• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

FBI seizes 20 BTC from Chaos Ransomware affiliate targeting Texas firms

 | 

Critical SAP flaw exploited to launch Auto-Color Malware attack on U.S. company

 | 

Orange reports major cyberattack, warns of service disruptions

 | 

Hackers leak images and comments from women dating safety app Tea

 | 

Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights

 | 

Seychelles Commercial Bank Reported Cybersecurity Incident

 | 

Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data

 | 

U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog

 | 

Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

 | 

Scattered Spider targets VMware ESXi in using social engineering

 | 

China-linked group Fire Ant exploits VMware and F5 flaws since early 2025

 | 

Allianz Life data breach exposed the data of most of its 1.4M customers

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

 | 

Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

 | 

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber warfare
  • Security
  • Nation state sponsored attacks: the offensive of Governments in cyberspace

Nation state sponsored attacks: the offensive of Governments in cyberspace

Pierluigi Paganini November 12, 2012

Article published on The Malta Indipendent on October 11th 2012

Pierluigi Paganini,

David Pace,

Publishers of mainstream ICT news are ablaze with articles on the evolution of the “Flame” malware targeting the Middle East region for cyber espionage purposes, and new menaces such as Gauss or Shamoon.  No longer the province of deviant black-hat hackers or transnational organised crime groups, malware is now being actively developed and deployed by Nation States.

Governments publicly claiming to be champions of liberty and civil rights, and Governments accused by the same of being oppressive regimes, are throwing buckets of their respective tax-payers money into aggressively developing similar “offensive” signal intelligence and cyber war capabilities to monitor, infiltrate, analyze, deceive, subvert, and to destroy in the name of “defence” (National Interest).

Governments like Iran, the U.S., North Korea, Russia, the UK, and China are all making large investments into developing general-purpose offensive capabilities that can be used in war and for law enforcement purpose.   In fact, estimates indicate that more that 140 states all over the world are working on creating cyber weapons.   Governments, like Australia, are considering use of many of these offensive cyber techniques as part of their day-to-day civilian law enforcement activities.

Governments assert that our personal security can only be assured by those in positions of privileged authority (having the capability) to aim kinetic and non-kinetic weapons at every human on earth, including at you and your children.

Within this context, a classic feature of military doctrine is to protect and disguise, the true and total extent of national capabilities in areas related directly to the conduct of security-related activities.  This doctrine is now leaking into civilian legal systems.  Governments are increasingly asserting that they require less (inadequate) oversight by the civilian community, in order to ensure their ability to threaten violence against civilians, to ensure our individual and collective security…

It is hardly surprisingly in this anarchistic international system of control, through the threat of violence, that mainstream articles in the popular media abound on claims and counter-claims of various cyber operations conducted by nation state sponsored hackers to infiltrate other nation state (and civilian) networks  for cyber espionage or cyber offensive purposes.   Unfortunately, there is plenty of credible data to back up these accusations.

In 2010, William J. Lynn, U.S. Deputy Secretary of Defense, states that:  “as a doctrinal matter, the Pentagon has formally recognized cyberspace as a new domain in warfare . . . [which] has become just as critical to military operations as land, sea, air, and space.”

Stated differently, the Internet, just like your school and corner shop, is an exciting new domain in warfare.   And they are putting our collective money where their mouth is.   In 2010-2011, the United States spent  $80 BILLION  on signals intelligence (spying activities), of which  $53.1 BILLION  was spent on NON-military intelligence programmes.   Last financial year (2011-2012), the US spent another  $75 BILLION on spying.   This spending includes investments like the USD  $2 BILLION  U.S. National Security Agency  Data Center being built in Utah (code-breaking, 100+ year data-storage).  Building on these solid foundations, the U.S. is now increasingly focusing on the full exploitation of cyber vulnerabilities.

 

The most public U.S. cyber-war projects are:  Plan X, a DARPA project for the development cyber warfare technologies that reputable sources claim seeks to track exploitable vulnerabilities of every (civilian, commercial, …) device connected to the Internet, and ACT (Agile Cyber Technologies), a project developed by Air Force Research Laboratory (AFRL).

In 2009, U.S. National Journal published an article asserting that U.S. Forces employed cyber-warfare in Iraq in 2003.   In 2012 we now have official statements from Marine Lieutenant General  Richard P. Mills  who declared that the U.S. military has been launching cyber attacks against its opponents in Afghanistan.  This senior officer explained, that the U.S. considers oversight of cyber space as highly strategic, giving great importance to the study and implementation of new cyber weapons as the new *way to fight*.  Mills declared:

“I can tell you that as a commander in Afghanistan in the year 2010, I was able to use my cyber operations against my adversary with great impact,” … “I was able to get inside his nets, infect his command-and-control, and in fact defend myself against his almost constant incursions to get inside my wire, to affect my operations.”

Not surprisingly, the Pentagon spokesman Lt. Col. Damien Pickart refused to give more information on  Mills’s statements, claiming reasons of security:

“we do not provide specific information regarding our intentions, plans, capabilities or operations.”  In short, don’t ask us to be accountable to you civilians for the means we use to protect you.

But this raises the question, why a high-ranking U.S. officer made these public revelations in the first place? 

Between 1970 and 2000, individuals and organizations concerned with protecting their personal privacy and corporate secrets were engaged in heated discussions with governments around the world for the response-ability to employ high assurance security techniques and technologies to safeguard their legitimate interests, and those of their stakeholders.  Most Governments refused this ability to their civilian population, in the name of National Security, preventing them from building genuinely secure systems, leading to today’s “insecure” ICT ecosystem.

