Research

Governments, Politics & Cyber Warfare

Written by Reflare Research Team | Jul 27, 2016 11:19:00 AM

There are three types of targets in military operations: hard, soft and targets of opportunity. In terms of cyber assignments, the same approach can be used for cyber attacks.

First Published 27th July 2016

Cyber-geopolitics is gaining momentum.

4 min read  |  Reflare Research Team

This week's news has been dominated by the hack of the US Democratic National Convention (DNC) and subsequent leak of emails. In this briefing, we will look at the implications and impact of governmental hacking.

While US media is naming Russian governmental hackers as the most likely suspect, only circumstantial evidence exists. While a motive for Russian intervention in US elections certainly exists, ambiguity is the most important aspect of cyber attacks against governmental actors.

Military operations class targets into hard (bases, embassies, airport interiors) and soft (hospitals, schools, airport exteriors). The same approach can be used for cyber attacks. While US governmental networks certainly qualify as hard targets, the network of the DNC (which is a private organization despite its involvement in politics) does not. Taking over a soft target is a task possible for average civil hackers and trivial for government-backed attackers.

Unfortunately, as the DNC hack exemplifies, information with a critical impact on countries is often stored in such soft-target networks.

To an attacker looking to impact the US election for whatever reason, taking over the DNC network and releasing compromising emails has a very high return on investment. The attack is not overly complex and the reward is great.

At the same time, unless an attack is executed with extreme sloppiness, it is virtually impossible to prove who was the actor behind it. Even in the unlikely event that the hackers themselves can be identified, their sponsors remain unknown. Due to this high return and low risk, similar attacks are very likely to occur with increasing frequency in the future.

Inversely, the anonymous nature of cyber attacks allows the victim to blame an attack on any convenient adversary. For example, while the DNC is pointing to Russia at the moment, the Russian government blamed the US government for the leak resulting in the Panama Papers a few months ago. In both cases, information indirectly damaging to a government was taken from a soft target by unknown means.

In a way, political cyber attacks thus come with their own mitigation strategy of picking and blaming an enemy built in. This doesn't make them less effective but means that the dynamics involved are different from military or terrorist actions where an actor can be more easily identified.

Until now, most politically motivated cyber attacks have been performed by special interest groups. The average attack was carried out with little sophistication and the average target was chosen for emotional reasons rather than to maximize political damage. The usual result of attacks so far has thus usually been a defaced website or destroyed data.

As government actors move into the field and as non-governmental special interest groups gain more experience with cyber attacks we expect to see a move away from emotionally chosen targets and towards targets that maximize the damage to an opponent relative to necessary investment. The DNC hack is merely one of the first attacks of this kind.

Any organization facing threats from government actors or special interest groups is advised to take time and understand where critical information might be stored in soft target networks. This includes the private email of members, document sharing services, instant messaging systems and countless other soft channels through which information potentially damaging to the organization may be transmitted. Efforts should be made to limit critical information to hardened networks and members should be advised to consider any information that might harm the organization as critical.