Print Friendly, PDF & Email

December’s hack of the Office of Personnel Management’s (OPM) personnel files reportedly also reached other branches of the American government, affecting up to 4 million former and current US government employees. The information stolen by the hackers included Social Security numbers, job assignments, performance ratings and training information. Of course, this also includes current and former employees of intelligence organizations, as it was recently revealed that the hackers managed to access Pentagon employees’ personal and security information. A foreign actor could use the information taken from the OPM hack to identify spies or other sensitive personnel active in foreign nations, blackmail US government employees, or use email phishing from personal accounts to gain access to US government computers.

A Chinese government organization, such as their Ministry of State Security (MSS), is generally deemed as the most likely culprit, but it is safe to assume that North Korea’s Bureau 121, Russia’s FSB signals intelligence bureau, or Iran’s Cyber Defense Command could have either been a contributor to the effort or the main perpetrator of the data theft. Countries such as China, Russia, North Korea, and Iran have a fundamentally different view on the employment of cyberwarfare than the United States.

China has long been suspected to have a dedicated cyberwarfare division, but the existence of such an organization was only officially confirmed in May 2011. The “online blue army” is based in the Guangzhou military region and has access to a $1.54 million dollar yearly budget. Although ostensibly for defensive purposes (and for keeping tabs on Chinese citizens online), China has repeatedly been accused of employing cyberwarfare and espionage against other countries. The Chinese government also makes use of semi-official civilian hackers & proxies that allows the Chinese government to deny knowledge of their own actions to foreign governments searching for the origin of cyberwarfare attacks. China has also been implicated in the 2010 theft of intellectual property from Google’s  (and many other software developers) network systems, as well as a Senate Armed Services Committee probe that found that Chinese hackers had subverted the computer systems of several US airlines, technology companies, and several contractors for the US military involved in the transportation of troops and equipment overseas. It is quite likely that the Chinese are banking on cyberwarfare as a possible counterweight to US conventional military superiority. Should a conflict arise in Taiwan or the South China Sea, the Chinese could be relying on cyber attacks to disable the US’ SIGINT network and prevent the United States from aiding allies in the region.

Russia has their own cyber warfare program as well. Soviet-style media manipulation is alive and well, and especially on the internet, where the Russian government employs “professional trolls” to spread disinformation in the Kremlin’s favor. During the 2008 Russo-Georgian War, Russian hackers conducted a major DDoS attack on Georgian government websites, paralleling a similar attack on Estonian government websites the previous year. In Ukraine, Russia has employed a more sophisticated program referred to as “Ouroboros” to subvert Ukrainian government computer systems. It is also likely that Russian agents have an interest in collecting information to use as blackmail material or to foil US covert operations directed against Russia.

North Korea’s cyber warfare agency, Bureau 121, is part of the General Bureau of Reconnaissance, North Korea’s intelligence agency. Bureau 121 is said to comprise of the country’s elite computer experts, recruited at age 17 and trained at the University of Automation, North Korea’s military run school for computer science. Consisting of around 1,800 specialists, Bureau 121 is considered to be an elite unit of North Korea’s intelligence bureau. Despite North Korea’s perceived weaknesses, Bureau 121 is suspected to be the culprits behind the infamous hacking of Sony back in December. North Korean hackers also managed to attack South Korean banks and broadcasting companies, as well as deface South Korean government websites, using simple malware dubbed “DarkSeoul.” The DarkSeoul attack was noted to be very similar to the cyber attack carried out by the “Guardians of Peace” on Sony Pictures.

The Iranians also have a notable cyber warfare agency, dubbed the Cyber Defense Command. However, the bulk of Iran’s offensive cyber capabilities are relegated to the “Iranian Cyber Army,” an unofficial group of hackers who have pledged loyalty to Iran’s Supreme Leader. Allegedly created by the Revolutionary Guard Corps in 2005, the Iranian Cyber Army has been able to hack into Twitter and Baidu in the past. Members are recruited from Iranian hackers, offered employment in the Cyber Army instead of imprisonment. The Iranian Cyber Army is allegedly overseen by many of the same officers who run the IRGC’s cyber defense division. It is notable that the ICA became more effective and public on the internet in the wake of the Stuxnet attack on Iran’s network infrastructure, indicating that the Iranians may have learned from the cyber attack. Some analysts believe that the attacks on Twitter and Baidu were trial runs for the ICA, who wish to launch a “Stuxnet” style attack on the United States and Israel. USAF General William Shelton, head of the Air Force’s Space Command and overseer of the USAF’s cyber operations, has stated that Iran is potentially a serious threat on the cyber warfare front. Hacking the OPM personnel files won’t help Iran much with that endeavor, but the OPM personnel files would no doubt be useful to Iran for counter intelligence reasons.

Most troubling is the very likely possibility that no matter which nation managed to carry out the hack, any one of them could sell or otherwise share the information with other hostile states, making an already bad situation worse. If so, any of these four nations could possibly collaborate on cyber warfare programs and share expertise on hacking and virus creation.

Please Share: