Former NSA top hacker names the filthy four of nation-state hacking

Carefully omits to mention the Land of the Free

DEF CON Rob Joyce, the former head of the NSA’s Tailored Access Operations hacking team, has spilled the beans on which nations are getting up to mischief online.

Joyce gave one of the first talks at the DEF CON hacking conference in Las Vegas and interest was intense - the lines to get in stretched around the hall. Joyce congratulated the crowd on their work in hacking systems to make them safer but warned tougher times were to come.

Nation state hacking is nothing new, but Joyce warned that the practice is increasingly being weaponized so as to cause maximum disruption. Everyone is going to have to be a lot more careful in the future to avoid chaos, he said.

According to Joyce there are four primary actors when it comes to states hacking states: Russia, China, Iran and North Korea. Notably missing from the list was the US, but let's face it, he wasn't going to go into detail about that.

Investigations into possible Russian hacking of the 2016 US election and the UK's Brexit vote are still ongoing but that wasn't the half of it, Joyce said. Russian hackers are constantly trying to penetrate key US networks, he claimed, adding that it is a constant struggle to keep them out as they are very persistent and motivated.


Disk-nuking malware takes out Saudi Arabian gear. Yeah, wipe that smirk off your face, Iran


Hacking by China used to be more common, he said, but had a different focus. Middle Kingdom meddlers were more interested in harvesting American intellectual property to kickstart their own industries. This activity has dropped off recently, he said, but he predicted they may restart if Sino-US relationships worsen.

Iran, the third big player, has also slackened off its attacks on the US recently, said Joyce. However, it has also been setting up attacks in its home turf of the Middle East, particularly against Saudi Arabian targets.

The final player is North Korea, which remains very backward but has a high degree of hacking skill thanks to dedicated training programmes for talented youth. "Best Korea" is unusual in that its hackers actively try to steal money, something the cash-strapped state certainly needs.

Joyce also applauded the pioneering work by DEF CON in showing the glaring security flaws in voting machines. Election hacking is real, he said, and there are active campaigns to hack the US vote. ®

Similar topics

Other stories you might like

  • AI tool finds hundreds of genes related to human motor neuron disease

    Breakthrough could lead to development of drugs to target illness

    A machine-learning algorithm has helped scientists find 690 human genes associated with a higher risk of developing motor neuron disease, according to research published in Cell this week.

    Neuronal cells in the central nervous system and brain break down and die in people with motor neuron disease, like amyotrophic lateral sclerosis (ALS) more commonly known as Lou Gehrig's disease, named after the baseball player who developed it. They lose control over their bodies, and as the disease progresses patients become completely paralyzed. There is currently no verified cure for ALS.

    Motor neuron disease typically affects people in old age and its causes are unknown. Johnathan Cooper-Knock, a clinical lecturer at the University of Sheffield in England and leader of Project MinE, an ambitious effort to perform whole genome sequencing of ALS, believes that understanding how genes affect cellular function could help scientists develop new drugs to treat the disease.

    Continue reading
  • Need to prioritize security bug patches? Don't forget to scan Twitter as well as use CVSS scores

    Exploit, vulnerability discussion online can offer useful signals

    Organizations looking to minimize exposure to exploitable software should scan Twitter for mentions of security bugs as well as use the Common Vulnerability Scoring System or CVSS, Kenna Security argues.

    Better still is prioritizing the repair of vulnerabilities for which exploit code is available, if that information is known.

    CVSS is a framework for rating the severity of software vulnerabilities (identified using CVE, or Common Vulnerability Enumeration, numbers), on a scale from 1 (least severe) to 10 (most severe). It's overseen by, a US-based, non-profit computer security organization.

    Continue reading
  • Sniff those Ukrainian emails a little more carefully, advises Uncle Sam in wake of Belarusian digital vandalism

    NotPetya started over there, don't forget

    US companies should be on the lookout for security nasties from Ukrainian partners following the digital graffiti and malware attack launched against Ukraine by Belarus, the CISA has warned.

    In a statement issued on Tuesday, the Cybersecurity and Infrastructure Security Agency said it "strongly urges leaders and network defenders to be on alert for malicious cyber activity," having issued a checklist [PDF] of recommended actions to take.

    "If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic," added CISA, which also advised reviewing backups and disaster recovery drills.

    Continue reading

Biting the hand that feeds IT © 1998–2022