state-sponsored hackingIf you’ve been paying attention to the news lately, you’ve probably heard plenty about sanctions taken against Russia by the Obama administration in response to what is being called, “significant malicious cyber-enabled activities.” The White House has said that state-sponsored hacking by Russia during the election, in which private documents and emails taken from the Democratic National Committee’s servers were released to the public, was intended to influence the results, as well as sow doubt and erode people’s faith when it comes to the electoral process and U.S. government institutions. This isn’t the first time in recent years that state-sponsored hacking has been in the news; China was implicated in the Office of Personnel Management breach last year, and who can forget the attacks on Sony by North Korean hackers? Although the political issues presented with regard to this particular hack have made it quite a divisive issue for many, the bottom line is that state-sponsored hacking is not a new phenomenon and it seems to be thrust into the public eye more frequently these days. Here’s what you, the average citizen, should know about this type of cybercrime and why you should care.

What is state-sponsored hacking?

In the simplest terms, state-sponsored hacking is cybercrime that is committed with the authorization of a country’s government against a government or entity from another country. It isn’t a new concept — one of the first noted attacks was the use of malware in 2010 to damage Iranian machines allegedly being used to create nuclear weapons. The New York Times revealed two years later that the U.S. and Israel were behind this action. Many of the top powers of the world engage in cyber-espionage against one another, including China, Israel, France, Syria and the U.S. These types of attacks are surging in frequency — according to the 2016 Verizon Data Breach Investigation Report, 89% of breaches last year had a financial or espionage motive. Out of 247 incidents the researchers analyzed, more than half (155) involved a confirmed data disclosure. Undoubtedly, much of state-sponsored hacking goes unrecorded, but the numbers definitely point to a rise in publicly recognized attacks.

How does it affect the general public?

You might be tempted to think that government-on-government cybercrime isn’t likely to impact everyday people, but you’d be wrong. Although it’s a fact that cyber-espionage has been happening for years, it hasn’t always been as obvious to the general public. And while any attack that involves the access and theft of private data for personal gain is certainly problematic and worrisome, some top officials have indicated that Russia’s alleged use of stolen data to influence voters is a completely different scenario from what we’ve seen in recent years. As Rep. Adam B. Schiff, the top Democrat on the House Intelligence Committee told ABC, “They didn’t just steal data; they weaponized it.”

While it might sound like something out of a Hollywood movie, it’s not impossible for these kinds of attacks to target companies and infrastructure that we rely on, such as gas pipelines or electric grids — and in fact, they already are. This type of attack would have an undeniable impact on average citizens, and drives home the point that this is a type of cybercrime you should be aware of. We are well-versed in what terrorist groups and other types of hackers are capable of doing, but just because most state-sponsored attacks aren’t directly aimed at average people does not mean they can’t be.

What is our government doing to protect us?

In response to allegations and intelligence information regarding Russia’s infiltration of the DNC as well as other Democratic party systems, the Obama administration announced on Dec. 29 that it would be imposing a number of sanctions on Russia as punishment for its cyber activity. These included the closing of two Russian compounds in New York and Maryland, as well as the expelling of 35 Russian diplomats and their families from the U.S. The sanctions taken by the Obama administration, while seen as extreme by some, are looked at as not severe enough by others. Since the sanctions were imposed by executive order, the incoming president has the ability to reverse them without having to go through Congress.

Whatever your personal opinion, most people would probably agree that it’s vital for our government, especially those officials making the decisions, to be concerned about cybersecurity and take action. It’s important that the people in charge don’t fall victim to cyber fatigue. Some types of actions work better for different people (or governments) than others. Following the hacks by China into the OPM’s databases, economic sanctions were threatened but proved enough of a deterrent that they weren’t followed through. Instead, China arrested during talks between the two country’s leaders, China and the U.S. both agreed on a “no hack” pact, and there has been a notable decline in state-sponsored hacking originating from China after these talks.

Can anything be done by individuals to protect themselves?

The short answer, when it comes to this type of attack, is no, but it’s also important to realize that it’s highly unlikely that any ordinary citizens will become direct targets of state-sponsored hackers. In fact, following the disclosure by Yahoo that its massive breach was perpetrated by state-sponsored hackers, some members of the cybersecurity community wondered whether this was merely an attempt to garner sympathy and push the brunt of the blame off the company itself. Their reasoning? For the most part, nation-states are after intellectual property, not individual email accounts. In all likelihood, the majority of the data stolen in the OPM breach was of little to no use for those who took it, since the goal was to discover information about specific people rather than steal a large amount of personal data for profit.

It is unclear exactly what the future of cybersecurity holds, especially since the U.S. is about to undergo a leadership transition that might change the way the government approaches cybersecurity. Regardless, it’s always a wise idea to protect your personal information and utilize smart security measures wherever you are. You can learn all about protecting your identity and privacy online by following our identity theft protection blog.