The former chief of the NSA’s elite Tailored Access Operations Unit told DEF CON attendees who the top culprits for Nation State attacks are, and the results won’t surprise you at all. Except that he left the US off the list…
Every year, hackers from all around the world come to DEF CON to learn, meet like-minded people, and break things (for good reasons). This year was no difference, and the con got off on a serious note.
At one of the first talks of the conference, lines spread down the hall and around corners— the infamous line-con had already begun. So naturally, I lined up to see what all the fuss was about. As it turned out, the NSA was about to tell DEF CON attendees who the top nation-state actors carrying out cyberattacks were.
“NSA Talks Cybersecurity”
In his talk, frankly titled “NSA Talks Cybersecurity,” NSA Senior Advisor for Cybersecurity Rob Joyce laid bare the state of nation-state hacking in 2018. And he would know—Joyce is the former head of the NSA’s Tailored Access Operations (TAO) unit, which is responsible for developing the tools, and techniques used to exploit computers for the NSA. Yes, that’s the very same TAO that developed (and lost) the ETERNAL exploits used in the infamous WannaCry attacks and many more. More on that later.
As it turns out, when the NSA talks, they have quite a bit to say. And Joyce didn’t hold back in identifying the Nations he sees as the primary actors when it comes to nation state actor hacks and attacks, as well as what the NSA sees as their primary motives and modus operandi.
Russian election hacking came up, but there’s more to it than that. RU listening?
The threat of Russian election hacking was probably top-of-mind for many members of Joyce’s audience—I know it was for me. Especially considering the Voting Machine Hacking Village going on right downstairs. And, unsurprisingly, Joyce identified Russia as the number one perp for nation-state attacks.
Joyce did touch on the Russian hacking (social engineering?) of the 2016 US elections, and the ongoing investigations into those issues, as well as Russian efforts to hack the 2018 midterm elections. However, to be honest, that all seems pretty par for the course. According to Joyce, Russian efforts to hack the US and other global adversaries go much deeper than influence campaigns. Joyce claimed that Russians routinely attempt to penetrate all types of key US networks—from government to critical infrastructure. And they’ve been successful in the past. Joyce went on to say that the US has to be diligent in resisting Russian attacks, as Russian hacking groups, such as Fancy Bear, are well organized and persistent.
Chinese hackers love American intellectual property
Unlike the Russians, Chinese attacks have declined a bit in recent years, or at least attacks targeting America have. But the Chinese generally take a different approach from the Russians—they’re more interested in industry secrets and intellectual property, which they use to give their own burgeoning industrial sector a leg up in the global markets. This kind of activity has been an open secret for years, and became a topic of public discussion in the last five years, with both President Obama and President Trump calling out the Chinese for their misdeeds. Obama even went as far as signing a sort of non-aggression hacking pact with the Chinese, which Trump appears to be sticking to.
Of course, that’s not to say that Chinese hackers are only interested in trade secrets, they’ve also participated in their fair share of nation-state espionage. Most notably, it was Chinese hackers who were responsible for the 2015 breach of the US Office of Personnel Management, which resulted in the theft of personal identifiable information of approximately 21.5 million people, mostly government employees. Joyce said that this sort of behavior has tapered off in recent years, but may return if US-China relations worsen.
Iran aims its hackers at regional targets
Iran has been a player in international hacking since ‘Dubya named them in his “Axis of Evil,” so it’s no surprise that Joyce named them as number three on his “hacksis of evil.” Ok, sorry about that one.
While Iran has, in the past, made serious attempts at hacking US personnel and critical infrastructure, these attacks have been trending down for years, according to Joyce. This is likely to due to an increased focus on regional concerns, as the Islamic Republic struggles for regional dominance against rivals in Saudi Arabia and Israel.
North Korea hacks for quick cash
The fourth in final entry in Joyce’s list is another one from the old axis of evil: North Korea. While North Korea isn’t exactly a technologically advanced country, and many of its residents live in abject poverty, with little training on computers, let alone access to them, the country does benefit from a robust training program dedicated into molding bright young minds into skilled hackers. What it puts those hackers up to is unique, compared to other nation states: North Korean hackers, it seems, are primarily concerned with making money.
In fact, North Korea has been known to set up camps of hundreds of hackers and programmers in China, where they work around the clock to earn money for the financially-strapped nation. Primarily, this is done via ransomware and coin mining operations. North Korea is a prime suspect for the launch of the WannaCry ransomware, which shut down millions of systems worldwide but netted less than $100,000 in income.
Profit isn’t the only motive for North Korean hackers, though. They’ve also targeted regional rivals, and been put to use for their leader’s petty revenges, such as the 2014 hack of Sony Entertainment.
What about the good ‘ole U-S of A?
Throughout Joyce’s talk, I found myself nagged by a persistent though: what about us? What about US? Of course, a spokesman for the NSA isn’t about to go around bragging about the US’s prowess in hacking its global rivals, or reveal any such specifics, but it doesn’t feel right to write up this article without acknowledging the role that Uncle Sam plays in all of this. After all, it was the US that developed Stuxnet to cripple Iran’s nuclear program, and Joyce’s own TAO unit which developed the ETERNAL bugs used to terrific effect in multiple strains of malware, including WannaCry, Petya, and NotPetya. So yes, the US is just as guilty of hacking as any other nation on this list, and if I had to put America on the list, I’d wager we’d be up there with Russia, but of course, Joyce can’t say that.