You’ve likely noticed by now the blaming of foreign governments for cyber attacks that cause significant disruptions to a company or economy. These claims are often based on some basis of fact, however it is often very hard to find the smoking gun when it comes to cyber attacks from hackers funded by a national government. Hackers, who are employed directly by a government or those who are mercenaries under contract are often referred to as state actors. These groups are often identified by the remarkable levels of sophistication in their attacks. This is usually due to very high levels of funding from states. Hackers typically don’t have access to the funding or types of cyber weapons deployed by state actors. Put simply the world is engaged in a seemingly never ending cyber war.

In war there are always unintended victims when two aggressors are trying to achieve large their victories. In recent years, state actors have started targeting private citizens and companies large and small. Apparently, the Geneva Conventions doesn’t apply to cyber security, which has been recognized by cyber security experts. Most notably outspoken on the issue of state actors has been Brad Smith of Microsoft, who serves as President and Chief Legal Officer.

Cyber Security and State Actors

Earlier in 2017, Smith had spoken at the 2017 RSA Conference where he was very concerned about state actors. He opened with:

“There’s one thing that has clearly made this situation [cyber security] more challenging…that is the entry of more nation-state attacks.”

Smith mentioned the cyber attacks on Ukraine’s electrical grid, he mention Sony’s hack, and John Podesta in the recent U.S. election.

One of the more important things that Smith had mentioned was how this impacted the role of the cyber security professional. Where they are placed on the frontlines in the battle against the cyber forces of other nations. In addition to these same cyber security professionals acting as first responders when a hacker is successful in their attack. Brad Smith has called for something similar to a Geneva Conventions but for cyberspace. This may be a while away though, because since the rise of the internet as more countries got connected, the more cyber warfare started happening more frequently.

The most well known case of state actor action in the cyber space was the news about the world’s first cyber weapon known as Stuxnet. It was a significant development because it was one of the first malware attacks that was intended to disrupt physical infrastructure. It had the capability to attack power plants, dams, and waste systems. Its first deployment was against Iran. It was a wake up call the the world about what the capabilities of cyber attacks were. Since that time cyber weapons have only gotten more destructive and have fallen into the hands of everyday hackers.

2017: Year of State Actors, Leaks, and Sabotage Attacks

If the year 2017 has revealed anything to the public, it’s how state actors incubate and develop cyber weapons which then get leaked to the darknet. Those same weapons are then turned on the creators and on the state’s allies potentially. The NSA was hacked and the data was transferred to the Shadow Brokers. Who then released the leaks and within two weeks there was an attack launched that impacted over 200,000 devices worldwide, the name of the attack is the now famous, WannaCry(pt) ransomware. The WannaCry ransomware took advantage of one of the exploits developed by the NSA called ETERNALBLUE. This exploit was also used by the developers of NotPetya that was deployed by another hacker weeks after WannaCry. While WannaCry had a clear motive to collect a ransom, NotPetya seems to have been developed for sabotage. Those were the two headline attacks this summer, but recently Mamba has come back and cyber weapons intended for industrial system sabotage have also reemerged and more powerful than ever. There were many exploits beyond ETERNALBLUE that leaked, in the coming years average hackers or other state actors may deploy these against average people.

It is accepted that governments have a license to hack and develop destructive malware at will, but who is responsible when such dangerous weapons leak to the general public. Cyber security professionals who are trying to protect their clients and community have to battle online with \some of the most sophisticated and malicious technology in existence right now. The role of state actors indirectly disrupting cyber security efforts is quite significant and alarming.