In Russia, hacking is a government gig.
Kremlin-affiliated hackers launched a crippling cyberattack against Estonia. Hackers routinely flood the comment sections of news sites that criticize the government and spread lies to discredit the journalists who write them. When opposition parties plan rallies, hackers spread misinformation, confusing supporters with false dates and meeting places. Similar shenanigans take place in China, where PRC-linked hackers tried to infiltrate Google in retaliation for the search engine’s criticism of government censorship.
These Russian and Chinese hackers are little more than digital thugs- bullying, threatening, silencing and discrediting anyone who is deemed an enemy of the State, or of State-affiliated businesses and institutions. They are never directly on the government payroll and are kept at an arm’s length distance for the sake of plausible deniability. They are compensated by intermediaries of intermediaries through tangled systems of kickbacks and payoffs.
As goonish as the whole practice may seem, through a certain lens it must be appreciated as a clever new kind of censorship. In Egypt or Iran, governments simply tried to shut off the Internet when faced with dissent. Such ham-fisted acts merely strengthened the resolve of revolutionaries while attracting international rebuke. Much subtler then to have your agents use a cocktail of digital dirty-tricks to muddy the waters and murder reputations.
You may think such a thing could never happen in the U.S., and you may be right. But it almost did.
If you haven’t yet heard of the HBGary scandal (and if you like spy novels), you should check out these fantastic reports by Nate Anderson of Ars Technica. This is a complicated story and it’s still unfolding as thousands of hacked emails are scrutinized, but the basics suggest that a private cybersecurity firm called HBGary Federal proposed to the U.S. Chamber of Commerce and to Bank of America a dirty-tricks campaign, in order to thwart their enemies (labour unions, non-profits, and Wikileaks, who are expected to soon release incriminating information about the Bank of America). The proposed tactics include:
- Misinformation campaigns
- Phishing emails
- Fake social network accounts
- “Disrupting” journalists who are sympathetic to Wikileaks
- Intimidating financial donors who support Wikileaks
Ironically, these hacking schemes were exposed by hackers. HBGary’s website was attacked after its CEO picked a public fight with the Internet entity Anonymous. Anonymous discovered major insecurities in the security firm’s website, and was able to steal and leak and thousands of HBGary emails, which expose the details recounted above. The U.S. Department of Justice is tangentially involved, as they recommended to the Chamber of Commerce the law firm that in turn hired HBGary. It’s highly unlikely that the DoJ had any direct knowledge of HBGary’s plans. It’s also important to note that there is no evidence that the Chamber of Commerce or Bank of America signed-off on HBGary’s proposals.
But then, I doubt that Vladimir Putin signed-off on the cyberattack against Estonia. The point of pro-government hackers is that they get results for their masters without implicating them.
If HBGary’s foolish CEO hadn’t picked a fight with Anonymous, who knows how far he might have gone?