Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

// // //
6/2/2021
10:00 AM
Adam Darrah
Adam Darrah
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv

Chaos for the Sake of Chaos? Yes, Nation-States Are That Cynical

Many nation-state-backed attacks are intended to destabilize the US government, not steal from it.

We're hearing more and more about cyber-espionage activity launched by nation-states, but this doesn't necessarily mean these cyberattacks, hacks, and disinformation campaigns are happening more often. Cyber-enabled operations by criminals, nation-states, and curious dilettantes have been constants that are increasingly reported, examined, and weaponized. Furthermore, reports often place cyber espionage, hacks, data breaches, and influence campaigns under the "cyberattack" umbrella, which conjures up the feeling that individuals, communities, and nations are under perpetual attack by hostile external forces.

By clarifying the difference between cyber-intelligence operations and hacking, we can better understand espionage and the motives of US adversaries:

Related Content:

Nation-State Attacks Force a New Paradigm: Patching as Incident Response

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: The Makings of a Better Cybersecurity Hire

  • Espionage is intelligence derived from a technology-enabled, intrusive operation sponsored and executed by a nation-state's intelligence service. It does not necessarily mean that a country has been attacked. All nations seek insight into their adversaries' leadership, military, economic, and political plans and intentions, and use espionage to gain those insights.

  • Hacking is a bit more nuanced. Hacking can be the unauthorized access of another person or entity's technical equipment, systems, or software with intent to do harm. Hacking can also be part of an intelligence operation for the purpose of releasing embarrassing information about a rival country's political elite to destabilize the rival while demonstrating its own virtues.

This juxtaposition is useful in authoritarian-leaning countries where political and economic stability is more fragile. Knowing the purpose of a hack (versus what it did) can help discern if it was an act of war, criminal behavior, a hack-and-dump operation designed to embarrass, or an attempt to infiltrate a group to sow dissent.

But why does this matter to the average person, and what role do citizens play?

Raising Awareness of Nation-State Motivations
It's hard for Americans to imagine that nation-states just want to "watch the United States burn," but our adversaries are that cynical. This also provides them cover. In addition to gaining political intelligence and stealing intellectual property, a lot of cyber espionage is focused on political interference and creating chaos. These campaigns create a sense of "look at what these Americans are about" and aim to build an internal power base with propaganda to showcase a false view of the instability of democracy.

A great example of this positioning is Vladimir Putin's interview with Megyn Kelly in March 2018, which showcased the vast amount of knowledge our adversaries have. Putin seized the moment to message Russian strength at the expense of a smart, well-prepared veteran journalist. Messaging matters, period. Putin also meant to send a message to the United States that it was time to stop the tit-for-tat meddling in each other's internal politics (from the Russian perspective). It was a master's course in Russian messaging.

Another platform for US adversaries is social media, which has become an extremely divisive place. I argue that a lot of the politically charged content being shared online — you know, the totally outlandish posts you either can't believe or seem so crazy that you think maybe they're true — result from nation-state misinformation and disinformation campaigns.

Misinformation is objectively false information disseminated unintentionally by an unwitting entity. Disinformation is the willful, intentional dissemination of inaccurate or false information with the intention to polarize, propagandize, and deceive a population. From an intelligence standpoint, this tool is used to interfere in another country's politics. One example is the 2016 presidential election, where nation-states worked hard to keep various ideological camps at each other's throats. Or in 2020, where nation-states made counteraccusations about the "true" origin of the COVID-19 pandemic to keep people confused, scared, angry, and constantly questioning.

Individuals' Role in Combatting Disinformation and Misinformation
Our adversaries' motivations include creating distrust and sowing dissent. So, how can individuals avoid becoming unwitting victims of misinformation that supports our adversaries' goals? One way is to know that if you are reading something extremely hyperbolic, it is most likely false. Take a breath; pause before you believe it, take a minute to digest the information, and don't just click and share it. Algorithms know us and our habits, and adversaries are monitoring that too. Make sure you are doing your research to seek validated news sources to confirm any story you read online.

People should understand that what they know, who they know, and what they have access to matters. They may not feel that they would add value to a nation-state's misinformation campaign, but everything people do matters. Even average people have more access, insight, and connections than they realize.

No one should be complacent in thinking they are off-limits. We are all targets to our adversaries and threat actors, who are extremely sophisticated in understanding American culture. They don't trust our society, and they think we are doing the same things to them. It's time to rethink the rules of the game our adversaries are playing because they are not even on the same playing field as we are.

Adam Darrah is an experienced intelligence analyst, skilled in putting international affairs into cultural and political context. Adam spent eight years working for the US government, coordinating across several federal agencies to fill critical knowledge gaps on national ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Creating an Effective Incident Response Plan
Security teams are realizing their organizations will experience a cyber incident at some point. An effective incident response plan that takes into account their specific requirements and has been tested is critical. This issue of Tech Insights also includes: -a look at the newly signed cyber-incident law, -how organizations can apply behavioral psychology to incident response, -and an overview of the Open Cybersecurity Schema Framework.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-44279
PUBLISHED: 2022-11-29
Garage Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /garage/php_action/createBrand.php.
CVE-2022-4144
PUBLISHED: 2022-11-29
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use th...
CVE-2022-4172
PUBLISHED: 2022-11-29
An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest...
CVE-2022-46150
PUBLISHED: 2022-11-29
Discourse is an open-source discussion platform. Prior to version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This is...
CVE-2022-21126
PUBLISHED: 2022-11-29
The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it.