In 2018 the American president secretly authorized the CIA to engage in offensive Cyber War operations. This capability had long been sought and one reason why permission was finally granted was the increased defensive Cyber War capabilities Western companies had developed. This effort was market driven because the damage done via hacking Internet networks makes it more difficult to sell Internet based equipment and services.
One of the major developments of the last two decades has been the creation and growth of Internet security operations. Initially these were mainly firms that sold and supported their own Internet security software. Soon the major Internet companies got involved, again because it was good business. Hackers were seen as “agricultural pests” in the Internet based computing ecosystem. One after another Microsoft, Apple, IBM, Amazon and others got more involved in protecting their customers from hackers. These separate operations cooperated by sharing information, especially about hacking groups as well as the new tools and techniques hackers were using. The effectiveness of this cooperative effort enabled the CIA to make a case for offensive operations. There was now enough intelligence being obtained, which the U.S. government (the largest computer and network user in the world) had access to that the CIA could realistically plan and carry out offensive operations.
While details of offensive operations are usually kept secret, the same is not the case with many defensive operations. That’s because information about hacker techniques and tools is best exploited by letting users know how they are vulnerable and how to avoid it.
A recent example of this came from the IBM X-Force IRIS (Incident Response and Intelligence Services) security team. One of the many hacker groups X-Force was aware of, ITG18/APT35, had been hacked and 40 GB of hacker “how-to” videos were obtained. These videos were for upgrading the skills of ITG18 hackers via the use of Bandicam, a video recorder that created annotated videos of activities on a video screen. These vids showed how hackers used their tools and revealed new uses or more effective use of current techniques.
ITG18 is an Iranian group that is mostly in it for the money, but the Bandicam videos showed that the victims were often military or government personnel who might have access to information that could be sold to any country interested in that sort of thing.
X-Force gained much useful information from the Bandicam videos and passed on a lot of it to IBM customers and computer users in general. For example, the videos revealed some techniques that were not known while also revealing how effective some security techniques were. For example, banks and other Internet services have long urged their customers to use “second-factor authentication” when logging in. The second-factor is usually a four-digit security code sent to the users cell phone. Over the last year there had been several claims that second-factor schemes could be hacked, even though this took a lot of effort. The ITG18 videos revealed that hackers were advised to ignore accounts that used second-factor because it consumed so much time to hack and there were so many accounts available that did not use second-factor.