With so many Governments now investing in cyber warfare, and with our Government and Civilian cyber systems so insecure, it’s easy to understand the strategic importance of a sound cyber strategy.

Intelligence agencies and police forces have risen to the challenge, calling for greater surveillance capabilities to identify people online and monitor all communications activity (which could potentially include cyber-attacks or criminal activities).  However, for surveillance technologies to be cost effective, today’s ICT systems have to transmit data in the clear and/or be insecure in practice.   Furthermore, for “defensive” cyber-ATTACKS by authorities to work, our ICT systems must have exploitable security flaws in their implementation.  In short, for these Agencies to defend our vulnerable ICT systems based on this strategy, they would require our ICT systems to remain insecure and vulnerable to surveillance and exploitation…  The formula being:

“For greater security engage in deeper privacy invasion, accelerate sharing of intelligence, and ensure all civilian ICT systems are/remain insecure, so we can employ more surveillance and cyber attacks in the name of your defence…”

However this is an outright flawed formula due to the cyber attribution problem. As the UK Cyber Strategy states: “with the borderless and anonymous nature of the internet, precise attribution is often difficult and the distinction between adversaries is increasingly blurred.”  For example, in September 2012, Estonia’s State Prosecutor’s Office announced that it was bringing the investigation of the country’s 2007 cyber attack to a close.  The decision to shut down the investigation came after prosecutors failed to pin down the IP addresses, and computers used, during the digital barrage in April and May 2007.  In short, the Estonian Government could not find out who the attacker was.

So, how can anybody distinguish between a state-sponsored attack, and an attack by mere cyber criminals who are opportunistically exploiting the weaknesses in our systems that Governments allow?

Unfortunately, due to this cyber attribution problem, it is very hard to distinguish state-sponsored attacks from opportunistic cyber criminal offensives.   “Good” and “Bad” Governments, and cyber-criminals all use similar techniques, and exploit the same vulnerabilities.  According to the results of a study by Leyla Bilge and Tudor Dumitras from Symantec Research Labs, titled: “Before We Knew It … An Empirical Study of Zero-Day Attacks In The Real World”, a zero-day attack has an average duration of 312 days, and once publicly disclosed, increases of 5 orders of magnitude of the volume of attacks can be observed.  The experts explained how knowledge of this type of vulnerability gives governments, hackers and cyber criminals “a free pass” to exploit every target whilst remaining undetected.

While today’s statistics appear to indicate that the majority of cyber attacks seem connected to hacktivism and cybercrime activities, this is arguably because a) many Nation States are relatively new entrants, b) only a few attacks are indisputably state sponsored.  e.g. How many white-collar criminals spend their days dreaming up the destruction of centrifugal systems in Iran?

Phil Lin, director of product marketing at FireEye, noted:

“Cybercriminals from one country can easily set up ‘command and control (C&C)’ servers used to store exfiltrated data in a different country leading to incorrect attribution of the nationality of the threat actors, not to mention their ultimate nation-state ties.”   Furthermore, according to UK Cyber Strategy: “Some states regard cyberspace as providing a way to commit hostile acts ‘deniably’.”

The fact is:  Cyber War is increasingly indistinguishable from Cyber Crime.

According to Scott Camil, a former sergeant in the U.S. Marine Corps who served four years in Vietnam (his decorations include two Purple Hearts, a Combat Action Ribbon, two Presidential Unit Citations and Good Conduct Medal): “The No.1 War crime is starting a war, because all other war crimes emanate from that first crime.”  In like spirit, it can be argued that the decision to develop and maintain the capability for engaging in cyber war is the first crime, engaging in cyber war being the second.

In the short term, the number of cyber operations is expected to have rapid growth.  It is “extremely unlikely” that, in the absence of international regulation in cyber warfare, a country will openly admit sponsoring operations.

It is essential that Governments all over the world begin working on the definition of an international cyber regulation, because in absence of strict rules and limitations, technical capabilities of the states will evolve in an unpredictable manner and it will become impossible to qualify the nature of malicious code and to discover the identity of its creators, resulting in serious negative consequences to the stability and well being of the global community.

Likewise, as cyber attacks rely on the existence of exploitable cyber vulnerabilities, Are Governments going to continue investing in the ability to inflict pain, or will they invest in advancing the collective protection of the global community by promoting and ensuring civilian ICT systems are actually secure in practice?

 

About the Authors:

Pierluigi Paganini,  Deep web expert and Security Specialist CISO Bit4ID Srl, a CEH Certified Ethical Hacker, EC Council and Founder of Security Affairs ( securityaffairs.co ). Pierluigi Paganini is a co-author (with Richard Amores) of the book – “The Deep Dark Web: The hidden world”.

David Pace is a freelance IT Consultant. www.paceit.net/  pace@paceit.net  +356 7963 0221.


facebook linkedin twitter

cyber espionage cyber war cyber weapons cyberspace Flame Middle East Plan X Shamoon state-sponsored attacks zero day attacks

you might also like

Pierluigi Paganini July 29, 2025
Orange reports major cyberattack, warns of service disruptions
Read more
Pierluigi Paganini July 29, 2025
Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    FBI seizes 20 BTC from Chaos Ransomware affiliate targeting Texas firms

    Cyber Crime / July 30, 2025

    Critical SAP flaw exploited to launch Auto-Color Malware attack on U.S. company

    Malware / July 30, 2025

    Orange reports major cyberattack, warns of service disruptions

    Security / July 29, 2025

    Hackers leak images and comments from women dating safety app Tea

    Data Breach / July 29, 2025

    Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights

    Hacktivism / July 29, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT