The State and Threat of State-Sponsored Hacking

Though state-sponsored hacking seems like an issue out of a futuristic dystopian fantasy, it has been occurring since before the rise of the internet. However, as time has progressed the scale, size, and severity of these hacks has continued to increase, from simple cases of espionage to hacks targeting nuclear plants. The first instance of state-sponsored hacking can be traced back to the 1980s when individuals broke into computers from, the precursors of the internet, the ARPANET and MILNET. From here, these individuals exfiltrated classified documents and sold them to the KGB. (“The KGB”) Widely regarded as the first instance of state-sponsored hacking, this would be far from the last, as it only showed governments the potential value that hacking could bring to the table. However, it was not until years later that state-sponsored hacking took a new turn with the creation of Stuxnet. This worm –– a type of self-spreading computer malware ­­–– named Stuxnet is the first instance of a digital weapon. As journalist Zetter states in her article examining the use of this malware –– “Stuxnet, as it came to be known, was unlike any other virus or worm that came before. Rather than simply hijacking targeted computers or stealing information from them, it escaped the digital realm to wreak physical destruction on equipment the computers controlled.” (“An Unexpected Look”) Unlike previous instances of hacking for espionage or intellectual property theft, this was the first time that a hack had extended to the physical realm. This is terrifying as nearly all machines nowadays are controlled by computers, from smart refrigerators to nuclear power plants. For many this makes Stuxnet not simply a piece of computer malware but as Zetter explains, “the world's first digital weapon.” (Zetter, “An Unexpected Look”) This is not an exaggeration as though the worm is a digital piece of malware like all others, it was able to damage and destroy physical machines just as any conventional weapon could. Furthermore, these machines were not any everyday objects, but centrifuges designed to refine weapons grade uranium in the once secret Natanz nuclear complex in Iran. Unsurprisingly, Natanz had the highest level of security, however that did not protect it from being compromised –– “Because the computers are air-gapped from the internet, however, they cannot be reached directly by the remote attackers. So the attackers have designed their weapon to spread via infected USB flash drives.” (Zetter) Though this plant had the highest measures of security, state-sponsored hackers were still able to infect the computers controlling the nuclear centrifuges crippling the machines. If they can cause chaos in a facility such as this, what may they be able to do to the network of a school or hospital? From simple espionage to the destruction of secret nuclear centrifuges, it is unclear what the next target of these state-sponsored hackers may be. Although, government-backed hacking is nothing new, it clearly has continued to increase in severity over time. However, what exactly makes state-sponsored hacking such an enticing option for countries and leaders seeking to expand themselves and their countries influence?

         Unlike physical actions where it is easy to discern attribution and countries are quick to provide retaliation, it is not so easy to do so over the digital realm. Questions such as who is responsible may take months to be answered, if they are ever. Therefore, many governments see hacking as low-risk high-reward method to advance their causes. The Democratic People’s Republic of Korea –– henceforth referred to as the DPRK ––, is the perfect example of the mind-set that many leaders and governments view hacking with. Observing the impoverished state of North Korea, one would be surprised to hear that the DPRK has been responsible for some of the costliest and most destructive hacks over recent years. The hack on Sony Pictures, the Bangladesh National Bank, Ku Coin, Axie Infinity, and WannaCry are just a few of the exploits pulled off by the DPRK’s state-sponsored hacking group termed the Lazarus Group. (Park, “The Lazarus Group”) It is clear that this group has been busy as over the course of less than a decade, they have –– “crippled hundreds of thousands if not millions, of computers and stolen up to US$2 billion [sic]” (Park, “The Lazarus Group”) In addition, to the billions of theft carried out by the DPRK, their destructive actions have caused millions if not billions of dollars in damages as well. Though the DPRK is a relatively uninfluential country it can exert a disproportional amount of influence over the digital real, making hacking an enticing option for the DPRK. In addition, unlike nearly every other country that hacks for espionage, destruction, or intellectual property theft; state-sponsored hackers of the DPRK hack for profit. As Park states in a journal article discussion the Lazarus Group –– “[the Lazarus Group] serve the North Korean state, mostly undertaking acts of espionage and hacking financial institutions to fund the heavily sanctioned nation and its nuclear program.” (Park, “The Lazarus Group”) This is an even larger issue in the case of Nork Korea, as the second order impacts the nuclear weapons program of this country. Damage from these hacks is not just limited to the computers they infect but the causes they fund as well. For the DPRK hacking makes perfect sense as it both allows them to fund their state and attack their enemies in one fell swoop; unless action is taken, they have no reason to stop their malicious activates.

