Foreign governments that rely on the services of private criminal hackers leave their operations vulnerable to being exposed and disrupted, creating something of a “silver lining” for U.S. law enforcement investigations of cyberattacks, a top Justice Department official said Monday.
Criminal hackers hired by nations are more likely to travel and expose themselves to the risk of being arrested and prosecuted, and may be less savvy about evading detection than a sworn intelligence officer, Adam Hickey, a deputy assistant attorney general in the Justice Department’s national security division, said during a cybersecurity panel discussion at Georgetown University.
“That matters because apprehending them … can give us the human intelligence into state-sponsored hacking that can be very, very valuable and supplement the technical insight,” Hickey said.
The blended model of foreign government official and hired criminal hacker was illustrated in a punishing 2014 hack of Yahoo’s network that affected hundreds of thousands of user accounts. The Justice Department last month charged two officers of the Russian Federal Security Service, or FSB, and two criminal hackers in connection with the massive breach.
Similarly, a Chinese businessman with an expertise in aerospace engineering, Su Bin, was sentenced to prison last year for working with Chinese military officials in a hacking scheme aimed at stealing military technical data from U.S. defense contractors. Prosecutors said he directed the Chinese military hackers with whom he was working whom to target and which files to steal.