How hacktivist groups pose a global cybersecurity threat

Andrea Little Limbago, chief social scientist at Endgame, discusses hacktivist groups, cybersecurity trends, and how we can prepare for cyberattacks with CNET's Dan Patterson.

How hacktivist groups pose a global cybersecurity threat

CNET's Dan Patterson interviewed Andrea Little Limbago, chief social scientist at Endgame, about emerging cybersecurity trends and how we can prepare for cyberattacks. The following is an edited transcript of the interview.

Campaign 2018: Election Hacking is a weekly series from TechRepublic sibling sites, CBS News & CNET, about the cyber-threats and vulnerabilities of the 2018 midterm election.

Dan Patterson: Dr. Andrea Little Limbago, thanks for joining us today. Help us understand the global threat in environment. Who are the actors, the players, not just the nation states, but everyone in between?

Andrea Little Limbago: That's an important question. Normally, we think about Russia, as we rightly should, but the broader spectrum of actors that are getting involved. Not just the nation states that are going against each other's elections, but also think about, within nation states themselves, there are different groups of hacktivist groups within a broad range of different countries you can think about how a criminal group might become involved in pay for play kind of attack. So that case actually happened within Latin America where there was a person who was basically gathering up a criminal ring to interfere across over half a dozen Latin American countries.

When we think about hacktivist groups, we think about, there was a case in the Philippines just a couple years ago, where a hacktivist first attacked an election commission website. From there, vandalized the website, but then released 50 million voter registration data, including bio metrics.

These are the kind of sub state level actors that are getting involved. Then there are also, even think about multinational corporations, some of them out there like Cambridge Analytica, which we hear a lot about in relation to our 2016 election, but also it's been involved in the Kenyan election and some other elections for broad range of interference that goes beyond your traditional marketing.

SEE: IT leader's guide to cyberattack recovery (Tech Pro Research)

Dan Patterson: Which nation states are most involved with cyber and with offensive cyber?

Andrea Little Limbago: Oh, interesting. There are a handful, I think we hear our intelligence and DOD officials talk a high level of the four that are a threat to the United States from Iran, North Korea, China, and Russia. But obviously, from the democracies, you have the United Kingdom, the United States, Israel among the top players. What's interesting that we're starting to see even a greater diffusion of the capabilities. We have countries like Vietnam, now, that has an APT, an advanced persistent threat group, associated with them. Lebanon had a state affiliated group that had a global campaign attacking android. We're seeing the smaller countries, also, starting to have access to these nation state capabilities, and also are starting to have the offensive capabilities.

SEE: Cybersecurity and the 2018 Midterms (TechRepublic Flipboard magazine)

Dan Patterson: How does cyber play into diplomacy and the interrelation between governments?

Andrea Little Limbago: It comes in a couple different ways. I think a lot of people are aware of the United States/Chinese agreement that happened in 2015. That was a diplomatic effort to try and stop China, specifically, from doing commercial theft through cyber enabled means.

Since then, we've seen that they really didn't stop their activity in that area. When it comes to elections, we've seen recently Nikki Haley, who's been talking and advising Congo for their upcoming elections in December, against the voting machines that they're using. They're moving into a more electronic. She's advocating more for a paper audit trail. Which again, is interesting, because several states within the United States don't have that paper audit trail. So we see diplomacy ranging from the different kinds of agreements from creating redlines for what's not appropriate, to also advising for different kinds of critical infrastructure requirements.

SEE: IT leader's guide to big data security (Tech Pro Research)

Dan Patterson: When we look at that spectrum of nation state actors, I'm glad you mentioned China and the theft of intellectual property. What do each of these major cyber capable nations want? What are their goals?

Andrea Little Limbago: When you think about the attacks themselves, you have to step back and think about what their objectives may be. Even within these states, they're not homogeneous entities, so different kinds of attacks may have different kinds of motives. If you think about China, who has recently been affiliated with various kinds of attacks on both Taiwan and Cambodia, and election interference, for some of those... for Taiwan it was more cyber vandalism and website interference, then pushing fort some Chinese propaganda as part of the vandalism. Cambodia it was more so data theft of data registration roles.

So from there, it seems like motive for that might be espionage. That's just China for some of the election interference. Then the motives can range quite a bit. Iran has been linked to global campaigns against financial institutions, so that clearly was for financially motivations. North Korea, same thing, but then you get, also, the signs of your Russia, China, Iran within the US critical infrastructure, where the energy components. For that, I would say is more so, your reconnaissance and prepping of the battlefield, if various kinds of conflict and instability were to occur between the nations.

Also see