The image of ”The Hacker” used to be well defined: He (rarely she) is an introvert, a shy genius who sits in a darkened basement, with 25 screens in front of him, his face dimly lit by rows and rows of numbers on the main screen.
His face is handsome, yet mysterious, and his expression silently determined. When the numbers in front of him hit some magical equation, there is an evil grin. And then the movie starts.
Hackers now are different. Some of the most prolific hackers now are government officials in “boring” 9-5 jobs.
And the victims are no longer rogue third world nations or the big old enemy (insert Russia, China, Death Star here). The victims are corporations, whose close connections to the governments are becoming a vulnerability.
In May 2014 the first instance of industrial, government-sponsored espionage became evident, when the US Justice department leveled charges against five members of the Chinese military. The victims were high ranking nuclear power plants, steel manufacturers and solar power firms.
Corporations have next to nothing to gain from disclosing that they have become victims of an attack. The government could potentially even go so far as to punish them for not adhering to security protocols, rather than protecting its country’s borders and boardrooms. The public/media backlash a company would face if such a breach became public could have far reaching consequences, which became evident when Ashlez Madison was hacked. Consumers would lose faith, corporations would lose face and the attackers would not be prosecuted as fiercely as they should be.
Trade secrets and innovations were always a juicy bit of info that spies tried to steal, even back in the olden days of the cold war.
But these attempts at obtaining information to gain an advantage in the free market seem to be yet another level up in the race for cyber control.
The cyber war waging online, via hackers, hacktivists, government induced “intelligence gathering” and other such euphemisms has no checks in place, no Geneva convention, no Red Cross.
This is why NATO tried to set some Rules of Engagement for the cyber warfare back in 2013.
Whether these are being adhered to – no one knows.
Governments themselves can do little to protect the intellectual properties of their citizens and corporations. There are clear and fine-tuned checks in place to fight an attack on land, on sea and in the air. But the fourth dimension of cyberspace has yet to establish a well thought-through plan of action.
More recently, these types of hackers have focused on Sabre Corp, a travel giant who has data of more than a billion travelers all over the world. Definitely a hugely interesting target to state-sponsored attacks. The attackers might have used Sabre Corp’s weaknesses to move further up-stream and gain access to Amercian Airlines and into their data. They are currently investigating whether their security had in fact be breached.
Implications are mounting that these attacks stem from one particular government – China. China’s officials firmly oppose being accused of running a large-scale cyber attack. But a government which gains access to files about another government’s employees and contractors certainly has an incentive to “investigate” a little further into how these government officials travel or their health history, which is what this new attack was mainly focussed on.
One indictment points a very blaming finger directly at China and its military.
All of this is very worrying, even on a smaller scale. Intellectual property and corporate research and innovation keep the free market competitive and a full blown cyber war at bay. And on a bigger scale it is worrying how little one government can do to stop a cyber attack, short of taking it off the screen and into the real world. And let’s hope that this is not about to happen.