DEF CON Rob Joyce, the former head of the NSA’s Tailored Access Operations hacking team, has spilled the beans on which nations are getting up to mischief online.
Joyce gave one of the first talks at the DEF CON hacking conference in Las Vegas and interest was intense - the lines to get in stretched around the hall. Joyce congratulated the crowd on their work in hacking systems to make them safer but warned tougher times were to come.
Nation state hacking is nothing new, but Joyce warned that the practice is increasingly being weaponized so as to cause maximum disruption. Everyone is going to have to be a lot more careful in the future to avoid chaos, he said.
According to Joyce there are four primary actors when it comes to states hacking states: Russia, China, Iran and North Korea. Notably missing from the list was the US, but let's face it, he wasn't going to go into detail about that.
Investigations into possible Russian hacking of the 2016 US election and the UK's Brexit vote are still ongoing but that wasn't the half of it, Joyce said. Russian hackers are constantly trying to penetrate key US networks, he claimed, adding that it is a constant struggle to keep them out as they are very persistent and motivated.
Disk-nuking malware takes out Saudi Arabian gear. Yeah, wipe that smirk off your face, IranREAD MORE
Hacking by China used to be more common, he said, but had a different focus. Middle Kingdom meddlers were more interested in harvesting American intellectual property to kickstart their own industries. This activity has dropped off recently, he said, but he predicted they may restart if Sino-US relationships worsen.
Iran, the third big player, has also slackened off its attacks on the US recently, said Joyce. However, it has also been setting up attacks in its home turf of the Middle East, particularly against Saudi Arabian targets.
The final player is North Korea, which remains very backward but has a high degree of hacking skill thanks to dedicated training programmes for talented youth. "Best Korea" is unusual in that its hackers actively try to steal money, something the cash-strapped state certainly needs.
Joyce also applauded the pioneering work by DEF CON in showing the glaring security flaws in voting machines. Election hacking is real, he said, and there are active campaigns to hack the US vote. ®