econintersect.com
       
  

FREE NEWSLETTER: Econintersect sends a nightly newsletter highlighting news events of the day, and providing a summary of new articles posted on the website. Econintersect will not sell or pass your email address to others per our privacy policy. You can cancel this subscription at any time by selecting the unsubscribing link in the footer of each email.



posted on 11 November 2016

The Danger Of Ignoring The "Espionage" In Cyber Espionage

from STRATFOR

-- this post authored by Scott Stewart

This week, I had the honor of delivering a keynote speech for the Global Cyber Security Leaders Conference in Berlin. The city, which decades ago was a hub of Cold War-era espionage, provided the perfect backdrop for my attempt to put its modern cousin - cyber espionage - into context.

One need only glance at the headlines to see that all things cyber are attracting quite a bit of attention these days. From vulnerabilities in the Internet of Things and distributed denial of service attacks to the hack of the Democratic National Committee, it is becoming increasingly clear that digital information is not as secure as it was once thought to be. Because of this, I'd like to share my thoughts on cyber espionage with Stratfor's readers.

One of Many Tools

First, I want to be clear about what I mean when I say "cyber espionage." As I am using it, the term simply refers to any espionage committed against a computer system. So, according to this definition, cyber attacks are just one tool in the espionage toolbox, alongside many other methods of attacking a computer system including human, signal and imagery intelligence. Cyber espionage's close link to these tactics is what sets it apart from more traditional forms of hacking. Hackers certainly use internet searches (open-source intelligence) to plan their attacks, and social engineering (human intelligence) to assist them, but their reliance on other tools of espionage is limited compared with that of the sophisticated state and non-state actors engaged in cyber espionage.

Historically, espionage has evolved to stay at the cutting edge of technology. During World War II, Western mathematicians developed primitive computers to break the codes cranked out by the Nazis' Enigma machine. And over the past few decades, U.S. intelligence agencies have created incredible optics that can be mounted on spy satellites, and lasers that can be bounced off a building's windows to eavesdrop on the conversations being had inside. Breaking into computer systems to gather intelligence, plant disinformation or conduct sabotage is merely another example of the world's intelligence agencies embracing the latest technology as a means of accomplishing their goals.

For one, cyber techniques can be used to increase the efficacy of other espionage tools. If an intelligence service, say, cracked someone's email or social media passwords, or took control of their smartphone or computer with malware, the intelligence gleaned in the process could prove useful in crafting a strategy to recruit that person as a human intelligence agent. Likewise, obtaining a foreign defense contractor's email about the time, date and location of the testing of a weapon with revolutionary technology could give an intelligence agency enough notice to focus its imagery, electronic and other collections platforms on the test site.

Other espionage tools can be used to enhance cyber espionage operations as well. A myopic focus on the "cyber" aspect of cyber espionage can be dangerous. Forgetting that it is also an activity that can involve other forms of espionage encourages too heavy an emphasis on addressing technological vulnerabilities and external threats while ignoring non-technical weaknesses and methods of attack. No doubt, if a target has information that a perpetrator might want, hacking into the computer system it resides on from a remote location can be a convenient way of getting it with a degree of plausible deniability and without risking arrest. Such operations are often far less dangerous - and perhaps quicker - than espionage activities that require the deployment of intelligence operatives inside a foreign country with a hostile security service. That said, if the computer system cannot be accessed from afar, perpetrators are likely to lean on the other espionage tools at their disposal to obtain the information they seek, regardless of the perils and pains it entails.

Complements to Cyber Espionage

And there are many ways they can do it. Open-source intelligence, for example, can help intelligence services to identify the hardware and software a target has bought and used, enabling them to better tailor a hacking attack against it. Likewise, photographs of executives or employees can help to pinpoint which brand of computer, cellphone and other devices they use. Intercepting a target's communications via cellphone or satellite phone, or perhaps running a black-bag job on the building where information is stored, might also prove useful to an operation. But perhaps the most effective tactic is adding an element of human intelligence - recruiting an agent with access to the material or system desired.

Historically, buying cooperation with cold hard cash has been one of the most effective means of recruiting human agents. Though the system's administrator would obviously be the most ideal candidate for recruitment, other types of employees can be invaluable to a cyber espionage operation. Even non-IT workers within a company or organization can agree to download information, inject malware, identify other recruits or provide the details needed to customize spear phishing attacks in exchange for money.

Honey traps, or the use of sexual favors and romantic bonds to gain an agent's cooperation, are a tried and true approach to recruitment as well. The stereotype of the awkward, lonely computer nerd does not apply to most system administrators, but that does not mean that they - or other employees - are not just as vulnerable to honey traps as their government counterparts. In fact, they may even be easier prey, since few employees in the private sector receive security awareness training related to such threats. Men are not the only ones open to sexual or romantic exploitation, either; women can fall victim to honey traps as well.

