The Learning Center
Home  »  Learn  »  Hackers and Hoaxes  »  Countries Hacking

When Countries Attack...and Hack

 Share the knowledge!

Is the threat of malware real? The answer is definitely yes. Fortunately for most of us, the most serious malware attacks are going after large targets these days, such as government agencies and large international corporations.

For example, in late November 2014, Sony Corporation was the victim of a severe and successful hacking effort by a group calling itself The Guardians of Peace, according to the Wall Street Journal. They reported that the hackers "brought down the Hollywood studio's corporate email, and leaked five films and a slew of sensitive personnel data, including a spreadsheet allegedly containing salaries of some 6,000 employees and top executives."

Sony Corp. didn't immediately know how hackers had accessed its systems. The attack was disruptive and effective—almost like something you'd see in a Sony-released movie. It was a quick, deliberate and obvious example of hacking, but that's not always the case.

Country vs. country.

About the same time as the Sony attack, a report came out that said a sophisticated malware program had been discreetly spying on businesses and governments without detection since 2008—almost six years earlier.

The data break-in, or hack, was discovered by Symantec Corp., the maker of security software and systems. They described the attack as complex and very hard to detect. More significantly, the report said that the malware had come from a "nation state": in other words, a foreign enemy.

The malware was top-notch and able to do all of its computer surveillance under the radar. It was definitely an espionage computer tool designed for high-level spying. The malware had been quietly and systematically collecting sensitive government and business data for a while, going undetected for a very long time.

The malware, which has been named "Regin," is malware known as a backdoor Trojan. A Trojan, or Trojan horse, carries out actions when triggered to do so, stealing data and crashing systems. It got its name from the ancient story of the hollow wooden horse statue Greek soldiers hid in to enter and attack Troy. The malware gains access to the compromised computer, then sends commands. It can be loaded on the host computer in stages instead of all at once, which helps it to avoid detection.

Customized and well-planned attacks.

Sophisticated malware can be customized for a highly targeted attack. In the case of Sony Pictures, the malware was designed, among other things, to steal employee emails and raid Sony's stored digital movies, several of which were unreleased. Within days of the attack (which could prove very costly to Sony), experts had identified North Korea as the likely source of the attack, in retaliation for a soon-to-be-released Sony movie that North Korea objects to.

Lying in wait.

In the case of the Regin malware, Symantec estimates the initial infections occurred between 2008 and 2011. The malware seemed to disappear for a period, only to resurface in 2013. That's the year Symantec discovered Regin at work. Symantec reported that it likely took many months or years to complete the attack. Throughout the entire time, the malware creators were carefully monitoring and covering their digital tracks.

The report said, "Regin displays a degree of technical competence rarely seen and has been used in spying operations against governments, infrastructure operators, businesses, researchers, and private individuals...its capabilities and the level of resources behind Regin indicate that it is one of the main cyber-espionage tools used by a nation state."

Foreign attacks are a growing problem.

The United States wasn't the primary country attacked by Regin—Russia lead the list, followed closely by Saudi Arabia and more than a half dozen other countries.

Not that the U.S. isn't being targeted enough. Here are some recent incidents the U.S. has experienced:

  • The U.S. Investigation Services (USIS), which provides the majority of background checks for the government, was targeted in an attack, mostly likely initiated by a foreign entity.
  • In late 2014, a highly publicized report revealed that China and a few other countries were capable of a significant cyber attack on America's power grid.
  • In August 2014 the U.S. Nuclear Regulatory Commission announced that it had been hacked by a foreign group several times over the past three years.

In this modern technology age, the warfare of choice seems to be cyber attacks, and no country is safe from them.

Related Articles