Many nation-state-backed attacks are intended to destabilize the US government, not steal from it.

Adam Darrah, Senior Director of Dark Ops, ZeroFox

June 2, 2021

4 Min Read

We're hearing more and more about cyber-espionage activity launched by nation-states, but this doesn't necessarily mean these cyberattacks, hacks, and disinformation campaigns are happening more often. Cyber-enabled operations by criminals, nation-states, and curious dilettantes have been constants that are increasingly reported, examined, and weaponized. Furthermore, reports often place cyber espionage, hacks, data breaches, and influence campaigns under the "cyberattack" umbrella, which conjures up the feeling that individuals, communities, and nations are under perpetual attack by hostile external forces.

By clarifying the difference between cyber-intelligence operations and hacking, we can better understand espionage and the motives of US adversaries:

  • Espionage is intelligence derived from a technology-enabled, intrusive operation sponsored and executed by a nation-state's intelligence service. It does not necessarily mean that a country has been attacked. All nations seek insight into their adversaries' leadership, military, economic, and political plans and intentions, and use espionage to gain those insights.

  • Hacking is a bit more nuanced. Hacking can be the unauthorized access of another person or entity's technical equipment, systems, or software with intent to do harm. Hacking can also be part of an intelligence operation for the purpose of releasing embarrassing information about a rival country's political elite to destabilize the rival while demonstrating its own virtues.

This juxtaposition is useful in authoritarian-leaning countries where political and economic stability is more fragile. Knowing the purpose of a hack (versus what it did) can help discern if it was an act of war, criminal behavior, a hack-and-dump operation designed to embarrass, or an attempt to infiltrate a group to sow dissent.

But why does this matter to the average person, and what role do citizens play?

Raising Awareness of Nation-State Motivations
It's hard for Americans to imagine that nation-states just want to "watch the United States burn," but our adversaries are that cynical. This also provides them cover. In addition to gaining political intelligence and stealing intellectual property, a lot of cyber espionage is focused on political interference and creating chaos. These campaigns create a sense of "look at what these Americans are about" and aim to build an internal power base with propaganda to showcase a false view of the instability of democracy.

A great example of this positioning is Vladimir Putin's interview with Megyn Kelly in March 2018, which showcased the vast amount of knowledge our adversaries have. Putin seized the moment to message Russian strength at the expense of a smart, well-prepared veteran journalist. Messaging matters, period. Putin also meant to send a message to the United States that it was time to stop the tit-for-tat meddling in each other's internal politics (from the Russian perspective). It was a master's course in Russian messaging.

Another platform for US adversaries is social media, which has become an extremely divisive place. I argue that a lot of the politically charged content being shared online — you know, the totally outlandish posts you either can't believe or seem so crazy that you think maybe they're true — result from nation-state misinformation and disinformation campaigns.

Misinformation is objectively false information disseminated unintentionally by an unwitting entity. Disinformation is the willful, intentional dissemination of inaccurate or false information with the intention to polarize, propagandize, and deceive a population. From an intelligence standpoint, this tool is used to interfere in another country's politics. One example is the 2016 presidential election, where nation-states worked hard to keep various ideological camps at each other's throats. Or in 2020, where nation-states made counteraccusations about the "true" origin of the COVID-19 pandemic to keep people confused, scared, angry, and constantly questioning.

Individuals' Role in Combatting Disinformation and Misinformation
Our adversaries' motivations include creating distrust and sowing dissent. So, how can individuals avoid becoming unwitting victims of misinformation that supports our adversaries' goals? One way is to know that if you are reading something extremely hyperbolic, it is most likely false. Take a breath; pause before you believe it, take a minute to digest the information, and don't just click and share it. Algorithms know us and our habits, and adversaries are monitoring that too. Make sure you are doing your research to seek validated news sources to confirm any story you read online.

People should understand that what they know, who they know, and what they have access to matters. They may not feel that they would add value to a nation-state's misinformation campaign, but everything people do matters. Even average people have more access, insight, and connections than they realize.

No one should be complacent in thinking they are off-limits. We are all targets to our adversaries and threat actors, who are extremely sophisticated in understanding American culture. They don't trust our society, and they think we are doing the same things to them. It's time to rethink the rules of the game our adversaries are playing because they are not even on the same playing field as we are.

About the Author(s)

Adam Darrah

Senior Director of Dark Ops, ZeroFox

Adam Darrah is an experienced intelligence analyst, skilled in putting international affairs into cultural and political context. Adam spent eight years working for the US government, coordinating across several federal agencies to fill critical knowledge gaps on national security priorities, which helped form his specialization in Central Eurasian political, security, and intelligence issues.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights