelligence derived from a technology-enabled, intrusive operation sponsored and executed by a nation-state's intelligence service. It does not necessarily mean that a country has been attacked. All nations seek insight into their adversaries' leadership, military, economic, and political plans and intentions, and use espionage to gain those insights.

  • Hacking is a bit more nuanced. Hacking can be the unauthorized access of another person or entity's technical equipment, systems, or software with intent to do harm. Hacking can also be part of an intelligence operation for the purpose of releasing embarrassing information about a rival country's political elite to destabilize the rival while demonstrating its own virtues.

This juxtaposition is useful in authoritarian-leaning countries where political and economic stability is more fragile. Knowing the purpose of a hack (versus what it did) can help discern if it was an act of war, criminal behavior, a hack-and-dump operation designed to embarrass, or an attempt to infiltrate a group to sow dissent.

But why does this matter to the average person, and what role do citizens play?

Raising Awareness of Nation-State Motivations
It's hard for Americans to imagine that nation-states just want to "watch the United States burn," but our adversaries are that cynical. This also provides them cover. In addition to gaining political intelligence and stealing intellectual property, a lot of cyber espionage is focused on political interference and creating chaos. These campaigns create a sense of "look at what these Americans are about" and aim to build an internal power base with propaganda to showcase a false view of the instability of democracy.

A great example of this positioning is Vladimir Putin's interview with Megyn Kelly in March 2018, which showcased the vast amount of knowledge our adversaries have. Putin seized the moment to message Russian strength at the expense of a smart, well-prepared veteran journalist. Messaging matters, period. Putin also meant to send a message to the United States that it was time to stop the tit-for-tat meddling in each other's internal politics (from the Russian perspective). It was a master's course in Russian messaging.

Another platform for US adversaries is social media, which has become an extremely divisive place. I argue that a lot of the politically charged content being shared online — you know, the totally outlandish posts you either can't believe or seem so crazy that you think maybe they're true — result from nation-state misinformation and disinformation campaigns.

Misinformation is objectively false information disseminated unintentionally by an unwitting entity. Disinformation is the willful, intentional dissemination of inaccurate or false information with the intention to polarize, propagandize, and deceive a population. From an intelligence standpoint, this tool is used to interfere in another country's politics. One example is the 2016 presidential election, where nation-states worked hard to keep various ideological camps at each other's throats. Or in 2020, where nation-states made counteraccusations about the "true" origin of the COVID-19 pandemic to keep people confused, scared, angry, and constantly questioning.

Individuals' Role in Combatting Disinformation and Misinformation
Our adversaries' motivations include creating distrust and sowing dissent. So, how can individuals avoid becoming unwitting victims of misinformation that supports our adversaries' goals? One way is to know that if you are reading something extremely hyperbolic, it is most likely false. Take a breath; pause before you believe it, take a minute to digest the information, and don't just click and share it. Algorithms know us and our habits, and adversaries are monitoring that too. Make sure you are doing your research to seek validated news sources to confirm any story you read online.

People should understand that what they know, who they know, and what they have access to matters. They may not feel that they would add value to a nation-state's misinformation campaign, but everything people do matters. Even average people have more access, insight, and connections than they realize.

No one should be complacent in thinking they are off-limits. We are all targets to our adversaries and threat actors, who are extremely sophisticated in understanding American culture. They don't trust our society, and they think we are doing the same things to them. It's time to rethink the rules of the game our adversaries are playing because they are not even on the same playing field as we are.

Adam Darrah is an experienced intelligence analyst, skilled in putting international affairs into cultural and political context. Adam spent eight years working for the US government, coordinating across several federal agencies to fill critical knowledge gaps on national ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file