After the NSA hack: Cybersecurity in an even more vulnerable world

What is the Equation Group?
The Equation Group has been closely watched since its existence was first revealed in an early 2015 report by security researchers at Kaspersky Lab, a Russian-based computer security company. Cyberattacks using the Equation Group’s signature methods have been carried out since 2001, using extremely specific customized techniques.

In addition to engineering the attacks to ensure a very low risk of detection, they maintain a close watch on their targets to ensure their surveillance does in fact go undetected. And the number of targets they choose is very small – tens of thousands of computers as opposed to the hundreds of thousands or even tens of millions of machines hacked in other major attacks.

Equation Group’s targets included government and diplomatic institutions, companies in diverse sectors as well as individuals in more than thirty countries.

Kaspersky Lab reports that China and Russia are among the countries most infected by the Equation Group’s hacking tools. Among the alleged targets were the Russian natural gas company Gazprom and the airline Aeroflot. Likewise, China’s major mobile companies and universities were allegedly victimized by the NSA.

Who hacks whom?
Cyberweapons and their capabilities are becoming an increasing part of international relations, forming part of foreign policy decisions and even sparking what has been called a “cyber arms race.”

The Shadow Brokers attack may be a part of this global interplay. The U.S. government is considering economic sanctions against Russia, in response to the alleged cyberattack on the Democratic National Committee computers by two Russian intelligence agencies. Those same attackers are believed to have been behind the 2015 cyberattacks on the White House, the State Department and the Joint Chiefs of Staff.

If the material Shadow Brokers have stolen can link cyberattacks on Gazprom, Aeroflot and other Russian targets with the NSA, Russia can argue to the international community that the U.S. is not an innocent victim, as it claims to be. That could weaken support for its sanctions proposal.

Russia and China, among other adversaries, have used similar evidence in this way in the past. Edward Snowden’s revelation of the U.S. PRISM surveillance program, monitoring vast amounts of internet traffic, became an important turning point in China-U.S. cyberrelations. Commenting on the NSA’s alleged hacking of China’s major mobile companies and universities, an editorial in China’s state-run Xinhua News Agency noted: “These, along with previous allegations, are clearly troubling signs. They demonstrate that the United States, which has long been trying to play innocent as a victim of cyberattacks, has turned out to be the biggest villain in our age.”

In general, allegations and counterallegations have been persistent themes in Chinese-American interactions about cybercrimes and cybersecurity. China’s approach shifted toward more offensive strategies following Snowden’s revelation of the PRISM surveillance program. It is likely that this hack of cyberweapons may provide China and other U.S. adversaries with even more solid evidence to prove American involvement in cyberattacks against foreign targets.

Cyberattack tools now more widely available
There are other dangers too. Hackers now have access to extremely sophisticated tools and information to launch cyberattacks against military, political and economic targets worldwide. The NSA hack thus may lead to further insecurity of cyberspace.

The attack is also further proof of the cybersecurity industry’s axiom about the highly asymmetric probabilities of successful attack and successful defense: Attackers need to succeed only once; defenders have to be perfect every time. As sophisticated as NSA’s highly secure network is, the agency cannot ever fully protect itself from cyberattackers. Either these attackers have already gotten in, or some other group will be the first to do so in the future.

Actors with fewer financial and technical resources can compromise high-value targets. What will come of this attack remains to be seen, but the potential for profound and wide-ranging, even global, effects is clear.

Nir Kshetri is Professor of Management, University of North Carolina - Greensboro. This article is published courtesy of The Conversation (under Creative Commons-Attribution / No derivative).