Nation state hackers may be using personally identifiable data obtained from major breaches such as the recent attack on the Office of Personnel Management (OPM) to identify individuals vulnerable to follow-up attacks or even recruit them as spies, according to cyber security experts.
UK consultancy Context Information Security claimed that sophisticated big data analytics tools are already being used in the commercial sphere by firms like Facebook – reportedly even to the extent that they can identify users’ political views or emotional stability.
They might currently be employed in a similar way by nation states to trawl through large data sets like those from breaches including the OPM, US Postal Service and healthcare provider Anthem, lead consultant Tom Williams argued in a blog post.
He continued:
“Large data sets obtained in offensive cyber espionage operations could be interrogated by a foreign intelligence agency to improve the effectiveness of their operational targeting. Not just for follow on cyber-attacks but also to highlight individuals that may be susceptible to coercion, recruitment as human intelligence sources or identify those that would be vulnerable to other technical operations. The end goal of these operations would be the collection of intelligence along political, military and commercial lines. The possibilities are endless and when combined with data that is already in the public domain (like information on social media), it makes for a truly spectacular capability.”
China was accused of being behind the OPM breach and similar attacks, although it has of course denied this.
But the data culled from several such breaches has yet to turn up on darknet forums for sale, which is unusual for financially motivated cybercrime – leading more weight to the notion that a nation state was behind them, Williams argued.
Given the resources at the disposal of nation state attackers, preventing such breaches will be difficult, he told Infosecurity.
“These resources will stretch beyond just cyber operations. They are the most determined and persistent of attackers,” he added.
“In order to better protect against this type of advanced threat, organizations’ security programmes need to be holistic and joined up across the three main disciplines of security: physical, information and personnel. Good communication between these areas is key.”
The threat is being taken seriously by western governments, but a failure of basic security controls is making the job of the attackers too easy, Williams argued.
“More needs to be done to ensure that these types of controls are implemented more consistently across industry and government,” he said.
“There is some good work being done to raise awareness of the threat and provide organizations with the support they need in order to be more effective. But, more can always be done.”