Unlike in case of North Korean backed hackers, some governments do not need to take any direct action to project their influence in the digital realm. In some cases, criminal hackers act as proxies for the wills and wishes of their parent government. This is the case in Russia where the government often turns a blind eye so long as hackers do not target domestic organizations –– ‘“As we know, Russia has a long history of ignoring cybercrime within its borders so long as the criminals victimize non-Russians”’ (Barnes, “Russia Influences Hackers”) The unspoken rule seems to be that hacking is ok so long as it is not directed at Russians and Russian interest. This allows the government of Russia to benefit from the actions of these hackers without having to have any direct ties or dealing with them. As Barnes states when examining this near symbiotic relationship –– “Moscow allows…criminal groups to follow their own plans, so long as they do not challenge the Kremlin and are generally working toward…Putin’s goals….  As a result, Russian control of hackers is often looser, giving Mr. Putin and other Russian officials a degree of deniability.” (“Russia Influences Hackers”) In essence, this creates a group of poxy hackers that independently work for the interest of the government without any direct ties, similarly to the case of a proxy war. Though Russia does not directly tell the groups what to do they are aware of their activities and assert influence. Furthermore, criminal hackers benefit from the judicial protections of the Russian government, while the government benefits from adverse impacts these hackers have on the Kremlin’s foes. Though this link is hazy in some cases, in others it is obvious as criminal hacking groups have publicly supported actions such as Russia’s invasion of Ukraine –– ‘“If anybody will decide to organize a cyberattack or any war activities against Russia, we are going to use our all possible resources to strike back at the critical infrastructures of an enemy….”’ (Bing, “Russia-Based”) Clearly, the goals of the Russian government and Russian based cybercriminals align as both parties share very similarly aligned goals, and in some cases these groups view an attack on Russia as an attack on themselves. Though Russia may be able to draw some plausible deniability between themselves and the hackers in their country, it is hazy at best. Whether it be for financial gain or for destabilizing an enemy country, hacking offers an enticing option to many countries. As hacking continues to be the path of least resistance for governments and as their leaders seeking to advance their causes, it will remain a go to in the play book of many countries.

