Rise of Cyber Kremlinology

All credits goes to @marasawr for the invention of the “Cyber Kremlinology” term

China

Over the past few years, we have seen more and more assertive attributions based on different trends — China used to be one of the big one, they also allegedly hacked the New York Times in 2013 which led to a U.S. state visit last year in China where Obama told the President Xi Jinping his administration views Chinese attempts to steal American trade secrets “an act of aggression” that will strain the relationship between the two superpowers.

And guess what, as diplomatic relationship between the U.S. and China improve, the number of attacks also significantly decreased. A FireEye report from June states that Chinese hacks plummeted of 90% over the past two years.

“The activity stopped after the handshake,” said Mr DeWalt, referring to the presidential agreement. “It’s been dramatic.”

This makes you wonder if information security professionals should not just pursue a diplomatic career if they genuinely care about decreasing attacks by foreign nation states.

Russia — aka the “Cyber Cold War”

In between, we saw some significant attack from allegedly North Korea with Sony, and from the Romanian hacker Guccifer 1.0 who was known to have targeted significant government officials.

But as the tension between the U.S. and Russia increased mainly due to the situation in Syria — especially now that Putin wants to maximize his control over Syria before America’s next president takes office.

Which is basically were most of the divergence of opinions happens:

• On one side, the U.S. claims to want to bring democracy and fight terrorism.
• And the other will claim that each U.S. attempt to bring democracy failed, ended up in leaving countries destabilized and in critical conditions.

Since Guccifer 2.0 was qualified as a Russian as a “likely Russian government attempt” we started to see a series of alleged attribution to the Russian government in order to interfere in the U.S. election.

The fact that Russia is highly suspected of being behind the recent Shadow Brokers hack of the most powerful intelligence agency in the World, the NSA, will definitely have strong consequences on the negotiation of the situation of Syria — which is at the moment disastrous.

And over the past few days, we saw another attribution to Russia — with again, no actual technical proof of it — regarding the hack of the New York Times… well, it initially started as “RUSSIA HACKED NEW YORK TIMES” but unlike China in 2013, this quickly became:

This version sounded closer to “New York Times reporters received phishing emails” — not quite the same thing.

It sounds like the “cyber-war” is getting Russian fever, and the lack of technological evidences and the increase list of unnamed sources is becoming confusing.

Bottom line is, who is actually gaining/losing from destabilizing the Middle East/Arab World given the fact its understanding goes far beyond some python scripts for some Firewalls softwares using outdated compilers ?