Cyber war has gone public, and that’s bad

Just like conventional war and conventional spying, the cyber war needs recognizable rules of engagement

Leonid Bershidsky
Updated17 Jan 2017, 11:52 PM IST
Edward Snowden, whose revelations made the cyber-war-era public, share the opinion that Shadow Brokers are Russian. He tweeted that ‘circumstantial evidence and conventional wisdom indicates Russian responsibility’. Photo: Reuters/Guardian hand-out
Edward Snowden, whose revelations made the cyber-war-era public, share the opinion that Shadow Brokers are Russian. He tweeted that ‘circumstantial evidence and conventional wisdom indicates Russian responsibility’. Photo: Reuters/Guardian hand-out

Compared with the alleged Russian hacks of the Democratic National Committee and other US targets, another important cyber theft that has also been tentatively attributed to Russia is getting far less attention. The revelations are much less titillating but they may be part of the same cyberwar.

By now, we assume that everyone hacks everyone but lately, the war hasn’t been just about spying. Bragging rights and publicity have become important. A hacker group (assumed to be a proxy for Russia) acts like swaggering kids. The US responds with threats and denunciation. It may seem heady material for a second-rate spy novel, but public cyber war is deadly serious.

Last week, a group calling itself Shadow Brokers announced it was “going dark” after failing to attract buyers for a huge cache of what is believed to be National Security Agency (NSA) malware. Shadow Brokers revealed that they were in possession of the stolen hacking tools in August, just as the DNC emails were being leaked by someone calling himself Guccifer 2.0. They claimed they had hacked a hacker outfit referred to as Equation Group. Kaspersky, the well-regarded Moscow-based cybersecurity company, linked Equation Group to the NSA. The list of Equation Group’s targets was one of the giveaways: Iran, Russia, Pakistan, Afghanistan, India and China. All countries the NSA would have an interest in.

Shadow Brokers announced they were auctioning the spoils of their hack—Equation Group’s cyber weapons. “We give you some Equation Group files free, you see,” they wrote. “This is good proof no? You enjoy!!! You break many things. You find many intrusions.” The proof seemed good indeed. Kaspersky analysed the sample malware and found its developers had used a specific implementation of an encryption algorithm that was only previously found in Equation Group software.

Some US security researchers quickly assumed Shadow Brokers were Russian. It was guesswork, but it made certain sense. Security technologist Bruce Schneier wrote, “It’s a signal to the Obama Administration: ‘Before you even think of sanctioning us for the DNC hack, know where we’ve been and what we can do to you.’”

Edward Snowden, whose revelations made the cyber-war-era public, shared that opinion. He tweeted that “circumstantial evidence and conventional wisdom indicates Russian responsibility”. Snowden also pointed out that releasing cyber weapons into the public domain was highly unusual and that it was likely “more diplomacy than intelligence, related to the escalation around the DNC hack.”

If indeed Russia is behind Shadow Brokers, the US didn’t heed the coded warnings. Instead, the ‘Russian election hack’ story was whipped up into a frenzy by anonymous leaks and, most recently, by two unclassified and scantily detailed reports from the intelligence community.

Last Thursday, Shadow Brokers staged a dramatic exit. Adopting a different kind of broken English from the one used in their initial message, the group released more samples from their cache and wrote that they were disappearing as their main purpose, earning bitcoins for their cache, had failed so far. On the same day, Guccifer 2.0 reappeared with a bizarre message claiming, not for the first time, that Guccifer 2.0 had nothing to do with Russia and accusing US intelligence of “deliberately falsifying evidence”.

Since the US failed to heed the putative warning delivered through the Shadow Brokers dump and chose to believe that Russia was behind Guccifer 2.0, there is no logic to the former’s door-slamming and the latter’s re-emergence. Security researcher Matt Tait tweeted about Guccifer 2.0: “This release worries me. Is absurd & unpersuasive, but it’s also deliberate, carefully constructed & no new info. They cared about this text.”

This kind of disorientation appears to be the goal of whoever is behind the activity. If all this is the handiwork of Russian intelligence services, they are using a number of carefully constructed public personae to communicate with the public, each with a specific style and even a specific set of typical mistakes in their English usage, and each with a hacker’s typical disdain for website design. This is meant to create the impression of a number of discrete hacking groups or lone hackers bragging about their exploits.