         Though many might see the previously mentioned hacks as “just hacks”, it is important that understand that actions in the digital realm have direct consequence on the physical realm. Currently, the threat and severity of state-sponsored hacking is only increasing, and the consequences are only rising. In addition, as computers play a vital role across all aspects of modern life, all aspects of life stand to be affected by this issue. The largest oil pipeline on the East coast of America, termed the Colonial Pipeline, is responsible for transporting nearly half the gas, diesel, and jet fuel flowing across the side of the country. However, for the first-time last year, the flow of oil stopped. This was not due to any physical, political, environmentalist, or economic reasons, it was due to a state-sponsored hack. The company operating the pipeline was hacked by a criminal group that installed a type of malware called ransomware –– a malware type that locks access to a computer –– on their systems. The criminal group responsible for the hack, “DarkSide, a ransomware gang believed to be operating out of Russia”, is another one of the numerous Russian based hacking groups protected by the Kremlin. (Sanger, “Pipeline”)  Though this hack was not directly carried out by state-sponsored hackers, the outcome is no less severe –– “the company’s decision to turn off the pipeline touched off a series of dominoes including panic buying at the pumps and a quiet fear inside the government that the damage could spread quickly.” (Sanger, “Pipeline”) This shows the damage caused by these hackers even if they are only proxies for the countries, as they can hack and control critical infrastructure. As these hackers are limiting access to critical infrastructure such as gas and electricity, they are a critical threat. The disruptions they cause are not simply inconveniences. Furthermore, these hacks may not always be as mundane as simply preventing access to a computer. Some hacks may damage and destroy physical infrastructure as well. Recently, a group of state-sponsored hackers suspected of working for Israel, were able to break into the systems of a steel plant and cause a damage to the machines inside of the plant. In a video posted by the hackers to twitter, you can see as workers flee from the scene as heavy machinery carrying molten metal sparks, explodes, and catches fire due to the actions of the hackers. (Darande, “#cyberattack) It is amazing that no one was hurt in this incident, as the explosions occurred only moments after the workers move out of the view of the camera filming the attack. It may not be long till we see the first death caused directly from one of these attacks. Action must be taken, though by who and to what extent?

         As the target of state-sponsored hackers rest not only on the public sector but the private sector as well, action must be taken from either side to limit their threats. Hacks such as the one on the Colonial Pipeline also show that just because a company is private does not mean that hacks to it systems do not lead to public disruptions. As stated by Sanger in their article regarding the Colonial Pipeline hack –– “the federal government lacks the authority to require the companies that control more than 80 percent of the nation’s critical infrastructure adopt minimal levels of cybersecurity” (“Pipeline”) It is clear that action is required from companies to combat this issue. Furthermore, the fact that over 80 percent of critical infrastructure is controlled by the private companies shows why companies are not only a target of state-sponsored hackers but likely the largest target. Luckily, there are many easy and cost-effective solutions available now to remediate this problem. This makes it more important that action be taken now to stem this issue before it snowballs out of hand. Governments should implement minimum security practices, enforce security practices, and should also bring the topic of state-sponsored hacking to the diplomatic discussions. Currently there is no minimum-security practices that most government agencies and companies are required to follow. This is the largest source of this problem as the more open governments and companies are to attacks the more, they will be exploited. In addition, preventing hacks is easier than prosecuting them, especially if many can be prevented with few security changes –– “Even the simplest practices such as training to recognize phishing or scam emails and backing up data regularly, could go a long way in protecting the general public.” (Park, “The Lazarus Group”) This practice of protecting rather than punishing is even more important in the case of these hacks as the hackers and agencies carrying out these attacks are protected by their respective governments. In addition, governments should work to enforce that these minimum-security practices are enforced across companies and governments. If governments actively punished organizations with fines for not following best practices it would incentivize these organizations to act before it is too late. Finally, it is important that the discussion of cyberattacks are brought to the attention of politicians. As shown earlier these digital attacks pose a critical threat, so they are not something to be brushed off as all bark and no bite. So long as governments play ignorant to their hacks carried out on one another there can be no international cooperation. It is important that leaders address these hacks for what they are –– attacks. No government would tolerate a physical attack, so why should they tolerate a digital one?

         Though the thought of members of the military, contractors, or other government personal working to hack the agencies and companies of other countries seems like a concept from a fever dream. It is no dream. For decades now, countries have continued to hack and exploit the computers of others for espionage, intellectual property, destruction, and monetary gains. However, the scale and severity of this threat has only been increasing over recent years. As computers have spread into every aspect of life, they have been exploited by these state-sponsored hackers ranging from digital theft to physical destruction. It is past time that both the private and public sector work to mitigate the threat from these attacks. Especially since many of these attacks can be fixed with very easy security practices and implementations. In addition, politicians need to view these matters as a serious threat and need to condemn governments for participating in these actions. Hopefully this happens sooner rather than later as there is no telling what happen next. As the world remains connected, it remains vulnerable.