State-sponsored hacking is back in the news, this time courtesy of accusations that Russia’s cyber maneuvers influenced the 2016 US election through the notorious DNC email leaks and a cyberattack against the Clinton campaign. Trump has repeatedly denied that Russian interference was a factor, to the point of loudly rejecting the CIA’s claims. He also wondered, on Twitter, where these claims were before the election (they were mentioned in the second Presidential debate and he publicly asked Russia to hack Clinton).
Unless you catch "hackers" in the act, it is very hard to determine who was doing the hacking. Why wasn't this brought up before election?
— Donald J. Trump (@realDonaldTrump) December 12, 2016
Additionally, Trump has stated that it’s impossible to figure out which flags hackers fly unless you catch them in the act, but the exact opposite is true. If you know what to look for and where to look, it’s very easy to guess who a hacker is working for. Proving it, though, is another matter.
This isn’t a new phenomenon: Currently, several Chinese generals (including well-known hacker/instant internet meme Wang Dong) on the FBI’s Most Wanted list for that crime, North Korea attacked Sony over its movie The Interview, and the United States government got in hot water itself for doing just that with PRISM. But how do we know the difference between state-sponsored hacking and kids screwing around?
Can You Spot A State-Sponsored Attack?
The short answer is, there’s rarely a smoking gun. In theory, most hacking that happens to convenience one state while hurting another is the result of people at the keyboard independently deciding to execute complex mathematical attacks on infrastructural targets that can take months and millions of dollars to pull off. To give you an idea of just how much spies cling to this idea, China didn’t admit it had state-employed hackers until last year, despite those aforementioned generals being on the FBI’s list since 2014
Still, for intelligence agencies and even the man on the street, spotting a state-sponsored hack is fairly easy in a number of ways. Sometimes, the identities of the culprits can be glaringly obvious, with the Sony data dump being a prime example. The Interview, you may remember, was a comedy from Seth Rogen and James Franco about a frivolous Andy-Cohen-esque chat show host scoring an interview with Kim Jong-Un, and promptly recruited by the CIA in an attempt to assassinate him.
In response, supposedly some patriots from North Korea stole all of Sony’s emails and dumped them on the internet. North Korea is a country that can’t even provide its citizens with food, let alone modern computers, so the idea that the hack was anything other than a government action is patently ridiculous. Granted, Sony can’t prove this legally, but unless a shocking revelation arrives at some point, common sense tells us who did it and why.
A Hacker’s Motives Can Lead To The Source
Following that is the simplest question in politics: Who profits? A good example is the attack Fancy Bear, a supposedly independent hacking group, committed against the World Anti-Doping Agency. On the heels of a massive doping scandal involving Russian athletes (which is still unfolding), by total coincidence, a bunch of embarrassing documents about British and American athletes was dumped onto the internet. Yes, they think you’re dumb.
The next place to look at when spotting state-sponsored hacking is the target. Your typical computer criminal isn’t interested in lifting state secrets or dumping some organization’s emails on the internet because that’s a lot of risk for little financial reward. They’re interested in stealing your credit cards or other financial data, so they look for bulk databases they can breach and use a lot of numbers at once. While thieving hackers can show undeniable complexity and ambition, they are, at root, mercenaries. Unless somebody’s paying them to show up, they’re not going to be there.
Then there’s the question of complexity. Attacking your typical consumer PC is the equivalent of busting into a Little Tykes playset castle. Attacking a government computer network is more akin to raiding Castle Greyskull, with Battlecat lurking in the moat to eat you. Most would-be hackers won’t dare go near the Pentagon unless they were convinced WarGames was a documentary, so anybody showing up has to be highly motivated in the first place.
That complexity also tends, over time, to create a certain “fingerprint.” The reality is that state-sponsored hacking is a job, like any other job, and breaching a computer system is hard. So, if a spy comes up with one solution, they’ll tend to repeat it until somebody fixes the problem. A just-revealed cyber attack against Democratic presidential candidate Hillary Clinton has many similarities to attacks on the Ukraine and other states that Russia has been angry at for not acting like they’re a part of the USSR.
Like we said, none of this is a smoking gun. Any spy agency is smart enough to create layers of anonymity between them and their employees. But state-sponsored hacking is simple to spot, and should be a point of concern no matter who does it.