A New Economic Threat: State - Sponsored Hacking

The biggest threat to many nations today world does not come from direct armed conflicts, but from infiltration into the seemingly secure treasures of digitized content that can lead to either stealing and/or sabotaging vital information, as well as illicit and unauthorized control of confidential and sensitive data and systems.

It's easy to tap on your mobile phone and transact hard-earned money. But the consequences of losing money and access to your account with your personal data compromised are of much higher if your device is not secure. Mobile portable maps, GPS systems, and satellite phones have helped individuals, but the same technology in the hands of extremists has aided them in successfully carrying out damage to life, economy, and property of devastating magnitude. The movie “Die Hard 4.0 (Live free or Die Hard)” offers a Hollywood-esque demonstration of how an all-out hacking attack - carried across broadcasting and communication channels, security systems, financial systems, traffic controlling systems, and even breaking into systems to issue incorrect orders of attack to government fighter planes – can jeopardize an entire nation.

Hacking attempts by individual or groups who aim to steal/sabotage individual or business information is quite common. The consequences may be limited and may not be of high magnitude. However, if similar hacking attempts are carried out by government authorities, the effects can be immense and dangerous. The recent news of allegations that North Korea conducted a state-sponsored hacking attack into network of Sony Pictures (part of Sony Corp [SNE]) prior to the cinematic release of “The Interview” had many consequences:

• A large amount of confidential information residing on Sony network was compromised.
• Sony Pictures had to reportedly delay the release of the movie.
• Internet outage followed in North Korea, with North Korea alleging that this was conducted by the US.
• More sanctions were imposed on North Korea by the US.
• There was a further deterioration of relations between the two nations.

Above are examples of how situation can worsen when state-level participants, backed with strong military power, are involved in or even accused of such cyber conflicts. Apart from strained relations between nations and threats to global peace, state-sponsored cyber attacks can have devastating impacts on multiple industries and businesses. (Related: How North Korean Economy Works?) A few of the industry sectors discussed below (like transport) may sound too trivial to be the primary targets of state-sponsored hacking and espionage, but they serve as important initial channels leading to vital information.

Information Technology

IT is where the world resides (at least virtually). With all data getting digitized and more storage in "the cloud," the obvious targets for accessing personal information, as well as crippling the online world by blocking access, are IT businesses, including e-commerce, Internet, software, and even hardware companies.

What initially appeared to be a simple hacking attack on Internet giant Google Inc.’s  services to get individual account information was discovered to be much, much more. The attack by Chinese hackers in 2010 on Google servers was aimed at gaining “access to a sensitive database with years’ worth of information about US surveillance targets.” Though Google was the main target, further reports suggest that it was carried out on a much wider scale, impacting more than 34 companies, including IT majors like Yahoo! Inc. (YHOO), Symantec Corp. (SYMC), and Adobe Systems, Inc. (ADBE).

Energy and Utilities

May 2014 saw the indictment of five Chinese military hackers, allegedly backed by Chinese authorities, for cyber attacks and espionage charges involving the US nuclear power, metals, and solar products industries and businesses such as Westinghouse Electric and the US units of SolarWorld AG. The hacking attempts carried out between 2006 and 2014 were aimed at stealing trade secrets, sensitive information, and confidential product documents in order to give Chinese counterparts an unfair advantage over their US competitors.

The Eastern European group “The Dragonfly” has reportedly hacked into energy companies in Europe and the US since 2011, which could affect energy supplies across various product segments of petroleum, gas, and crude oil in countries like the US, Germany, Spain, France, Italy, Poland, and Turkey. Security firm Symantec mentions that the campaign “bears the hallmarks of a state-sponsored operation.”

Media

Media houses are among the prime targets for any state-sponsored attack. A few recent examples include:

• The hacker group known as the Syrian Electronic Army, known to be allied to Syrian President Bashar al-Assad, managed to hack The New York Times (NYT), CNN, The Washington Post, and Time Magazine between 2011 and 2013.
• Sony Pictures network was recently hacked, allegedly by the North Korean-sponsored hacking group “Guardians of Peace,” who additionally threatened to target the actors and executives, along with warnings of a 9/11-style attack on Sony establishments.

Finance

Stealing financial data for monetary gains may be targeted at individuals. But there are larger repercussions of crippling a nation’s economy if financial information is compromised, which makes financial sector as one of the commonly targeted sector by hackers backed by nation states.

In August 2014, JP Morgan Chase & Co. (JPM) and nine other large financial organizations suffered a major breach due to a cyber attack that compromised information from 83 million accounts from JP Morgan alone. The attacks were reportedly carried out by a Russian group of hackers associated with Russian state officials. The primary intention was to gain access to financial data. 

Defense

The defense sector and business firms associated with them such as suppliers and contractors are high on the list of targets of state-sponsored hackers. Motives involve stealing technology and gaining information on existing and upcoming defense systems and equipment, trade secrets, military projects, and research programs.

A Chinese national, working with his accomplices in China, was indicted by a Los Angeles jury in August 2014 for stealing trade secrets from US defense contractors and from companies like Boeing Co. (BA).

The Iran-based “Ajax” group is reported to be carrying out hacking attempts like “Operation Saffron Rose,” aimed at gaining information about the US defense industry (as well as on Iranian dissidents).

“Hidden Lynx” and “Axiom,” based in China, are known to target high-profile secure establishments belonging to defense companies based in the US, the UK, South Korea, and Taiwan.

Transportation

The US armed services identified at least 50 successful intrusions into the transport contractor networks between June 2012 and May 2013. Of these, 20 were identified to be “advanced persistent threat usually associated with foreign governments” attributed to China. The primary target does not matter, what matters are the channel and the end target. The US Transportation Command (TRANSCOM) plays a vital role in sustainment, mobilization, and deployment operations, and private companies and contractors contribute in associated functions. The hacking attempts on the network of these external associates were aimed at stealing intellectual property, as well as gathering intelligence for future exploitation.

Airline Industry

The state-sponsored “Tarh Andishan” group of Iran has reportedly been successful in getting access to security systems at airports in Pakistan, Saudi Arabia, and South Korea. Airlines in the US, United Arab Emirates, South Korea, Pakistan, and Qatar are reportedly compromised. Additionally, the group managed to break into the “systems of companies in the aerospace industry in Israel and China”. These hacks have led to grave concerns about the security of the airline industry in the long run, as well as about the data and control systems.