In the cyber break-in stakes, the champion is Russia
RUSSIAN INTELLIGENCE has not had a great year. After the botched attempt to assassinate Sergei Skripal, an ex-spy living in Britain, scores of its officers were booted out of Western embassies. Hundreds more were exposed by sloppy tradecraft, such as the use of sequentially numbered passports. Yet there is at least some cheer for Russia’s cyber-spies: they have topped a rogue’s table of hacking prowess.
CrowdStrike, an American cyber-security company, published its annual report last month. For the first time, this included a ranking of the West’s cyber-foes. It did so by looking not at the sophistication of their tools (which can be bought from others) but instead at “breakout time”.
Get our daily newsletterUpgrade your inbox and get our Daily Dispatch and Editor’s Picks.
Breakout time measures how long it takes hackers to go from getting into a machine (say, an employee’s stolen laptop) to moving into more valuable parts of the network which that machine is part of (such as servers containing secrets). This typically involves looking around to find more vulnerabilities or swiping credentials that allow the intruder to masquerade as a network administrator, a process known as “privilege escalation”.
In its previous report, covering 2017, CrowdStrike had found the average breakout time to be just under two hours. In 2018 that had more than doubled—to over four-and-a-half. Apparently, then, a victory for the defenders. But this average concealed a lot of variation.
Russian spies, in particular, were blisteringly fast at breaking out into their enemies’ networks, taking an average of just 18 minutes to do so. That made them seven times faster than those of their nearest rival, North Korea, whose agents took a little over two hours. Chinese intelligence was way behind in third place, taking a leisurely four hours to gain access to the vaults—though the Chinese made up what they lacked in speed with sheer volume. (China has conducted over 100 “significant” cyber-attacks since 2006—more than anyone else—according to data compiled by the Centre for Strategic and International Studies, CSIS, an American think-tank.) Iranian hackers were positively languorous, requiring five hours. Criminal groups needed almost ten.
However, experts and officials caution that faster breakout times do not always reflect sharper skills. For one thing, defensive technology has been getting better in recent years. Hasty lateral movement can trip defensive systems such as “canaries”. These are traps for the unwary—for example, special passwords left cunningly lying around which sound the alarm if used.
Spy agencies also have their own personalities. Russia’s speed may reflect insouciance as much as virtuosity. Russian spy agencies compete furiously with each other and often do not care whether they get caught. James Lewis, a bigwig at the CSIS, also observes that different states go after different targets, which will affect their breakout times. North Korea, in particular, has preferred low-hanging fruit like Bangladesh’s central bank to heavily fortified military networks. “Muggers are quick when they mug grandmothers,” notes Mr Lewis.