In January 2020, the Austrian Foreign Ministry experienced a “cyber-attack of unprecedented dimensions“, with hackers attacking the Ministry’s IT systems for months. Five years ago, the German Bundestag was attacked. At the beginning of May 2020, an arrest warrant was obtained against the Russian hacker Dmitriy Badin (39), who, in this attack in 2015, had stolen 16 GB of data on behalf of the Russian secret service. The same Badin, who has been wanted by the FBI for years because he and “colleagues” are said to have carried out hacker attacks on the Democratic Party in the run-up to the 2016 presidential elections and on the World Anti-Doping Agency WADA.

Security experts are convinced that state-funded hackers will become even more active in the coming years, because governments all over the world (including the Austrian Ministry of Defense) have long since realized that the military must enter the fifth dimension, i.e. virtual space, and position itself so that it is prepared for attacks of all kinds: land, sea, air, space – and cyberspace. The military of today does not need tanks, but IT-know-how; it does not fight enemies with machine guns, but with cyber defense. Incidentally, the costs of cyber defense are much lower than for military hardware, because a computer system is cheaper than, for example, an interceptor. A Lockheed F-35 costs between 89.2 and 107.7 million dollars (without ammunition).

Why do states employ hackers?

To disrupt or even bring to a halt the systems of other countries. Hackers can not only attack the economy of a country and cause severe problems for individual industries with viruses, Trojans or ransomware. They can also carry out attacks on the infrastructure – whether airports, water supply or electricity networks. To be able to do this, hackers need not only programmer know-how, but also zero-day vulnerabilities in the respective program systems, which are known only to them, but not to their opponents or the manufacturers of the software.

From Superpowers to Ambitious Byers

Basically, states are divided into four groups based on their so-called “state-sponsored” hackers: “Superpowers”, “Rapid Risers”, “The Peloton” and “Ambitious Buyers”. Their effectiveness depends on how much money the government invests in their cyber army.

A Superpower is able to carry out operations of the entire cybercrime spectrum on the basis of all military and intelligence capabilities in order to achieve a certain result in political, military or economic areas. But there are other objectives, such as “manipulating” commercial products and services during their design, development or manufacture. In other words, state-sponsored hackers create vulnerabilities so that a foreign company’s product does not work or cannot be delivered. Of course, finding security holes, programming malicious software, hacking operating systems, be they government computers or corporate systems, and creating zero-day databases are also part of their “job description”. And they sometimes also work with criminal groups.

Superpowers include the “Five Eyes” (USA, UK, Canada, Australia and New Zealand), China, Russia, Israel, France and Germany. These are the largest and best funded organizations, carrying out virtually all operations, including HUMINT (Human Intelligence). This refers to the acquisition of intelligence through human sources, i.e. personal informants. They have zero days and work in exactly the same way as intelligence agencies do.

To find out which states are “Rapid Risers”, why all secret services are very hot for so-called Zero Days and who is hiding behind the terms “Fancy Bear” or “Honeybee”, read the book “Internet of Crimes”.

Photo credit: U.S. Air Force/J.M. Eddins Jr.