- Samantha Lee/Business Insider
- This map shows the biggest cybersecurity threats to the US, as laid out by a senior FBI agent.
- Aristedes Mahairas, who runs the New York FBI’s cyber division, told Business Insider that cyber attacks have grown significantly and are a “cheap and deniable means to a worrisome end.”
- He talked through the different threats from Russia, China, Iran, and North Korea, including Kremlin interference in the 2016 US presidential election.
- Mahairas said diplomacy does not deter cyber criminals: “What they’re looking for is information, access, and advantage.”
An FBI agent has mapped out the nation states that pose the biggest cyber threat to the US.
Business Insider spoke to Aristedes Mahairas, a special agent in charge of the New York FBI’s Special Operations/Cyber Division, about the cybersecurity landscape in America.
He said the US is always alive to threats from cyber criminals, cyber terrorists, and renegade hacktivists, but nation states are at the “very top” of the threat list.
Mahairas said there has been a “significant increase in state-sponsored computer intrusions” over the past 12 years as it has become a potent way of unsettling an adversary alongside traditional espionage.
“Cyber operations can be a relatively cheap and deniable means to a worrisome end,” he said, talking to Business Insider at the Digital Business World Congress in Madrid, Spain.
Mahairas marked out the four countries most capable of launching a crippling attack on America. They are captured in the map above and comprise Russia, China, Iran, and North Korea.
Here’s a breakdown of the four nations, and the different threats they pose to the US:
“Russia remains the most sophisticated and technically capable. They are really good at hiding the digital breadcrumbs that lead back to them,” Mahairas said.
The FBI agent pointed to the Yahoo hack, which compromised 1 billion accounts in the biggest data breach in history. Canadian hacker Karim Baratov, who worked with Russia, was given a five-year prison sentence for the attack just last week.
Mahairas also highlighted a different kind of cyber attack: Influence operations. This resulted in Russia interfering in the 2016 US presidential election, and the indictment in February of 13 Russians affiliated with St Petersberg troll farm the Internet Research Agency.
“Cyber is a vector and some of the nation states have realised that this vector can be used as a capability to weaponise the information that has been stolen as a result of hacks,” Mahairas said.
“The goal is to erode the population’s confidence, not only in its institutions, its values, its leaders, and most importantly in its ability to find the truth. The objective is to undermine the target by magnifying any number of existing issues that currently divide people in order to create discord and aggravate tensions.”
“These influence operations are not new, but there is an observed increase in their scalability due to… modern social media.”
The FBI agent added that the best way to flush out influence operations is through transparency on platforms like Facebook. “We have to make the targeted audience less vulnerable by educating them about the threat and providing context to allow critical judgement,” he said.
- Samuel King Jr./US Air Force
Up until recently, China launched extremely noisy cyber attacks. “China used to be loud in and around your network, almost like the drunk burglar who’s banging on your door and breaking windows to get in,” Mahairas said.
But after the US charged five Chinese military officials for computer hacking and economic espionage in 2014, the country has switched up its tactics. “Today, they operate in a more patient and methodical manner, akin to death by a thousand cuts,” Mahairas continued.
A notable attack the former counterterrorism agent pointed to was the one on Lockheed Martin, when Chinese military officers stole US state secrets on fighter planes, including the F-35 jet.
In a series of attacks codenamed “Byzantine Hades”, they carried out the attack and the economic impact was estimated to be around $100 million (£75 million). It was a “very significant matter,” according to Mahairas.
- Helen Sloan/HBO
Mahairas said there has been a “noticeable uptick in activity” from Iranian hackers in recent years, as they become more sophisticated and targeted in their attacks on the US.
This was evidenced last year when Iranian hacker Behzad Mesri attacked American broadcaster HBO. He was accused of breaking into the firm’s network, leaking “Game of Thrones” scripts, and demanding $6 million worth of bitcoin in ransom.
Mahairas’ FBI division led the investigation into Mesri and an indictment was unsealed against the hacker in November last year. He is now on America’s most wanted list and risks being arrested if he leaves Iran.
Although Mesri appeared to be acting alone, Mahairas said the FBI is increasingly concerned about the “blended threat” from some countries. This is when they work with criminal contract hackers to “do their dirty work.”
North Korea remains a significant cyber threat to the US, despite a thawing in diplomatic relations in recent months. Mahairas said the health of diplomacy between two common enemies has very little to do with how nation states conduct cyber activity.
“Diplomacy isn’t going to impact their ability or desire to continue in this activity,” the FBI agent explained. “What they’re looking for is information, access, and advantage. Whether it’s in the cyber universe or not, those are the objectives.”
US President Donald Trump’s administration publicly blamed North Korea for unleashing the massive WannaCry cyber attack last year, which crippled many organisations globally, not least Britain’s health service.
Ultimately, Mahairas said cybercriminals are not fussy about their targets: “These nation state actors, they’re not targeting just the US. Anyone is fair game. What they do is generally the same, I don’t think any one nation state brings more specific threat.”