The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics

This book talks about the geopolitics surround hacking and nation state motivations. Its really interesting because you get to understand some of the mindsets and motivations a state, or an activist group has when performing a cyber attack against another entity.

The book neatly segregates the motivations into 3 sections: Shaping, Signaling and

Shaping

Shaping is the process of engaging in acts of Espionage, Destabilization and Sabotage to mold the geopolitical environment more to their liking or favor.

Espionage

Espionage is the act of gather information and intelligence that would allow the actor to gain unfair knowledge advantage, so as to allow them to make informed decisions. These pieces of information can either be factual data, or intent and motivations of the other party. In knowing, it not only eliminates a lot of risk and guesswork, but also allow the actor to control the situation through deliberate actions.

A large part of current espionage occurs through the mass collection and surveillance of data from high volume entities such as Telcos and Internet sites like Google and Facebook. This is a shift from the older days pre-internet boom, where collection happens through piece meal opportunistic events.

This is where geopolitics also plays a role, where the flow of internet data around the world is not evenly distributed, and there are certain chokepoints in which most of the traffic travels to, before propagating to the destination. Nations where these chokepoints exists in will have an advantage when it comes to mass collection of data.

“Trusted” security companies can also be compromised, or willingly partnered with state actors to introduce backdoors within their products and services. This effectively blocks out any other attackers excepted the partnered actors, giving them a homefield advantage.

Sabotage

Events like STUXNET, Ransomeware and CII damages are considered sabotage, where the attack cripples the victim in someway, either digitally or physically.

Sabotage events are meant to inflict damage to the victim, with the most common one being the deletion of data, and the most devastating one being destroying physical infrastructure, as in STUXTNET.

Sabotage can occur when the actor wants to coerce the victim into action. One example was the North Korean hack on Sony, when they released a movie that mocked their leader. In an attempted to deter Sony from releasing the movie, the hackers infiltrated the company, and wrecked havoc through data leakage and data destruction.

Destabilization

Destabilization as the name suggests, aims to destabilize a nation through cyber means. This can involve crippling a country by hacking their CII, such as healthcare, financial institutes or power. It can also include hacking the nations own hackers, such as when the Shadow Brokers stole the tools of the NSA, and publicized them. This essentially rendered most of the capabilities and tradecrafts privy only to the NSA useless. One such tool that was eventually used in actual public attacks was EternalBlue, which is an SMB exploit.

There are many well known examples of destabilizing events that occurred even in the recent history, with the most obvious act of destabilization being cyber interference with elections, and exacerbating and exploiting current social divides through cyber means.

These acts of Shaping shows that cyber attacks does not limit it’s damage and effects only digitally, but is able to manifest itself into the physical realm, disrupting social fabrics.

Signaling

Signaling, which is an inferior method, tries to deter attackers by showing strength of their cyber capabilities. This does not work in the cyber realm compared to the physical one, where nations signal through show of assets such as tanks and missiles which tell of the potentially disastrous consequence of retaliation.

Cyber signals are extremely weak, due to the fact that their modus operandi typically involves elements of stealth and obfuscation. As such, the signals sent are either unclear, or undecipherable.

Performing cyber signaling conversely reduces the cyber strength and advantage of the actor, because it reveals the capabilities they possess, which the potential victim can then take appropriate steps to defend themselves. This is like a thief announcing to the homeowner that he knows the windows are not locked, and he can break in, to which the logical step the homeowner would take is to double lock the windows.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s