Just below the fold of September 24th’s Wall Street Journal is an article that summarizes an 86-page report jointly recently released by ThreatConnect and Defense Group Inc. Anyone responsible for managing cyber risks for their organization needs to read the news article at the very least. Read on to learn why.
The report is entitled Project CameraShy: Closing the Aperture on China’s Unit 78020. Here’s an excerpt of the executive summary:
[We have] attributed targeted cyber espionage activity associated with the “Naikon” Advanced Persistent Threat (APT) group to the Chinese People’s Liberation Army’s (PLA). This assessment is based on technical analysis of Naikon threat activity and native language research on a PLA officer within Unit 78020 named Ge Xing.
The motivation for the cyber espionage appears to be China’s increasingly aggressive claims on territory deep into the South China Sea, which is threatening economic and political stability in the region. So why is this important to you and me?
- Reading the news story, you can really see how far the professionalization of hacking has come. Although the subject of the report is Chinese, you should assume the profile is the same (or more advanced) for hackers elsewhere in the world. That includes cybercrime gangs, such as those in Russia, and other nation-state cyber armies.
- Whatever image you have of hackers should resemble Ge Xing rather than the stereotypes personified by David Lightman in the 1983 movie War Games or Gavin Orsay from House of Cards.
- You will see how many digital footprints some people, even professional hackers, leave online. And how they can be collected and analyzed to re-construct a person’s identity, in multiple dimensions.
- While the need for attribution is great when someone commits a computer crime, even with all this evidence, it can be impossible in today’s world to hold people accountable for their illegal online actions.
As I think about Internet-dependent organizations in the West, the most significant takeaways for me from this report are:
- As defenders, we have to realize that online attackers have amazing advantages as compared to traditional criminals.
- Holding the biggest and most capable online criminals accountable often isn’t possible.
- In the face of inevitable and unrelenting cyber attacks, we need to become great at detecting them and recovering quickly.
What do you think?