Well, I guess we can say Cloud Services are now a fact of life. I wrote a blog last week that talked about how hacking has evolved and we can now add another evolution to those that fall into the category of Hacker – Hacking As A Service!
Yesterday, a group called “The Shadow Brokers” took credit for the latest Ransomware attack which was the release of the Petya attack (and the WannaCry attack earlier this month). They were the ones that hacked into the NSA and released their hacking tools and are now making those tools available through the Dark Web. They are also no monetizing those tools. To quote the AP news story which talks to the results of the Petya attack, “Another global cyber attack is fitting end for first month of theshadowbrokers dump service,” the group said, referring to a subscription service which purportedly offers hackers early access to even more of the NSA’s digital break-in tools.”
So they have a subscription service to the tools. From what I’ve read over the last several weeks, they have also provided a service where they will attack a target on behalf of a client and take a percentage of what is made. So there is now a business model for hacking.
To recap, we started off with Script Kiddies and those hacking for fun. We then moved to Hacktivists that wanted to get out a political message. Then came the cybercriminals that were targeting specific companies in order to gain inside information or steal information for use in other attacks. Then came Nation States, though I would suspect that they came first but who’s to say.
Now we have Hacking As A Service.
The interesting thing is that the WannaCry attack was originating from a hacking group located in Northern China. And, according to reports, it sounds like North Korea hired that hacking group to initiate the attack. So Nation States are now taking up these services. So you are, in essence, seeing Hackers turning into mercenaries. How long until you see the Western Countries starting to do that?
I would suggest that this business model will evolve much as Cloud Services have evolved. You’ll probably start to see specialized hacking services being made available such as focusing on DDoS, Ransomware, Straight Hacking for information, and probably/eventually bank robbery.
Now, before you start saying that I’m reaching, I’m going to point you back in history (remember, those that don’t remember history are bound to repeat it). Back when the New World was first discovered, there was the Golden Era of Piracy going on. Numerous Nations (eg. England, France, Spain, etc.) made use of Pirates to disrupt their adversaries. This would allow the Nation States to gain advantages in regions ahead of other Nation States. By the end of the reign of the Stuart Kings of England (something like the early 1700s), Nation States started to move away from making use of Pirates.
Today, we have much smaller Nation States (eg. North Korea, Syria, etc.) and, from the focus of the Petya attack, maybe larger ones, starting to use Hacking as a Service (or maybe we should call it #CyberPiracy ). The really interesting thing is that there are starting to be treaties being signed between countries to discourage attacks on each other and those treaties are being included in Free Trade Agreements. All I have to do is point to the agreement between Canada and China that ensured that hacking wouldn’t occur between the two countries or anyone in their countries against companies in the other countries. That agreement was just signed this week between China and Canada.
No, hacking and Hackers are evolving and it’s now following a pattern from history. Hacking as a Service or CyberPiracy, a rose by any other name would still smell as rank…
Hope this helps …