Intelligence agencies can also leverage family members to gain a target's compliance. The government, for instance, could offer to shower them with benefits, such as admission to a prestigious school or a lucrative job, in exchange for the information it needs. On the other hand, authorities could threaten to withdraw privileges or even imprison family members if a target refuses to cooperate. These techniques can have great persuasive power over the employee or individual subjected to them.

As cyber defenses improve, and as targets become more difficult to penetrate, the people with access to information stored on computer systems will increasingly come to be seen as the weakest link in those systems' security. This will also mean that they are more likely to become targets for recruitment as human intelligence assets. And as we have already identified, the only limitation to eliciting a person's help is the creativity of the intelligence officer seeking it.

A Holistic Solution

Because of the common (if misguided) emphasis on the cyber aspect of cyber espionage - and the wanton disregard for the role of other espionage tools in facilitating cyber attacks - cyber espionage is often considered to be a problem of information security that only technical personnel can address. But in the true sense of the term, cyber espionage is a much broader threat that can emanate from many different sources. Therefore, it must be treated more holistically: Chief information security officers will need the help of chief security officers, human resources, legal counsel and others if they hope to protect the companies and departments in their charge.

Employees will become a crucial part of their employers' defenses, too. Many companies provide training in cybersecurity that includes warnings about hacking methods like phishing and social engineering, but few cover traditional espionage threats and tactics. This frequently leaves the majority of workers ill prepared to guard themselves against such methods. And ultimately, thwarting a sophisticated enemy equipped with a wide array of espionage tools will be possible only with a better informed and more coordinated effort on the entire company's part.

"The Danger of Ignoring the 'Espionage' in Cyber Espionage" is republished with permission of Stratfor.

>>>>> Scroll down to view and make comments <<<<<<

Click here for Historical News Post Listing










Make a Comment

Econintersect wants your comments, data and opinion on the articles posted.  As the internet is a "war zone" of trolls, hackers and spammers - Econintersect must balance its defences against ease of commenting.  We have joined with Livefyre to manage our comment streams.

To comment, using Livefyre just click the "Sign In" button at the top-left corner of the comment box below. You can create a commenting account using your favorite social network such as Twitter, Facebook, Google+, LinkedIn or Open ID - or open a Livefyre account using your email address.



You can also comment using Facebook directly using he comment block below.





Econintersect Contributors


search_box

Print this page or create a PDF file of this page
Print Friendly and PDF


The growing use of ad blocking software is creating a shortfall in covering our fixed expenses. Please consider a donation to Econintersect to allow continuing output of quality and balanced financial and economic news and analysis.


Take a look at what is going on inside of Econintersect.com
Main Home
Analysis Blog
The Problem With Obamacare Is That It Did Little To Reduce Overall Healthcare Spending
Joan Robinson’s Critique of Marginal Utility Theory
News Blog
The Last Bucket Catch
Joe Sixpack's Situation in 3Q2016: The Average Joe Is Better Off
Why Are Some People More Delinquent On Loans Than Others? - Part 1
Gravity Returns To San Francisco Housing Market
Violent Bond Selloff: An Eye-Opening Perspective
Infographic Of The Day: Identity Theft: You Should Be Worried
Early Headlines: Russia Hacked GOP, Trump To Drain Energy 'Swamp'?, New Sec'y Of State Candidate, India IP Shrinks, India Has World's New Largest Solar Plant , China GDP Hides Volatility And More
Most Coup Attempts In Recent Years Have Failed
The Global Cost Of Diabetes
The Universities Churning Out The Most Billionaires
Five Amazing Ways Plants Have Created New Technologies
Where U.S. Weekly Wages Go The Furthest
What We Read Today 09 December 2016
Investing Blog
The New Art Of Utility Investing
Investing,com Weekly Wrap-up 09 December 2016
Opinion Blog
Trickle-down Economics, Trump Edition
Looking At Everything: Trump's $1 Trillion Infrastructure Plan
Precious Metals Blog
Silver Prices Rebounded Today: Where They Are Headed
Live Markets
09Dec2016 Market Close: Wall Street Closes On A New High, Trump Sugar High, Crude Prices Testing Resistance, US Dollar Melts Higher
Amazon Books & More






.... and keep up with economic news using our dynamic economic newspapers with the largest international coverage on the internet
Asia / Pacific
Europe
Middle East / Africa
Americas
USA Government



Crowdfunding ....






























 navigate econintersect.com

Blogs

Analysis Blog
News Blog
Investing Blog
Opinion Blog
Precious Metals Blog
Markets Blog
Video of the Day
Weather

Newspapers

Asia / Pacific
Europe
Middle East / Africa
Americas
USA Government
     

RSS Feeds / Social Media

Combined Econintersect Feed
Google+
Facebook
Twitter
Digg

Free Newsletter

Marketplace - Books & More

Economic Forecast

Content Contribution

Contact

About

  Top Economics Site

Investing.com Contributor TalkMarkets Contributor Finance Blogs Free PageRank Checker Active Search Results Google+

This Web Page by Steven Hansen ---- Copyright 2010 - 2016 Econintersect LLC - all rights reserved