Nation-state cyberwarfare and why a lot of hackers is good

"You should always know your enemy. That is, to bring the investigation to the point where you understand who specifically made the attack, what the attacker's motives are, whether the attack is accidental or not", — Ilya SACHKOV, CEO and founder of Group-IB, said at CyberCrimeCon 2018, dedicated to the problems of cybersecurity.

The landscape of cybercrime is extremely variegated, so it is difficult to trace the source of attacks, which means that companies in any country are under the threat of hacking. It is incredibly difficult to track down scammers, especially if the attack occurs for the first time, but experts are sure that the final victory over hackers is only a matter of time.

According to Group-IB experts, cybercriminals are improving their methods. During 2017-18, hackers have powerfully attacked the digital market. The reason is that digital exchanges use code compiled from different open sources. In addition, cryptocurrency exchanges usually represent only a small team of like-minded people, not a serious staffing structure.

The last large-scale hacking of the Japanese digital exchange Zaif remained unnoticed for four days, and only on September 18 this year, representatives of the company reported a loss of $60 million. Before that, the South-Korean Bithumb suffered. The exchange lost about $30 million on June 20 this year. The case with Bithumb deserves attention because it is one of the largest Asian crypto exchanges with a trading volume of $196.823 million per day. The attack on Bithumb had a serious impact on the exchange rate of Bitcoin, which fell 1.4%.

Bithumb is not the only exchange in South Korea that suffered in June. Losses of the Coinrail are estimated at $40 million. Cybercriminals seized 1927 ETH, 831 million DENT tokens and 2.6 billion PundiX (NPXS0) and other currencies. In total, 30% of the total altcoin portfolio of the crypto exchange was stolen. As in the case of Bithumb, the attack of hackers had an effect on the bitcoin rate, which fell by 5-10%. South Korea can really be considered a tasty morsel for intruders, and, unfortunately, not all companies manage to recover from the blow. On December 19, 2017, Youbit digital exchange went bankrupt after losing 17% of its assets. The company saved 75% of users' funds and promised to minimize customer losses.

When the cryptocurrency exchange closes after a hacker attack, it falls under suspicion of fraud: self-hacking to assign assets. "In investigations related to the hacking of digital exchanges, sometimes there are such cases of self-hacking. This happens with the assistance of some insider, whose activity leads to allegedly hacking and to a staged hacking and staged loss of money”, — Dmitry VOLKOV, CTO Group–IB, said.

Should the exchanges panic?

Despite the fact that hackers, like sharks, smelling the blood rushed to tear the young crypto market, panic is definitely not worth it. According to experts, with each attack cybersecurity has more materials to analyze and create universal methods of protection. Moreover, the more large-scale crimes are committed by hackers, the easier it is to develop a protection strategy. Now it is much simpler for law enforcement agencies to track cyberattacks and punish criminals: on the basis of previous cases, universal automatic algorithms for countermeasures against hackers have been developed. ”From 2010 to 2018, we and our partners from different countries made a lot of automated analytical systems for law enforcement agencies to assist in investigations", — Mr. SACHKOV said. This technology has already been successfully used against the group of death “Blue whale” in Russian social networks.

The problem of cryptocurrency exchanges is associated more with the novelty of the industry than with pathological signs. “Why the security of cryptocurrency exchanges cannot cope with the attacks? One of the most common problems is the lack of human resources”, — Mr. VOLKOV explained.

Today the ability of cybersecurity professionals is significantly expanded, and the hackers simply continued to use the remaining weaknesses of a digital economy. In the future, the number of these weaknesses will be reduced to a small amount, and then hackers will not cause such significant damage, and losses will become more local, will cease to seriously affect the market.

National cyberwarfare

One of the most important tasks is the fight against nation-state hacker groups. The analysis of their activities is complicated by the political factor. The authorities are not always ready to assist in the investigation of cases involving cybercriminals, who work in the national interest. "Spying attacks are a real problem. The most difficult thing is to attribute the attack correctly, that is, to connect with certain special services, so sometimes you have to rely on the results of previous studies of other companies”, — Mr. VOLKOV said.

Hackers have long been recruited into the real "cyber army". Their role in the information war is irreplaceable. It is worth remembering the scandal with the "Russian hackers" who allegedly intervened in the USA presidential elections in 2016. By the way, although the “popularity” of Russian hackers is not unfounded, there is a substitution of concepts. Mr. VOLKOV explained the origin of the stereotype: “When researchers see the Russian language, they automatically link it with Russia. Russian is one of the most popular languages on the Internet, it is the second most popular after English. For example, an attacker may have citizenship of Belarus, Kazakhstan or Ukraine”.

Noticeable changes in the war with hackers will appear when the laws of different countries are synchronized. In the near future, this is unlikely to happen: do not wait for the allied relations of countries that are actively using hacker groups against each other. Mr. SACHKOV is convinced that only a really large-scale precedent can reverse the situation with regard to interstate cooperation: "There will be an attack on the object of critical infrastructure in any country, which will lead to human casualties or, perhaps, to environmental violations. And after that, politicians will understand that it is necessary to speed up the process of synchronizing the legislation”.

Despite the fact that the activities of hackers have become global, and various countries are actively using them in the information war, it has become much easier to track criminals. Firstly, the competition between the increased number of hacker groups helps to detect them when they attack one target. Secondly, new security software is being developed every day and methods are being improved to test potentially compromised systems. So, according to experts from Group-IB, today the peak of financial threats has already passed. In the international market, the first position is occupied by phishers aimed at cloud storage, not the financial sector.