One of the most damaging and intense attacks on the US government ever took place this year. And nobody, even those that had been hit, knew.
The US government said last night that it had lost control of data held by the Office of Personal Management (OPM), which holds information about all of the staff employed by the US government. Nobody knows why, or who, stole it — but that is the reality of modern warfare.
As internet networks become ever more important and the attacks more sophisticated, both nation-on-nation attacks as well as those run by criminal and terrorists are becoming increasingly damaging. The huge hit on the OPM could be the beginning of the launch of full-scale and outright — but often unnoticed — warfare, of the kind that has now been going on quietly for years.
The US has accused China, and China has denied it. It’s likely nobody will ever know who’s right.
The lack of clear perpetrator is partly because of how easy it is to hide such attacks — they can be carried out on foreign soil, by for-hire hackers who might not even know who they’re working for — and also because so many people are hacking so many others, meaning that there’s a range of people with the means and the motive for such cyberattacks.
Even if the US is able to trace the attacks to China, it doesn’t mean that the government is involved. Many such attacks are carried out by gangs of cyber-criminals, who will take on any attack for a big enough fee.
Chinese officials, including a spokesperson from the Chinese Embassy, have made the same point.
"Cyberattacks conducted across countries are hard to track, and therefore the source of attacks is difficult to identify. Jumping to conclusions and making hypothetical accusation is not responsible and counterproductive," Zhu Haiquan told CNN.
The only real way to attribute cyberattacks is to find a person sat at a computer typing the malicious code, security experts say. Anything else is possible to fake.
Cybercriminals and national states are all involved in the hacking business. The big fear among some security researchers is that terrorists will also join — conducting cyberattacks that can be as economically damaging and even as deadly as physical attacks using chemical or , at a fraction of the cost.
“It’s possible” that traditional terrorists will also start moving into cyberattacks as well as physical ones, Eugene Kaspersky the Russian security expert who founded the eponymous cybersecurity firm, told The Independent in March. “Traditional crime already came to cyberspace. So they employ software engineers.”
“It’s a worst case scenario” that such a thing would happen, Kaspersky said. Such an attack would the end of the evolution of cyberthreats — which have been used by criminals, nation states, and potentially terrorist groups to catastrophic effect.
It’s unclear exactly how the hackers got into the US government systems. Initial reports seem to indicate that the US wasn’t even aware of the attack until it came to increase its defences, finding the information breach after it had happened, and that they aren’t sure how many people are affected.
The hackers appear only to have taken data. That is terrifying and could be hugely damaging for those affected, but it’s one of the less directly threatening options available to hackers.
In recent years, hackers have managed to take control of physical objects and huge machinery. So much of the world’s most important equipment and machinery is now networked — the entire
There have only been two known hacks to cause physical harm. The first was the famous Stuxnet virus, which was created by US and Israeli hackers and planted in Iranian nuclear plants to sabotage key equipment. The second was revealed late last year, when investigators said that still unknown attackers snuck into the computers controlling a German steel mill and stopping a furnace from being shut down and causing massive damage.
Similar systems are present in all of our most important infrastructure. If hackers were able to, they could cause huge damage by wreaking havoc on our electric grid, financial services and other key networks, all from the comfort of their own computer.
Sony Cyber Attack: The Worst Affected In Hollywood
Sony Cyber Attack: The Worst Affected In Hollywood
1/13 Leonardo DiCaprio
The actor's 'horrible behaviour' over Steve Jobs biopic was branded 'actually despicable' in leaked Sony executive emails
2/13 Seth Rogen
Seth Rogen and James Franco cancel Interview (North Korea-baiting film) press appearances after Sony hackers' threats
3/13 James Franco
Seth Rogen and James Franco cancel Interview press appearances after Sony hackers' threats
4/13 Aaron Sorkin
The screenwriter has said that the people who hacked into Sony Entertainment Pictures and released private emails are 'threatening the lives of whole families'
Theo Wargo | Getty Images for Nantucket Film Festival
5/13 Amy Pascal
Also leaked: Sony Pictures co-chair Amy Pascal's email joking about President Barack Obama's race
6/13 George Clooney
Leaked email chain between Pascal and George Clooney appeared to reveal just how much the actor struggled to cope with the criticism of his The Monuments Men
7/13 Barack Obama
Sony executives Scott Rudin and Amy Pascal's leaked email exchange jokes about Barack Obama favouring films with black actors
8/13 Channing Tatum
Channing Tatum's leaked Sony executive email responding to the success of 22 Jump Street with Jonah Hill, which became the highest grossing R-rated comedy ever when it opened in June this year
9/13 Jaden and Willow Smith
Will Smith and Jada Pinkett Smith's children Willow and Jaden Smith found themselves in the Sony inbox as well
10/13 Mark Gordon
DiCaprio's exchange with Jobs TV producer Mark Gordon (pictured) was leaked too
11/13 Princess Beatrice
Sony hackers linked to North Korea revealed Princess Beatrice earns $30,000 a year
12/13 Michael Fassbender
Aaron Sorkin's leaked emails claimed he had no idea who actor Michael Fassbender (pictured) was
13/13 Scott Rudin
Information leaked has also included embarrassing emails involving high profile producer Scott Rudin attacking Angelina Jolie
Such attacks are likely to increase, as networks become yet more integrated and cybercriminals, terrorists and nation states become ever more sophisticated in their hacking. Those key industries that could be hit by such an attack are working hard to make themselves safe — but those that would benefit from attacking them are likely working just as hard.
US officials have claimed that the Chinese hackers stole the details so that they can be used to put together a database of the country’s officials and others, presumably to be used for traditional intelligence efforts.
But hackers’ motives are often as difficult as finding out who’s really doing the hacking. In the Sony hacks, for instance, the stated aim was stopping the release of The Interview — but it could just as easily be anything else.Reuse content