The motives behind nation state driven cyber attacks

FireEye released a report that describes the unique international and local characteristics of cyber attack campaigns waged by governments worldwide.

“Cyber weapons are being used as an advantage in real-world conflict,” said Kenneth Geers, senior global threat analyst, FireEye. “Regions have their own set of cyber weapons, which they will use to their advantage when it comes to a conflict or to help their allies. The world is at cyber war with attacks in every direction and location. Cyber shots are fired in peacetime for immediate geopolitical ends, as well as to prepare for possible future kinetic attacks. Since attacks are localized and idiosyncratic—understanding the geopolitics of each region can aid in cyber defense.”

“The biggest challenge to deterring, defending against, or retaliating for cyber attacks is the problem of correctly identifying the perpetrator. Ballistic missiles come with return addresses,” said Prof. John Arquilla of the Naval Postgraduate School. “But computer viruses, worms, and denial of service attacks often emanate from behind a veil of anonymity. The best chance to pierce this veil comes with the skillful blending of forensic “back hacking” techniques with deep knowledge of others’ strategic cultures and their geopolitical aims.”

Cyber attacks have already proven themselves as a low-cost, high-payoff way to defend national sovereignty and to project national power. The key characteristics for some of the regions include:

Asia-Pacific. Home to large, bureaucratic hacker groups, such as the “Comment Crew” who pursues targets in high-frequency, brute-force attacks.

Russia/Eastern Europe. These cyber attacks are more technically advanced and highly effective at evading detection.

Middle East. These cybercriminals are dynamic, often using creativity, deception, and social engineering to trick users into compromising their own computers.

United States. The most complex, targeted, and rigorously engineered cyber attack campaigns to date.

In addition, the report speculates factors that could change the world’s cyber security landscape in the near- to medium-term, including:

• Outage of national critical infrastructure that is devastating enough to force threat actors to rethink the power of cyber attacks.
• A cyber arms treaty could stem the use of cyber attacks.
• Privacy concerns from the PRISM could restrain government-sponsored cyber attacks in the U.S. and globally.
• New actors on the cyber stage, most notably—Brazil, Poland, and Taiwan.
• Increased focus on developing evasion methods that bypass detection.

“A cyber attack, viewed outside of its geopolitical context, allows very little legal maneuvering room for the defending state,” Prof. Thomas Wingfield of the Marshall Center. “False flag operations and the very nature of the Internet make tactical attribution a losing game. However, strategic attribution – fusing all sources of intelligence on a potential threat – allows a much higher level of confidence and more options for the decision maker. And strategic attribution begins and ends with geopolitical analysis.”