Mercenary Hackers Offer Espionage-as-a-Service

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

Follow on:

The hackers’ high level of skills means there attacks will rarely discovered, according to IT security firm Taia Global

Although the Sony attack was loud, damaging and hugely embarrassing to the company, the bigger threat is from mercenary hacker crews who steal billions of dollars of valuable technology secrets every year from companies on behalf of paying clients according.

This was the stark warning today from Jeffrey Carr, president and CEO of cyber security firm Taia Global.

Speciality shops

“These mercenary hacker groups range from small groups with little funding to speciality shops run by ex-government spooks to highly financed criminal groups who use similar if not identical tactics to nation state actors,” said Carr, the author of a new report on the subject. “That they are rarely discovered is due in part to their skill level and in part to being mis-identified as a state actor instead of a non-state actor if they are discovered. The low risk of discovery, frequent mis-attribution to a nation state, and growing demand of their services ensures that the EaaS threat actor will flourish in the coming 12 to 24 months.”

fbi2The FBI filed a criminal complaint last summer and a federal grand jury subsequently indicted Su Bin, the President of Lode-Tech. Bin was charged with five counts of conspiracy on a cyber espionage campaign that was in operation from at least 2010 until 2014. The hacker crew that he hired wasn’t named and is presumed to still be active. Stolen technologies included information about the F-35, F-22, and C-17 aircraft, and according to the criminal complaint, the hackers claimed that they were in a position to breach the network of Brahmos Aerospace, a joint venture between the Indian government and a Russian joint stock company.

“This report reveals details on EaaS operations culled from court documents, published papers, and personal interviews that I’ve had with Russian and Chinese hackers,” said Carr. “It also helps companies understand how to defend against this new type of threat actor.”

Mercenary hacker groups are small, skillful, well-paid and have no nation-state affiliation. Instead, they are hackers for hire, whether it’s a Chinese millionaire like Su Bin, a Russian oligarch or a western business competitor of the company being targeted. The aerospace industry is among the hardest hit, but any company who is investing in high value research and development can be a target. Taia Global’s report “The TRIES Framework: Counter-Reconnaissance against EaaS Threat Actors” is available for download at TaiaGlobal.com.

Do you know everything there is to know about hackers? Take our quiz!