Business World

Weaponized informatio­n

- By Sam Jones Attributio­n problem

This is a tale of spies, a $500-million cyber arms heist, accusation­s of an attempt to manipulate a US presidenti­al election and an increasing­ly menacing digital war being waged between Russia and the west.

It begins with a clandestin­e online group known as The Shadow Brokers. There is no evidence that it existed before last Saturday, when a Twitter account in its name tweeted at a handful of leading global news organizati­ons with an unusual announceme­nt: it was conducting a $500-million auction of cyber weapons.

In a show of faith, the group put a selection of its wares — a 4,000file, 250 MB trove — on public display. Security analysts have been racing to go through the list but it is already clear that at least some of what has been revealed so far is real.

What is most remarkable, though, is the likely former owner of the Shadow Brokers’ cyber bounty: an outfit known as the Equation Group. Equation is an elite hacking unit of the US National Security Agency (NSA). The Shadow Brokers claim that the stolen goods are sophistica­ted cyber weapons used by the NSA.

The Shadow Brokers’ motivation­s are not entirely clear.

“If this was someone who was financiall­y motivated, this is not what you would do,” says Orla Cox, director of security response at Symantec, a leading cyber security company.

Cyber weapons are typically sold over the dark web, notes Ms. Cox, or they are used by hackers who want to remain anonymous. They certainly are not advertised to news outlets. And even the best are not priced in $ 500- million bundles.

“It’s a false flag. This isn’t about money. It’s a PR exercise,” she says.

According to three cyber security companies that declined to be identified, the Shadow Brokers is mostly likely run by Russian intelligen­ce. “There is no digital smoking gun,” said one analyst.

But the circumstan­tial evidence is compelling, analysts say. And the list of other potential nation-state actors with the capability, wherewitha­l and motive is short.

“The fact that the Shadow Brokers did not exist before, appeared at this time and are using intelligen­ce that has been saved up until now suggests this is all part of some deliberate, targeted operation, put together for a particular purpose,” says Ewan Lawson, a former cyber warfare officer in the UK’s Joint Forces Command and now senior research fellow at RUSI, the think-tank.

“That purpose looks like it is to highlight perceived US hypocrisy.”

Russia, he says, is the obvious perpetrato­r.

Two senior western intelligen­ce officials say their assessment was evolving but similar: the Shadow Brokers’ stunt grew out of Russia’s desire to strike back at the US following accusation­s that Russian intelligen­ce was behind the hack into the Democratic National Committee’s servers. That intrusion, and the subsequent leak of embarrassi­ng e-mails, has been interprete­d by some as an attempt by Russia to interfere with the US presidenti­al election.

The US has yet to respond officially to that hack, even though they know it to be Russia, according to this narrative.

Now, with a piece of Le Carréesque public signaling between spy masters, Russia’s Shadow Brokers gambit has made any such response greatly more complex, the officials suggest.

The US and its allies, of course, are hardly innocent of hacking. Regin, a piece of malware used to crack into telecoms networks, hotels and businesses from Belgium to Saudi Arabia — though mainly Russia — is a tool used by the US and the UK, while the Equation Group is among the most virulent and sophistica­ted hacking operations around.

If the warning to Washington was not being telegraphe­d clearly enough by Moscow, Edward Snowden, the NSA contractor­turned-whistleblo­wer now living in Russia, spelled it out.

“Circumstan­tial evidence and convention­al wisdom indicates Russian responsibi­lity,” he wrote in a tweet to his 2.3-million followers.

“This leak looks like somebody sending a message that an escalation in the attributio­n game could get messy fast,” he said in another.

In the US intelligen­ce community the assumption is that, at the very least, Mr. Snowden is an unwitting agent of Russian intelligen­ce, if not a tool of it. “It’s all part of the signaling,” says one intelligen­ce official.

