2 September 2020

What is a Nation-State Attack? Why you should be very afraid


A nation-state attack is a calculated cyber-attack either by a foreign government or professional hackers financed by one.

A nation-state attack usually focuses on another country’s government, military, or critical infrastructure. It wants to know what politicians, advisors and influencers are thinking and use that to influence policy or subvert elections. Or to obtain the key codes to start a meltdown or to control infrastructure.

It is all about knowledge is power. “Know thy enemy and know yourself; in a hundred battles, you will never be defeated” – Sun Tzu.



It is increasingly about exfiltrating data, trade secrets or information from health care, science, enterprises, finance and – well any sensitive database.

And believe it or not, individuals are now a substantial target – journalists, opinion leaders, and power brokers. Or even relatives and close friends of influential people.


GadgetGuy asked its US Correspondent and resident nation-state security expert Sam Bocetta to tell our readers what this is all about and why we should be concerned.
A nation-state attack is a new form of warfare – spying from the safety of your armchair

In the old days, foreign spies would infiltrate governments and other enterprises. They were sleepers reporting back what nuggets of information they could unearth.

Their tools were simple – phone hacks, break and enter, paid informants, seduction, and blackmail. Today, there are an estimated 10,000 Chinese spies in Washington DC alone and hundreds of thousands embedded in US business. But it is not just China. Although it seems to be the most prolific as it has relentlessly and successfully attacked Australia for over a decade.

Fast forward to the cold war where presidents and dictators of questionable sanity had nuclear footballs that could start global genocide. These arms races are now impractical as everyone has them. Weapons of mass destruction do too much physical damage to the country you want to conquer and occupy.

Certain world Governments seek an advantage by stealing trade secrets, control or plant information, sway public opinion (fake news), uncover military and defence secrets, and launch cyberattacks with hefty ransoms to increase their funding. Hell, North Korea’s petty cash economy lives off the latter.

The recent discovery that TikTok’s security flaw is also a gateway for hackers is a prime example of the possibilities of hidden mechanisms for nation-state attacks. No wonder US President Donald Trump recently announced a ban on WeChat and TikTok

But invariably the attack starts with something as simple as a click-through on a phishing email. Although increasingly access is from a compromised insider – someone that has been indoctrinated, radicalised, blackmailed or threatened. Resistance is futile if your family or loved ones are at risk.

An increasing number of nation-state attacks come via back doors opened by sympathisers
What exactly is a nation-state attack? 

A nation-state attack is usually an advanced, persistent threat that begins as a ‘zero-day attack’. The term ’zero-day attack’ uses a flaw found in software before the software’s developers know about it. These types of attacks are very sophisticated and difficult to track.

Aside from cyberattacks that steal or blackmail users for money, most nation-state attacks are covert. Many nation-state hackers install hidden malware in software. It allows them to quietly monitor information relayed between individuals and companies, potentially for years. 

For example, Chinese companies ZTE and Huawei and TCL/Alcatel allegedly acceded to the Communist Chinese Party (CCP) request to install spyware in their citizen’s phones to surveil and censor information. Hell, for that matter any Chinese made phone could potentially do this

The Australian, UK, many EU, and American governments have banned Huawei from installing 5G networks/infrastructure. The issue – these platforms could spy on their citizens or compromise national security. The UK found that significant coding errors and vulnerabilities in Huawei’s carrier software could be a hidden backdoor for nation-state attacks

As a by-product, Huawei has very few smartphone sales in the west because it cannot access Google Android anymore.
Nation-state attacks are far more prevalent than you could ever imagine.

In 2019 Google’s Threat Analysis Group (TAG) issued over 40,000 warnings of nation-state attack detections to its key clients. Microsoft found over 10,000 successful nation-state attacks of its enterprise client accounts. Facebook will not reveal numbers, but it suffers many thousands of attacks each day. In 2018 the intimate details of over 50 million users were exposed via a nation-state attack.

Most of these attacks originate from China, Russia, Iran, and North Korea with increasing sophistication from south-east Asia.There are huge nation-state attack farms in many countries. Some are military.

According to cybersecurity experts, last year over 25% of large companies had experienced a nation-state attack. 

Yep, it is real!
What are recent examples of nation-state attacks?

Cyber-attacks on individuals have increased during the COVID-10 pandemic. This is partially due to the increasing remote work by CEOs to clerks. There are information nuggets to be found on home PCs or smartphones.

