In recent years, there has been a trend of hackers associated with foreign governments, particularly those of Russia and China, breaching the networks of US governmental bodies and stealing troves of data. Particularly, the recent acquisition of sensitive documents from the Democratic National Committee’s (DNC) network, supposedly by Russian government hackers, raises the questions about the techniques and motivations behind cyberwarfare against the US government.
There are a number of different methods by which hackers can attack systems. The most typical avenue for breaching a network is to acquire the credentials of a user who already has access to the network. The 2014-2015 breach of the Office of Personnel Management was conducted by acquiring access to the network via a stolen credential from a government contractor (1). Hackers can also access secure networks by using backdoors, avenues of access to servers not intended for use by the network’s regular users (2). Generally, systems running older software are at greater risk, as hackers and programmers have had more time to study and find flaws in such systems. This may be one reason why the government has become a target in recent years, as many government systems, including the ones involved in the OPM hacks, have older systems than private sector firms (1).
Considering the kinds of data stolen from governmental bodies, one might be inclined to ask what reason a hacker, affiliated with another government or not, would have to compromise or steal such information. The most obvious reason is the profitability such data might provide. Any network large enough will typically have information like addresses, social security numbers, or bank data, which can be sold for a price to interested parties. Even passwords can fetch a good price due to password reuse by many users. Beyond this, information grabbed from government servers may also have political value. As seen in the breach of the DNC, documents on political donors and confidential strategy reports can be embarrassing for governments or political parties (3). Finally, such information can have utility to blackmail people for further information (4).
Regardless of how hackers breach government systems or their intention within, the question still arises of who the hackers actually are. Frequently, they are claimed to be agents of foreign governments, particularly those of China and Russia, which is always denied. It is worth noting, though, that tracking and identifying hackers is actually a very difficult task. Typically, the only hard evidence of a hacker’s location is the IP address of the machine which breached the system, which one can use to try to track to a physical location (5). However, hackers can and frequently do use proxy computers to instigate attacks in order to hide their actual location (5). Thus, cybersecurity experts may instead need to look to the tools used by the hackers to try to find characteristics in variable names or the suspected type of keyboard used to write malicious code in order to link them to a specific group or location (6). Unfortunately, this approach runs into its own set of problems as hackers can account simply write code that makes them less distinguishable and harder to identify.
(1) Sternstein, Aliya, and Jack Moore. "Timeline: What We Know About the OPM Breach (UPDATED)." Nextgov. June 26, 2015. Accessed June 21, 2016. http://www.nextgov.com/cybersecurity/2015/06/timeline-what-we-know-about-opm-breach/115603/
(2) Johansson, Jesper. "Anatomy Of A Hack: How A Criminal Might Infiltrate Your Network." Anatomy Of A Hack: How A Criminal Might Infiltrate Your Network. 2008. Accessed June 21, 2016. https://technet.microsoft.com/en-us/magazine/2005.01.anatomyofahack.aspx.
(3) Koebler, Jason. "'Guccifer 2.0' Claims Responsibility for DNC Hack, Releases Docs to Prove It." Motherboard. June 15, 2016. Accessed June 21, 2016. http://motherboard.vice.com/read/guccifer-20-claims-responsibility-for-dnc-hack-releases-documents.
(4) Bennett, Brian, and Richard A. Serrano. "Chinese Hackers Sought Information to Blackmail U.S. Government Workers, Officials Believe." Los Angeles Times. June 5, 2015. Accessed June 23, 2016. http://www.latimes.com/nation/la-na-government-cyberattack-20150605-story.html.
(5) Greenemeier, Larry. "Seeking Address: Why Cyber Attacks Are So Difficult to Trace Back to Hackers." Scientific American. June 11, 2011. Accessed June 22, 2016. http://www.scientificamerican.com/article/tracking-cyber-hackers/.
(6) Glance, David. "How We Trace the Hackers behind a Cyber Attack." How We Trace the Hackers behind a Cyber Attack. December 4, 2015. Accessed June 23, 2016. http://phys.org/news/2015-12-hackers-cyber.html.
Image: © Alexandr Blinov | Dreamstime.com - <a href="https://www.dreamstime.com/editorial-image-steel-handcuffs-credit-card-rolls-russian-rubles-samara-russia-january-dollars-lying-computer-keyboard-image64857285#res14972580">Steel handcuffs, credit card and rolls of russian rubles</a>