Rules For State Sponsored Hacking – There Aren’t Any

Hacking is today’s preferred method of espionage. It is easier and far less risky than the old school version of putting a person in the organization and risking their life.

So what is in the news recently.

First, Russian hackers at the FSB, sort of like our FBI – sort of. They are mainly responsible for internal security, counterespionage, organized crime, terrorism and the like. I say sort of because they are hacking research institutions around the world trying to get a leg up on COVID-19 research. After all, it is quicker and cheaper to steal it than to do it.

The UK’s National Cyber Security Centre (NCSC) says that Russia is hacking them As does the UK’s Foreign Secretary. In the U.S., it was left to CISA, part of DHS, to complain. Canada also says the same thing (according to The Register).

Next comes China. Just a few months ago, the FBI accused China of trying to hack corona virus research. They say that the Chinese were looking for vaccine information. Credit: CNet Again, it is cheaper to steal it than to invent it. Both China and Russia have long histories of doing this.

Why is the White House being quiet about this? Maybe ….

In 2018 President Trump signed National Security Presidential Memorandum 13 which, while highly classified, appears to give the CIA pretty much a blank check to hack anyone they want.

We used to have a vetting process for these activities, but now is it completely at the discretion of the CIA.

The CIA claims there are review processes. Maybe so.

The CIA hacked and then released 7.5 terabytes of data on the Russian company SyTech, which was suspected of doing work for the FSB. This included names, photos and phone numbers of suspected Iranian agents.

This seems kind of similar to the release of the Vault 7 group of CIA hacking tools.

Other covert operations include the release of 15 million debit cards from an Iranian bank according to sources.

Obviously, at least we hope, the CIA is targeting our enemies like North Korea and Iran.

But what is the outcome? Have we turned this into a food fight?

Truth is that no one knows.

Maybe it just makes the CIA more agile. That is certainly one possibility.

Report is that while Russia, China, Iran and North Korea were targets of the memo, it was not limited to those countries. Since the memo is classified, we don’t know if that is true or not.

Between 2013 and 2017 the U.S. attempted to negotiate some boundaries for state sponsored cyber attacks, but that, again apparently, didn’t go anywhere and, after all, can you really trust Russia, for example.

I would say that we definitely have the makings of a food fight. But then again, were we always in a food fight except we didn’t have any food.

Russia and China might say that they are not trying to damage our research, unlike our Stuxnet attack on Iran. They are just stealing information – a time honored spy thing, just doing it by hacking rather than breaking in and stealing it. It is more “efficient”.

So the bottom line is that we, they, everyone, have moved into a new form of spying. The French and Israelis, for example, supposedly our allies, have been stealing information from American businesses and business people for decades. Is this anything new really?

There have never been any “norms” for cyber spying and there still are not. There likely won’t be any norms any time soon, so expect the hacking to continue. Credit: ZDNet and The Register.

Leave a Reply

Your email address will not be published.