The US is unmasking Russian hackers faster than ever

When the APT1 report was published, the document was very detailed, even highlighting a cyber espionage group of the People’s Liberation Army of China known as Unit 61398. A year later, the U.S. Department of Justice actually supported the report when it accused five officers of the Intelligence Unit. American companies.

“The APT1 report has fundamentally changed the calculation of the benefits and risks of attackers,” said Tim Steffens, a German cyber-espionage researcher and author of the book. Attribution of extended ongoing threats.

“Prior to this report, cyber operations were considered virtually risk-free tools,” he said. The report not only puts forward hypotheses but also clearly and transparently documented methods of analysis and data sources. It was clear that this was not a one-time happy discovery, but that the trade could be used for other operations and attacks. “

The consequences of the headline news were far-reaching. There has been a wave of such additions, and the United States has accused China of systematic mass theft. As a result, cybersecurity was a central part of Chinese President Xi Jinping’s visit to the United States in 2015.

“Prior to the APT1 report, the attribution was an elephant in a room that no one dared mention,” Steffens said. “In my opinion, it was not only a technical breakthrough, but also a bold achievement of the authors and their leaders – to take the last step and publish the results.”

This is the last step that was lacking, as intelligence officers are now well versed in the technical part. To attribute the cyberattack, intelligence analysts look at a number of data, including malware used by hackers, infrastructure or computers they organized to carry out the attack, intelligence and intercepted communications, and the issue of with good (who wins?) – geopolitical analysis of the strategic motivation of the attacks.

The more data you can study, the easier it becomes to attribute as patterns emerge. Even the best hackers in the world make mistakes, leave behind clues and reuse old tools to help do things. An arms race continues between analysts coming up with new ways to expose hackers and hackers trying to hide their tracks.

But the speed with which the Russian attack was attributed showed that previous delays in the names were not simply due to a lack of data or evidence. It was about politics.

“It comes down to political will,” said Wilde, who worked at the White House until 2019. – This requires strong leadership at every level. My interactions with [Anne Neuberger] made me believe that she is one of those people who can turn mountains and cut through red tape if it is necessary to foretell the result. That’s what she is. “

Wilde argues that a potential Russian invasion of Ukraine that threatens hundreds of thousands of lives is prompting the White House to act more quickly.

“The administration seems to be convinced that the best defense is a good preemptive attack to anticipate these narratives by ‘pre-covering’ them and instilling an international audience, whether it’s cyber-invasion or false flags and false excuses,” Wilde said.

Public attribution can have a very real impact on opponents ’cyber strategy. This can signal that they are being monitored and understood, and can cause costs if operations are detected and tools need to be burned to start anew. It can also trigger political actions such as sanctions that go against the bank accounts of the culprits.

Equally important, Gavin argues, is a signal to the public that the government is closely monitoring malicious cyber activities and working to eliminate them.

“It creates a gap of trust, especially with the Russians and the Chinese,” he said. “They can confuse anything they want, but the US government is putting it all out for public consumption – a judicial record of their time and effort.”

Leave a Comment