The Cyber Cold War: the Newest Front in Political & Corporate Espionage

The 1980s might seem like a distant memory, now the fodder for spy thriller movies and espionage TV shows like The Americans, but let’s not kid ourselves: the days of spies looking to get their hands on state and trade secrets are still alive and well today. Except, now they’re digital.

Espionage techniques have evolved quite a bit beyond the old methods of bugging rooms or tapping phone lines; today’s Watergate wouldn’t come from breaking into a hotel room, it would come from cracking an email server or a corporate network. Already, we’re seeing these threats escalate in the political world, from the DNC email hack, to a spear-phishing campaign targeting U.S. officials, to last year’s surge of sophisticated cyber-attacks against the State Department. This is just the tip of the iceberg. 

Political Espionage on Both Sides of the Aisle
Cyber-attacks have made it increasingly possible for foreign parties – whether Russian, Chinese or independent hackers – to put their thumb on the U.S. electoral scales. When you consider how much attention the leaked DNC emails, allegedly at the hands of Russian government-backed hackers, received, it is all too easy to imagine politically-driven cyber espionage attacks only getting worse between now and the November presidential election.

Just imagine how valuable it would be for another nation to get their hands on a soon-to-be-President’s foreign policy details before they came into power. Or, as in the case of the DNC, to expose sensitive materials and communications of one political party to try and prop up the opposing party’s candidate, effectively influencing the outcome of the election.

It’s a problem across both sides of the aisle. During the Republican National Convention in Cleveland last month, Avast Software research engineers set up fake Wi-Fi hotspots around Quicken Loans Arena (the site of the convention) and Hopkins International Airport. Nearly 70% of people in the area trusted these Wi-Fi networks without a second thought to their own security, consequently exposing their names and email addresses.

Luckily, this was a benign case, but not every fake public Wi-Fi network is a social experiment. If this many people in the political realm are so willingly entrusting their personal information to unsecure networks or email servers, who knows how often or on how many other networks they may be acting just as recklessly. These are vulnerabilities that political enemies would be all too keen to take advantage of, and likely already do.

Cyber Sabotage in Corporate America
Cyber espionage isn’t exclusive to the halls of Washington, D.C., either. Corporate espionage is an age-old practice going back decades. Just look at the auto industry over the years. A cursory glance of the similarities between certain car models and manufacturers reveal just how far and how deep corporate espionage goes.

Technology has accelerated this problem even further for the unprepared.

For one, spear-phishing and malicious insiders present significant security threats to any organization, from both outside and inside the company’s network. With the former comprising an estimated 91% of all cyber-attacks, and the latter posing a security risk that nearly half of all organizations say they’re ill-prepared to defend against, these cyber-attack methods pose continued and greater threats to corporate security. 

However, spear-phishing and malicious insiders, while uniquely destructive, don’t afflict only the corporate world; any agency or workplace can have a malicious insider among its ranks, and anybody with an email address can fall susceptible to phishing. Beyond just these threats, the corporate world is also vulnerable to other, more unconventional, but no less dangerous, espionage and sabotage techniques that can strike at the heart of any boardroom. 

On-site spies, moles and double agents can undermine corporate security from within. Fake documentaries are another egregious, yet effective, new method of corporate espionage, wherein CEOs are fooled by fake production companies into being given complete access to a corporation’s offices and production lines for the sake of making a documentary about that organization. Flash forward several months, and the documentary is still nowhere to be seen. It may not even occur to most executives that the camera crew they had touring their company in the first place was a fraudulent one, who were actually there to canvas your offices for sensitive information, corporate secrets and other useful keys into your otherwise secure databases.

When the Red Scare Went Digital
In the old days of the Red Scare and McCarthyism, political and corporate anxieties swirled around the ever-present, always-accused threat of communists and foreign spies living right under our noses, stealing our information to sabotage our country (or organization) and to benefit theirs. In the 21st century, that anxiety is as pervasive as ever; it has just taken on a more digital shape.

From spear-phishing and malicious insiders to corporate spies and boardroom bugs, today’s political institutions and companies have to be more vigilant than ever in mounting strong cybersecurity defenses. In an age when foreign hackers are breaching email servers to influence presidential elections or fake film crews are using documentaries as a cover for stealing private corporate information, an ambivalence or negligence toward data and cybersecurity can no longer be acceptable. The consequences are simply too great, and the ripple effects too far-reaching, to ignore or underestimate these threats any longer.

What’s Hot on Infosecurity Magazine?