Healthcare is another target. Overburdened by COVID right now, they are prime targets because they are treasure troves of sensitive information.

Recently, Russian hackers tried to steal vaccine research from global targets. Suspiciously, Russian President Putin announced soon after announced that his country had discovered the vaccine for COVID-19. The United States has also accused Chinese hackers of stealing information related to vaccine research. 

In June, Australian PM Scott Morrison held a press conference to discuss the increasing problem of nation-state attacks in Australia. He said most of these cyber-attacks were to be from a government with “significant capabilities”. He stopped short of mentioning just who that is.

In August, an Iranian nation-state attack hacked into the Application Delivery Controller (ADC) devices used by many Fortune 500 companies. Although software updates now block these attacks, it is still too early to determine what the outcome will be. 
How can a country/enterprise/individual protect against a nation-state attack?

The simple answer is you can’t as long as there is a network connection to something with an internet connection. The internet is ubiquitous, and a computer or smartphone cannot be totally secure.

The 5-eyes nations are laying highly secure dark fibre to connect sensitive computers globally. Australia is already moving secure infrastructure off the internet.

Secure means a physical air-gap from the poisoned internet. Data can only be loaded/exfiltrated via secure and checked devices. It is an amazing project that will take years. It is the only way to harden computing resources and prevent cyber attacks.

Although damn, hackers have learnt how to use power points and infrared to infiltrate air-gap computers.
How can a consumer protect against a nation-state attack?

Why would a nation-state want to spy on me? That is the million-dollar question.

The answer is that they believe you have something that could be valuable to it. Even if only in the remotest of potential situations. They potentially have 1.4 billion willing pairs of eyes to look over the shoulders of the US 329 million and Australia’s 25 million.

You may be a power station worker (or any other utility) and have key codes and operations data on your internet-connected phone or PC. Or a dissident journalist that does not ‘toe the party line’. You may be a person of interest that could help the nation-state if subverted to the cause. Hell, you may be the Presidents 55th cousin removed!
That is why US President Trump was so serious about banning Tik Tok, Zoom and WeChat. He did so to protect the average American.

Tik Tok may have far more nefarious intentions. The company is attempting to secure a digital banking license in Singapore, after unsuccessfully attempting to secure one in Hong Kong. Why does a Chinese owed, 15-second video clip app need a banking licence if not to control more of its user’s money?

In WeChat’s case, US stocks for Tencent (the Chinese owner) fell by US$66 billion in just two days. Why did the stock crumble? No US citizen wants to invest in a company that may spy on people

As a citizen, the least you can do is install a paid VPN on both your computer and phone. Remember that the great majority of free VPNs are Chinese-owned. These are obliged to do whatever the CCP orders them to do. 

Australians, in particular, are concerned with the level of Chinese influence and propaganda. It is rampant in the education, government, business, resources and agricultural sectors. The CCP has over 100 sister cities in Australia. It has cemented ties with many high-level politicians. It displays a concerning level of control over media coverage. 

Scott Morrison, Australia’s Prime Minister, is taking a stricter stand against Chinese infiltration. Foreign Minister Marise Payne now has oversight over nation-state agreements and has already found 135 that are suspect including
Victoria accepting Chinese Belt and Road money
Universities and schools accepting Chinese money to influence curriculum
Or to set up Confucius Institutes and provide free travel for influencers to visit China
Sister City agreements influencing local government
Politicians accepting Chinese money and largess
Critical infrastructure and resources owned by China (ports, airports, power, etc.)
Undue influence with our Asia-Pacific neighbours
GadgetGuy’s take: Don’t think a nation-state attack could not affect you

Editor (Ray): I know Sam quite well, and he is not a tin-hat extremist or conspiracy theorist. What Sam has written has opened our eyes.
Nation-state attacks are not going away
Most technically advanced countries engage in them
A successful nation-state attack is one that is covert and continues monitoring
They cover their tracks, so it is always difficult to know whether a foreign government is responsible
While they are after big fish, that definition is increasingly relevant to all levels of government and business

We practice “She’ll be right mate” so it is vital we remain vigilant. Once a foreign actor gains control of your device, it is already too late. Even if there is no evidence of an active spying campaign yet. 

As we have seen in the Cold War, sometimes just having the ability to do something seemingly insignificant is enough to secure world power.CyberSpy versus Cyberspy

In the tech arms race, we all have a role in keeping ourselves and our citizens safe from the prying eyes of foreign governments.

No comments: