What do you think of when you imagine the world of espionage? If it is undercover agents trying to recruit a mole or cracking safes to steal sensitive information, then you’ve probably been watching too many outdated films. The game has certainly changed.
When I was working for the F.B.I., I had to go undercover to catch double agent, Robert Hanssen. Essentially, I was acting as a spy hunter. I had to gain his trust, get under his skin, learn what made him tick and work out where his weaknesses were. At the time, emotions were running high; this was a guy who was taking secrets to the enemy,– so it was a tough environment to keep your cool. Above all else, you need patience to catch a spy.
The key elements to espionage and combating it remain the same; the bad guys are still after data and it’s the good guys’ job to catch them. However, the contemporary battle is fought with keyboards and software rather than dead-drops and balaclavas.
As technology has become more sophisticated, the battlefield has increasingly shifted from the physical to the digital. With cyber war now being fought on a global scale, there is more onus on security than ever, and too many organizations are not taking the threat as seriously as they should.
We aren’t talking about simply accessing an organization’s sensitive data any more, but literally shutting down cities, or even a nation’s critical infrastructure. The scope of the threat is only likely to grow as we continue down the path of digitalization. It is no longer enough to defend and react if you are breached. Taking a ‘bad-guy’ approach is a massive step forward when tackling your attackers in the world of cyber-espionage.
Where are the Threats Coming From?
The first step toward this is understanding where threats are coming from. When cyber crime first hit the scene, we initially saw stand-alone criminals working toward their own, personal agendas. Those days are over, and nation-states have wised up to the potential benefits of digital warfare and cyber-espionage.
Many countries are now actively recruiting hackers, and we see examples of this every day – from China’s army of hackers, to Ukraine’s power grid being taken down by Russian cyber spies and speculation that Russia is attempting to influence the 2016 U.S. election.
I have no doubt that the U.K. and U.S. employ such tactics as well – Edward Snowden,before the whistle-blowing days, comes to mind. For the hackers involved, the resources available as a result of state-backing are an incredibly attractive draw, providing an injection of equipment and cash that enables them to evolve their techniques rapidly.
Understanding the source can give you a much better chance of discovering the motive. The reason a state-actor is attacking you might be entirely different from someone operating on their own accord. These reasons can range from trying to gain a competitive advantage, to disrupting a system or location – as with the Ukrainian power grid hack mentioned earlier. The motive of an attack can often tell you a lot about the method, and vice-versa. Hence, if you know the method, you can understand the target, and if you know the target you may have a better grasp of the method most likely to be used to infiltrate it.
When looking for the motive, you must be able to think like a hacker. Catching criminals doesn’t happen by accident, and putting yourself in their shoes enables you to get a clearer picture of what their movements may be. Putting this into practice is imperative, not only in the aftermath of a breach, but in protecting yourself from one in the first place. If you can get into the mind-set of a hacker, you can actively seek out your own vulnerabilities, understand what tactics might be used to gain entry, and what data can be accessed using those methods.
In contemporary society, the methods have grown concurrently to the technology. Techniques such as ‘spear phishing,’ have benefited hugely from the advent of social media. Platforms such as LinkedIn have given cyber-spies an ability to stalk employees online and learn enough about them to make a convincing approach and recruit them as an unwitting mole in their organisation. Taking advantage of the naivety of human actors and the vulnerabilities that employees pose to their organisation’s security is becoming common place in cyber-espionage.
Having knowledge of the potential techniques that a hacker might use can provide an invaluable weapon when fighting back against cyber criminals. A near constant gathering of information is the key to success here. You must have as many external sensors as you can, and participate in a vocal community that is sharing information.
Effectively, you are putting as many eyes and ears out there as you can – creating blanket surveillance of your systems and vulnerabilities – like covert agents. This visibility makes it easier to see attacks coming, and where your enemies will look to strike. You can then put up as many trip wires around these areas as possible. Hackers are constantly looking for the shortest and easiest route to the ground, and consistently being able to increase this distance is a sure-fire way to put them off.
Taking a proactive approach to security is often the most effective way of protecting yourself. The sentiment “the best defense is having a good offense” really does ring true here. By taking the fight to attackers, you can stop them in their tracks and prevent breaches at the source. With more sophisticated methods being used, and a greater volume of attacks, having a string force is mission critical. Now is the time to start thinking like a bad guy and fight back.