When you imagine the world of espionage, do you think of undercover agents trying to recruit a mole or cracking safes to steal sensitive information? Those who do, may be thinking in the past. The game has changed.
When I was working for the F.B.I., I had to go undercover to catch double agent Robert Hanssen. Essentially, I was acting as a spy hunter. I had to gain his trust, get under his skin, learn what made him tick and work out where his weaknesses were. Emotions were running high, as he was taking secrets to the enemy. So it was a tough environment in which to keep your cool. Above all else, you need patience to catch a spy.
The key elements to espionage and combating it remain the same: the bad guys are still after data and it’s the good guys’ job to catch them. However, the contemporary battle is fought with keyboards and software rather than dead-drops and balaclavas.
As technology has becomes more sophisticated, the battlefield is increasingly shifting from the physical to the digital. With cyber war now being fought on a global scale, there is more onus on security than ever, and too many organisations are failing to take the threat as seriously as they should.
We are no longer talking about simply accessing an organisation’s sensitive data, but literally shutting down cities or even a nation’s critical infrastructure. The scope of the threat is likely to grow as we continue down the path of digitalisation. It is no longer enough to defend and react if you are breached. Taking a ‘bad-guy’ approach is a massive step forward when tackling your attackers in the world of cyber-espionage.
Where are the threats coming from?
The first step toward this is understanding where threats are coming from. When cyber crime first hit the scene, we saw standalone criminals working towards their own personal agendas. Those days are over, and nation states have wised up to the potential benefits of digital warfare and cyber-espionage.
Many countries are actively recruiting hackers. We see examples of this every day, from China’s army of hackers, to Ukraine’s power grid being taken down by Russian cyber spies, and speculation that Russia is attempting to influence the 2016 U.S. election.
I have no doubt that the U.K. and U.S. employ such tactics too – Edward Snowden, before the whistle-blowing days, comes to mind. For the hackers involved, the resources that result from state backing are an incredibly attractive draw, providing an injection of equipment and cash that enables them to evolve their techniques rapidly.
Understanding the source can give a much better chance of discovering the motive. The reason a state actor is attacking might be entirely different from someone operating on their own accord. The reasons can range from trying to gain a competitive advantage, to disrupting a system or location – as with that Ukrainian power grid hack. The motive for an attack can often disclose a lot about the method, and vice-versa. Hence, if you know the method, you can understand the target, and if you know the target you may have a better grasp of the method most likely to be used to infiltrate it.
Cyber spy hunting
Those seeking a motive must be able to think like a hacker. Catching criminals doesn’t happen by accident, and putting yourself in their shoes enables you to get a clearer picture of what their movements might be. Putting this into practice is imperative, not only in the aftermath of a breach, but in protecting against one in the first place. If you can get into the mindset of a hacker, you can actively seek out your own vulnerabilities, understand what tactics might be used to gain entry, and what data can be accessed using those methods.
In contemporary society, the methods have grown concurrently with the technology. Techniques such as ‘spear phishing’ have benefited hugely from the advent of social media. Platforms such as LinkedIn have allowed cyber spies to stalk employees online and learn enough about them to make a convincing approach and recruit them as an unwitting mole in their organisation. Taking advantage of the naivety of human actors and the vulnerabilities that employees pose to their organisation’s security is becoming commonplace in cyber-espionage.
Knowing the potential techniques that a hacker might use can provide an invaluable weapon when fighting back against cyber criminals. A near constant gathering of information is the key to success here. Gather as many external sensors as possible and participate in a vocal community that is sharing information.
Effectively, you are putting as many eyes and ears out there as you can. Like covert agents, you are creating blanket surveillance of your systems and vulnerabilities. This visibility makes it easier to see attacks coming, and where your enemies will look to strike. You can then put up as many trip wires around these areas as possible. Hackers are constantly looking for the shortest and easiest route to the ground, and consistently being able to increase this distance is a sure-fire way to put them off.
Taking a proactive approach to security is often the most effective way of protecting yourself. The sentiment ‘the best defence is having a good offence’ really does ring true here. By taking the fight to attackers, you can stop them in their tracks and prevent breaches at the source. With more sophisticated methods being used, and a greater volume of attacks, having a string force is mission critical. Now is the time to start thinking like a bad guy and fight back.
Article by Eric O’Neill, National Security Strategist, Carbon Black.