The approach the US has adopted in response is the exact opposite: It has “government” written all over it, from the ominous leaks to major news organizations to the refusal to reveal anything about sources and methods and the promises to retaliate in an undisclosed way.

The resulting visual is of a cop chasing a bunch of colourfully dressed punks. It’s easy to lose sight of what’s actually going on. Both sides appear to have a good understanding of each other’s tools and methods. The tools that have been revealed and analysed so far are meant for intelligence gathering, not the disruption of critical infrastructure. They have been used quietly for years, evolving to fit expanding needs and beat new defences. Now that knowledge is in the open, used for threats and innuendo-filled media reports. This is no longer cyber espionage, it’s a publicity war.

Just like conventional war and conventional spying, the cyberwar needs recognizable rules of engagement. Those rules will probably emerge after a while as a signalling system develops between intelligence agencies, who can then “go dark” again. In the meantime, both sides can wreak a lot of political havoc; but in this asymmetric war, a democracy is possibly the more vulnerable. Bloomberg

Leonid Bershidsky is a Bloomberg View columnist.

Catch all the Business News, Market News, Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.

MoreLess
First Published:17 Jan 2017, 11:52 PM IST
Business NewsOpinionCyber war has gone public, and that’s bad

Get Instant Loan up to ₹10 Lakh!

  • Employment Type

    Most Active Stocks

    Tata Steel share price

    147.55
    03:59 PM | 8 NOV 2024
    -3.35 (-2.22%)

    Tata Motors share price

    805.70
    03:58 PM | 8 NOV 2024
    -14.1 (-1.72%)

    Indian Hotels Company share price

    733.05
    03:51 PM | 8 NOV 2024
    49.45 (7.23%)

    Ashok Leyland share price

    222.00
    03:59 PM | 8 NOV 2024
    6.2 (2.87%)
    More Active Stocks

    Market Snapshot

    • Top Gainers
    • Top Losers
    • 52 Week High

    Page Industries share price

    47,987.80
    03:53 PM | 8 NOV 2024
    2882.3 (6.39%)

    National Aluminium Company share price

    238.70
    03:57 PM | 8 NOV 2024
    0.15 (0.06%)

    Federal Bank share price

    206.05
    03:29 PM | 8 NOV 2024
    0.05 (0.02%)

    Apollo Hospitals Enterprise share price

    7,409.05
    03:29 PM | 8 NOV 2024
    -15.55 (-0.21%)
    More from 52 Week High

    Aarti Industries share price

    474.75
    03:59 PM | 8 NOV 2024
    -40.3 (-7.82%)

    Signatureglobal India share price

    1,274.45
    03:29 PM | 8 NOV 2024
    -107.95 (-7.81%)

    Great Eastern Shipping Company share price

    1,200.50
    03:29 PM | 8 NOV 2024
    -90.45 (-7.01%)

    GMM Pfaudler share price

    1,282.90
    03:29 PM | 8 NOV 2024
    -92 (-6.69%)
    More from Top Losers

    Indian Hotels Company share price

    733.05
    03:51 PM | 8 NOV 2024
    49.45 (7.23%)

    Vijaya Diagnostic Centre share price

    1,098.90
    03:29 PM | 8 NOV 2024
    71.45 (6.95%)

    Motilal Oswal Financial Services share price

    996.05
    03:59 PM | 8 NOV 2024
    61.85 (6.62%)

    One 97 Communications share price

    848.15
    03:58 PM | 8 NOV 2024
    52.35 (6.58%)
    More from Top Gainers

    Recommended For You

      More Recommendations

      Gold Prices

      • 24K
      • 22K
      Bangalore
      79,485.00910.00
      Chennai
      79,491.00910.00
      Delhi
      79,643.00910.00
      Kolkata
      79,495.00910.00

      Fuel Price

      • Petrol
      • Diesel
      Bangalore
      102.92/L0.00
      Chennai
      100.80/L0.00
      Kolkata
      104.95/L0.00
      New Delhi
      94.77/L0.00

      Popular in Opinion

        HomeMarketsPremiumInstant LoanMint Shorts