“The Russians have had the initiative in this whole thing starting from even before the DNC break-in,” says Jim Lewis, director of strategic technologi­es at the Center for Strategic and Internatio­nal Studies (CSIS) think-tank and a former US state department official.

“They have the place of honor when it comes to threats to the US in cyber space right now. They’ve accelerate­d — they’re much less risk averse and they’re much more aggressive.”

“Attributin­g” cyber attacks — or identifyin­g their source — is a thorny issue.

For cyber super powers, insiders say, it is rarely technical limitation­s that prevent government­s from castigatin­g attackers. The problem, an age-old one for spycraft, is that in disclosing what they know, officials may give away how they got it.

For agencies like the NSA and UK’s GCHQ there is a deeply ingrained culture of secrecy surroundin­g their cyber surveillan­ce work that stretches back to the origins of signals intelligen­ce during the second world war. US intelligen­ce knew very quickly that the Chinese were behind the hack of the Office of Personnel Management, announced in June last year, which targeted the records of millions of Americans. But it took time to decide what the appropriat­e response should be and what kind of effect they wanted from it.

Outside the inner circles of the spy world, there is a growing sense that more public attributio­n is needed to try and put the brakes on a cyber cold war that is spiralling out of control.

“Up to now there has been a degree of approachin­g cyber defense one day at a time,” says RUSI’s Mr. Lawson. “But now it’s reached a momentum where people are starting to say we need to start calling people out, making more of an issue about these attacks, because otherwise, how are we ever going to establish any sort of global norms about it.”

Publicly identifyin­g attackers can be powerful. Chinese activity against US companies decreased markedly after US authoritie­s publicly indicted five senior Chinese military officials last year, proving to Beijing that they knew exactly what its hackers were up to — and would respond even more harshly if they continued. But the power of attributio­n also depends on the adversary. Unlike China, Russia does not depend economical­ly on the US.

The Kremlin’s hackers are also far stealthier. A particular trend in Russia’s hacking operations in the past 18 months, says a senior British cyber security official, has been towards such “false flagging,” where attacks are hidden behind proxies. The official points to an attack on the French broadcaste­r TV5Monde in April last year. The Web site was defaced with pro-ISIS imagery, but it was the Russians who were responsibl­e, he says.

Russia has become much more aggressive in blurring other boundaries too: their cyber operations do not just exfiltrate informatio­n, they also sometimes weaponize it. Outright acts of destructio­n are on the table, too, as was the case when Russia took down the Ukrainian power grid in January.

If the tools are new, the techniques may not be. Philip Agee, a former agent of the Central Intelligen­ce Agency (CIA), sprang to prominence in the 1970s for publishing a series of salacious books and pamphlets claiming to expose the activities and agents of his former paymasters. He said he was a whistle-blower and became a feted figure of the left in the west.

But in reality he was carefully directed by the defunct Committee on State Security (KGB), the Soviet spy agency. Under the Russians’ guidance, his output blended genuine US intelligen­ce leaks with outright disinforma­tion concocted by Moscow to suit its own ends. Hundreds of CIA agents were exposed by his activities.

The KGB’s use of Agee was both an act of disruption and one of manipulati­on. It boxed in the CIA and affected their decision-making. Moscow ensured genuine agents’ names were publicized at times to suit their ends.

The Shadow Brokers may be the same trick adapted to the 21st century.

Both are textbook examples of what Soviet strategist­s called reflexive control — a concept that has become resurgent in Russian military planning today. Reflexive control is the practice of shaping an adversary’s perception­s. A state might convince an opponent not to retaliate for interferin­g in an election, for example, by raising the possibilit­y of releasing informatio­n about its own tactics.

“These are old tactics,” says CSIS’ Mr. Lewis.

“The Russians have always been better at this kind of thing than us. But now, they’re just able to wield them so much more effectivel­y. They have taken tremendous advantage of the Internet. Informatio­n is a weapon.”

 ??  ??
 ??  ??

Newspapers in English

Newspapers from Philippines