State Sponsored Cyber Attacks: Motives, Targets And Measures

In the last 20 years, cyber-attacks have become a big issue for people and businesses throughout the world, these sorts of attacks have usually been conducted by either lone individuals or groups of hackers looking to either cause disruption or make financial gains from vulnerable businesses and organisations.

Governments around the world began to use these types of attacks to inflict damage on their enemies without having to launch physical military strikes at the expense of millions, instead, they can launch very damaging cyber-attacks to either damage the other countries infrastructure such as power grid, steal top-secret documents from the government or for financial gain at a fraction of the cost, as well as a much higher chance of going undetected.

This new way for governments across the world to steal information and inflict damage on other countries without engaging in physical warfare or espionage, as well as covering their tracks by hiring and providing the resources for Cyber groups to carry out these tasks. This report will go into the detail of state-sponsored cyber-attacks mostly aimed at the UK, to discover the many goals in which these attacks aim to achieve and what consequences these attacks have on the country as well as the consequences for the country that sponsored the attack. This report will look at different state-sponsored cyber-attacks to see the damage caused as well as the countermeasures are taken to stop these attacks.

Findings

What Is A State Sponsered Cyber Attack?

A state-sponsored cyber attack is like any other cyber-attack, the person or people that are conducting the attack are looking to either cause damage, steal information or make money. Except the difference is that the people who are conducting the cyber-attack have the full backing of their government behind them, although it may not be out in the open about the government backing if another government discovers it was the group that conducted the attack the government would likely deny any link. They would also likely be receiving funding from the state to conduct attacks on another country and whatever they gain from the attack would be benefited by the government of the attackers.

Another difference that these groups and individual state-sponsored hackers have to normal hackers is that they don’t want to be identified as responsible for the attacks that they are conducting, they could be simply conducting these attacks with a sense of “nationalism” involved especially in countries such as North Korea and Russia, They would be doing it for the country, not for individual gain. So, it is typical for these types of attackers to go to great lengths to cover the operations. (BAE Systems, 2019)

Motives

There are many motives behind State-Sponsored Cyber Attacks it all depends on what the government that is launching the attack are looking to achieve, they could be looking to cause great financial damage to the country at again to themselves, they could be looking to damage the country national infrastructure such as shutting down the national power grid, they could be looking to steal classified information from government agencies or simply they could be looking to cause havoc just doing anything to cause panic and damage anything they can get their hands on.

Governments such as Russia and its military intelligence service have been caught attempting to launch cyber-attacks on democracies across Europe and the world with their goal being to attempt to “destabilize” their governments, they were also reported to have launched cyberattacks that cost several governments “millions of pounds” (GOV.UK, 2018).

Russia has been using these types of tactics for years, it has been suggested that in the last few democratic elections in countries such as the United States when they held their 2016 presidential election that it may have been influenced by state-sponsored attacks from Russia, this was from reports from different Us intelligence services. They suggest the Russian backed groups attacked different government institutions such as the white house, they used Phishing attacks to infiltrate the email accounts of many different US officials. One of the people affected was the chairman of Hilary Clintons presidential campaign, the cyber groups managed to get over 60,000 emails from him in which they gave to wiki leaks who used it against Hilary Clinton in the presidential race.

Also back in 2016 when the United Kingdom held the Brexit Referendum it was suggested that Russian sponsored hackers were spreading false information which helped the leave campaign, on the day of the vote it was said thousands of Russian bots tweeted pro-leave tweets in which Theresa may later describe as “weaponizing information” although there is no concurrent proof that Russia influenced the Brexit referendum. But these show just how set Russia are at “destabilizing” western democracies through their large cyber arsenal.

As mentioned above one of the main reasons for these attacks to occur would be to damage their democracies however one of the other motives would be to make financial gain from attack, countries that would be looking to make financial gain would be countries such as North Korea who due to crippling economic sanctions have adopted other ways to gain funds the cyber-attacks, but whilst gaining these funds they could also cause damage to other countries and their enemies at the same time. North Korea is known for launching many state-sponsored attacks, it was reported “At least 35 reported instances in 17 countries of North Korea-affiliated actors attacking financial institutions and cryptocurrency exchanges are currently under investigation” (DW.COM, 2019) this shows the lengths that the regime would reach to gain funds and what they are capable of.

