Are Security Agencies The Biggest Hackers Right Now?
When most people think of a hacker, they think of an individual, adept at coding and computers who is able to break into other computer systems for some criminal activity. We are all aware of the danger that hackers pose to our online security. Over the last couple of years we have all seen news stories about the latest hacking tools and zero-day backdoors that are being used to undermine security systems.
Many people believe the online world has enough moderation, in other words, anyone who is causing trouble online will usually have their IP address blocked. However, it is clear that the most persistent hackers can circumvent these IP bans easily. This is usually done by the use of ‘bulletproof’ residential proxies. This article by Smartproxy will help you to gain more knowledge about proxies before going deeper into this field.
Surprisingly, most of the ‘hacking’ going on today is being done with the full knowledge of government authorities. In fact, many of those involved in hacking are working for a nation state. While criminal hacking groups definitely exist, a significant amount of the hacking is done by national governments and security agencies.
Hacking is not as simple as the movies would have you believe. Even those with an intimate understanding of how cybersecurity works, finding vulnerabilities in systems is difficult.
Since the public unveiling of the Stuxnet virus, it has been clear that nation-states are heavily involved in hacking activities. Stuxnet was a virus designed specifically to target certain command and control systems manufactured by Siemens. They were used by the Iranian regime in their nuclear reactors.
Stuxnet was a so-called zero-day attack, one that exploited vulnerabilities that were as yet Undisclosed to manufacturers. Usually, when a new vulnerability is discovered in a system, it is either reported to the relevant manufacturer and fixed, or it leaks onto the darknet and is used by criminals.
However, if a zero-day vulnerability is found and they’re not disclosed to the relevant manufacturer, there is no way of them fixing the vulnerability. This makes zero-day vulnerabilities greatly interesting to state-sponsored hacking groups, who can take advantage of the vulnerability for as long as it remains undiscovered and unreported by the wider community.
Why Governments Have Hackers
Governments around the world have impressive hacking capabilities. We all know that our governments are capable of conducting cyberattacks on one another, but most people assume that those capabilities will never be turned on them, at least not by their own governments.
However, governments around the world are increasingly turning the weapons inwards and using the Cyber capabilities to hack their own citizens. It doesn’t matter where in the world you are from, there is almost certainly a nation-state spying on you, either your own government or a foreign one.
While this might be shocking for some people, it is actually an inevitable consequence of the way that hackers are recruited around the world. Everyone except the need for their country to have hackers on staff, the cyber arena is the most important arena for conflict in the 21st century. Any country that is able to dominate their opponents in the cybersecurity arena will be able to cripple their national infrastructure and gain a significant upper hand in any conflict.
Where Do They Come From?
Cybersecurity researchers in the West have observed several instances of criminal hacker groups apparently taking on state-sponsored work. For example, one cybersecurity agency observed a Russian based hacking group who had previously been known for targeting banks within the Russian Federation moving into highly targeted attacks against governments in Eastern Europe.
These attacks involved the use of Zero-Day exploits in Windows, the kind of exploit that would not be available to the general public. The so-called Bhutrap Group has been known to conduct cyber attacks across Eastern Europe and Central Asia that target businesses, their move into attacking foreign governments seems almost certain to be state-sponsored.
Knowledge Is Power
Nation states are able to attain the hacking capabilities that they have thanks to the availability of exploits and custom-made hacking tools on the open market. It’s no secret that some governments, including western democratic governments, are recruiting criminal hackers to their ranks, taking advantage of the skills and knowledge that they have without having to invest in their training themselves.
Irrespective of their overarching philosophy, governments around the world are buying and selling cybersecurity vulnerabilities. When US authorities discover a new vulnerability or exploit in software, a group of representatives from a number of departments will meet to debate the benefits and drawbacks of making any zero-day exploit public knowledge.
While western governments continue to grant their own citizens certain inalienable rights and freedoms, it is also an open secret that many western governments are involved in selling cyber-surveillance systems to authoritarian regimes overseas who they know will use them to harm and oppress people.
If we truly believe that no one is above the law, a core tenet of any liberal democracy, then that must apply to state security services. When the representatives of our own governments are able to engage and trade with cybercriminals, in the name of beating our enemies, it undermines any moral high ground that we have.
No agency should be above the law, which includes our own security agencies. The only way forward is to demand greater transparency so the actions of secretive agencies can be accurately recorded and monitored.