The New Privateers: Cybercriminals and State Sponsorship
As cybercrime continues to grow in sophistication and scale, security professionals, along with government officials, have sounded the alarm about a disturbing trend. Many of the most sophisticated trends are tied to threat actors linked to foreign governments. Indeed, intelligence experts believe foreign governments sponsor some of these attacks, making them even more difficult to address. A hostile government can provide financing to criminal groups and use its resources to impede efforts to identify and bring the perpetrators to justice.
State Sponsored Cybercrime
In recent years, U.S. intelligence and cybersecurity agencies have linked attacks to countries such as Russia, China, and North Korea. However, definitively proving that a specific cybercrime is, in fact, sanctioned by a foreign government is often difficult given the complex relationships the U.S. has with these countries. Stopping state-sponsored actors then becomes a matter of diplomacy and, potentially, retaliatory cyber warfare, economic sanctions, or even military actions against a foreign country. And the threat of unilateral action may affect other regional diplomatic efforts or impel neighboring countries to weigh in.
For countries sponsoring these actions, the rewards often outweigh the risks. For a relatively minimal investment, these countries, using third-party actors, can test another nation’s cybersecurity defenses, steal intellectual property, enrich themselves, or otherwise engage in cyber espionage. When an attack becomes public, state sponsors can claim ignorance, blame rogue actors, and avoid legal action resulting from any treaty violation or complaints brought before the International Court of Justice. Often a win-win for hostile nations, state-sponsored cybercrime is difficult to deter. Countries on the receiving end of these attacks must weigh and measure response options, as some may escalate hostilities and even lead to direct military conflict.
The threat actors themselves bear a striking resemblance to privateers. Historically, privateers were merchant ships that were granted wartime authority by a sovereign country to attack and seize ships from other countries. The spoils were split between the sovereign nation and the privateer’s crew. By commissioning privately owned ships, sovereign nations could supplement their own naval power and enrich their coffers. And privateers could earn more money through a ship’s capture and sale than they could through conventional means, as well as enjoy the protection of the sovereign nation.
The U.S. Government’s Response
While privateers usually had what was known as a letter of marque – a document that legally authorized them to seize specific ships – the evidentiary chain between a hacker group and a foreign government today is much less explicit. However, despite U.S. intelligence assessments linking state actors to certain cybercrimes, the effects and high profile nature of the Colonial Pipeline, JBS Foods, and Kaseya attacks, among others, have led the U.S. government away from the need for irrefutable evidence of state sponsorship to compel a response directed at a sovereign nation.
Whether harboring or supporting rogue actors, each country is responsible for attacks on U.S. entities originating on its soil, as per the Biden administration. Countries must police their own criminal element or stop sponsoring hackers attacking U.S. businesses, organizations, and government agencies. If they don’t, the U.S. will respond accordingly. They may have already taken action in at least one instance, as shortly after the Kaseya attack, the responsible Russia-linked group REvil had multiple sites taken offline under mysterious circumstances.
Whether the U.S. government – or perhaps the Russian government or even REvil itself was responsible, only time will tell whether this more muscular approach will deter states from sponsoring cybercrime or cybercriminal actors themselves from perpetrating it. In the meantime, businesses, organizations, and governments of all sizes and industries face ever more intricate attacks that, when successful, can prove catastrophic. Despite years of warnings from cybersecurity professionals and an explosion of cybercrime during the pandemic, many businesses, organizations, and local governments remain vulnerable given underinvestment in cybersecurity resources, deficits of in-house experts, and gaps in employee cyber awareness.
If you’re unsure how secure your business or organization is, we can help. Alvarez Technology Group provides comprehensive cybersecurity assessments, helps you develop enterprise-wide plans encompassing the technical and human aspects of cyber defense, and helps you implement those plans with our expert personnel and the latest technology. Contact us today, and let’s work together to keep your operations secure.