Targets Of Cyber Attacks In The United Kingdom And Possible Damages Caused.

The UK is a big target on the world stage for these sorts of government-sponsored cyber-attacks, many if not all the government-run organisations are at a huge risk of becoming victims of state-sponsored cyber-attacks. Not only just government agencies are at risk though. Below is a list of possible targets within the UK at risk from cyber-attack:

• Financial Institutions
• National Infrastructure
• Government Institutions
• Transport Services

These services are at risk because a lot of these services if not all in recent years have become dependent on computer systems to function meaning a successful attack could leave them useless

Government Institutions are at risk because it has been shown that a lot of their email and security protocols are old and less secure making them an easy target to state-sponsored cyber-attacks (Maor Hizkiev*, 2019). The government organisations that are being referred to are government organisations like the National Health Service (NHS), local councils and the main government itself. Even with some government organisations having less than perfect security they would still be massive targets with Cyber groups looking to gain access to the network through many different methods.

Another reason that these organisations are a massive target for other countries is that they are key to the functioning of the country, they store a lot of classified information they have records of large portions of the population. The NHS holds millions of medical records and this came under threat when the WannaCry attack targeted the NHS (National Health Service) in 2017 which cost them millions of pounds because at the time they had poor IT infrastructure, they were using outdated operating systems and the staff were not trained to handle this, the attackers were identified to be from North Korea. The effect that this attack had was that thousands of medical appointments were cancelled, causing disruption for months after the attack, millions of pounds had to be spent to replace the infected machines as well as upgrading older machines to modern operating systems this was because many of the machines were locked until they paid the ransom. This is just an example of what can happen when a government institution is attacked successfully, but this attack on the NHS could have been a lot worse.

For obvious reasons the government itself is a target, the information that government officials hold and are aware of would be invaluable to another country, officials would use their email to discuss these matters and other matters may be even personal issues, that’s why the government email is a massive target. The attackers could use these emails to embarrass government officials damaging their standing. For example, “In June 2017, sustained and determined attempts gain unauthorised access to UK parliament email accounts were reported. Temporary access was gained to less than one per cent of the 9,000 accounts on the parliamentary network. The incident began on a Friday afternoon when most people had finished work for the week.” (NCSC, 2017) the fact that the attack began at the end of the week showed that they waited until the perfect moment to commence the attack.

Financial Institutions are at risk for an attack obviously because other countries would be looking to make financial gain but also to damage the UK economy and possibly the world economy. It was reported that the cost to the UK economy each year from cyberattacks is over £27 billion, which is an incredible amount and identifies how big an issue this is for the UK economy. Although this figure is the entire cost of attacks not just on the Financial sector of the UK.

UK Government Cyber Security Agencies.

The UK government have several state-run cyber security agencies protecting key areas of the country for cyber attacks all the main areas that are specified above are protected by one of the agencies that will be mentioned below.

The National Cyber Security Centre is based in London it was created in 2016 and is one of those cyber defence agencies that’s main goal isn’t just to protect state-run agencies but also to provide support for organisations from all sectors of the United Kingdom, they also provide an incident response to organisations if it was required. The National Cyber Security Centre was created by merging knowledge from other cyber security organisations in the UK such as “(the information assurance arm of GCHQ), the Centre for Cyber Assessment, CERT-UK, and the Centre for Protection of National Infrastructure”.(NCSC.GOV.UK)

Measures Taken To Counteract Cyber Attacks.

Due to the rising threat from cyber-attacks, the UK government has started to realise many different threats they have on the economy and the people of the United Kingdom. In 2011 government created a strategy that they would use to tackle the threat from cyber-attacks, they set out key areas the government would like to make stronger to face cyber-attacks as well as improving knowledge and understanding for businesses across the UK.

The government has taken a lot of measures to improve our security in cyberspace by creating different initiatives one of which is called CISP (Cyber Security Information Sharing Partnership), this was created to so that businesses across the UK can warn other businesses about situations that are unfolding as well as the government being able to provide advice fast and securely on the site.

The UK government has also encouraged cross border collaboration so that governments across the world can collaborate to help countries prosecute cybercriminals in their country of origin however this could prove difficult with state-sponsored cyber attacks as certain countries may not want this to happen.