Rebecca Zisser / Axios
Cyber attacks have started causing disruption and confusion in day to day activities across the world, from the WannaCry attack this May, which hit hospitals and swept through hundreds of countries, to the 2015 hack that shut down Ukraine's power grid.
So what countries should we be most wary of in the cyber realm, and what kinds of attacks does each of these top hacking countries tend to launch?
U.S. — the superpower hacker
- Stacking it up: Capabilities "surpass anything known in terms of complexity and sophistication of techniques," the WSJ writes. Goals appear to include surveillance or destruction to tip the scales towards U.S. interests.
- One hack to know: Stuxnet, a computer worm that the U.S. allegedly jointly launched with Israel in 2010 to derail an Iranian nuclear facility. Read more via the NYT.
- Cyber capabilities in the government: The WannaCry attack that spread to hundreds of countries this May actually originated from a leak or theft via the U.S. National Security Agency (to be clear, the NSA didn't perpetrate the attack). The leader of NSA, Adm. Michael Rogers, is also the leader of the Pentagon's cyber ops arm, Cyber Command, which last December was made into it's its own cyber fighting unit. Rogers has told lawmakers he wants to build out "offensive cyber capabilities."
U.K. — the watchful hacker
- Stacking it up: The U.K. is known as host to "one of the world's pre-eminent eavesdropping agencies," known as GCHQ Reuters writes.
- One hack to know: British spies allegedly hacked into the world's largest sim card manufacturer, Gemalto, along with American NSA spies in 2012 to monitor voice calls and data-use for billions of cell phones around the world.
- Cyber capabilities in the government: The British government has acknowledged British spies are developing cyber offensive capabilities in GCHQ and the Ministry of Defence as part of the National Offensive Cyber Programme. Read more on that via Wired.
Russia — the political hacker
- Stacking it up: Russia appears to hack for political reasons; to help or harm political candidates, to prop up Russian interests, or to more generally sow doubt around the world in democratic governance. These objectives were seen in the 2016 DNC hack, and the use of bots to spread fake news.
- Another hack to know: An unprecedented 2015 attack linked to Russia shut down electricity for about a quarter-million Ukrainians. Experts are saying Russia may be using Ukraine as a testing ground for other, devastating attacks yet to come.
- Cyber capabilities in the government: The Russian government has acknowledged it has "information troops" that use cyber means to spread propaganda.
China — the economic hacker
- Stacking it up: China is known for its industrial espionage efforts, and has allegedly been stealing intellectual property for years.
- Two hacks to know: 1. The Chinese military allegedly stole F-35 fighter jet plans from the U.S., which some say allowed Beijing to create the J-31 fighter jet. China denies this. 2. The hack into the U.S. Office of Personnel Management, which has been blamed on China, saw the records of up to 21.5 million U.S. government employees and consultants dating back 50 years stolen.
- Cyber capabilities in the government: Beijing has admitted it has explicit units in its government dedicated to "cybercrime", per The Daily Beast. The government also has "specialized military network warfare forces" to handle both attacks and defense. In 2014 a federal grand jury indicted five people from PLA Unit 61398, China's allegedly 100,000-strong military cyber espionage division, for stealing trade secrets from U.S. companies.
The Israel-Iran match — the geopolitical hacking matchup
- Stacking it up: Israel is "among world's most advanced" cyberspying agencies, per the WSJ. Iran is most well known for attacks it allegedly launches in response to perceived geopolitical threats. Read more via the Chicago Tribune.
- Top hacks to know: Israel allegedly launched the 2010 Stuxnet hack along with the U.S. to derail an Iranian nuclear facility (read above). Just last year, the U.S. Department of Justice indicted hackers with links to the Iranian government for attacking U.S. banks and a dam in New York.
- Cyber capabilities in the government: Unit 8200 of the Israeli Defense Forces is often equated to the NSA, with objectives including signals intelligence, offensive cyber strategy, cybersecurity, and encryption, per the Miami Herald and which has thousands of personnel, per Forbes estimates. In 2015 the government announced a new defensive cyber unit to work alongside the government's National Cyber Bureau. Iran's Cyber Defense Command has a defensive mission, per The Institute for National Security Studies (INSS) , which assesses that Iran's Revolutionary Guard plays an offensive role.
North Korea — the bank heist hacker
- Stacking it up: North Korea is known for conducting financial cyber espionage and is estimated to make 10-15% of its foreign exchange earnings from cyber efforts, per the Peterson Institute of International Economics. A defector from North Korea's suspected hacking branch of the government said the unit is intended to act as a demonstration of North Korean capacity.
- One hack to know: The WannaCry ransomware attack that stemmed from the NSA cyber arsenal is suspected to have been launched via Lazarus Group, an APT group suspected of having links with North Korea. That group was suspected of launching an attack on Sony before the release of "The Interview," which showed Kim Jong-un being assassinated. The group also allegedly tried to pull off a bank heist via the central bank of Bangladesh.
- Cyber capabilities in the government: North Korea has about 6,000 in its alleged government hacking group, Bureau 121, which is believed to operate out of China, per the BBC, and 10-20% of North Korea's military budget is estimated to funnel to online operations.
Non-state actors and unattributed hacks:
Two closing notes:
- It can be difficult to see a clear line between where a state begins and where a state ends when it comes to cyber hacks, since sometimes hackers will do the bidding of governments while leaving s room for plausible deniability.
- Little is known publicly about the majority of countries' cyber capabilities save for their suspected hacks that have actually been launched — that's because those capabilities are typically top secret. Once a cyber tool is let loose, the perpetrator loses its strategic advantage because those targeted by it can then uncover the code.