SpringerLink
Log in

Methods of Intelligence Agencies

  • Chapter
  • First Online:
Attribution of Advanced Persistent Threats

  • 1546 Accesses

Abstract

Much of the publicly available information about attribution methods and concrete cases originates from reports by security companies. Still, attribution statements by government agencies generate much more attention and are regarded as more reliable. Therefore it is worthwhile to examine what methods are available to intelligence agencies and whether they can provide a more complete picture than those of security companies. In this chapter, public sources are used to gain insights into the attribution methods of intelligence services. What is the relevance of human sources and informants? How do intelligence services monitor Internet traffic to track APT activity? How can offensive cyber-operations support attribution? And how do attackers protect themselves against wiretap** and recruitment attempts from foreign intelligence services? How do the methods of IT security companies compare to those of intelligence services?

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 49.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. WikiLeaks: Development Tradecraft DOs and DON’Ts. In: Vault 7: CIA Hacking Tools Revealed (2017). http://web.archive.org/web/20170725092909/https://wikileaks.org/ciav7p1/cms/page_14587109.html. Zitiert am 25.7.2017

  2. Petkus, D.A.: Ethics of human intelligence operations: of MICE and men. Int. J. Intell. Ethics 1(1) (2010)

    Google Scholar 

  3. Doherty, S., Gegeny, J., Spasojevic, B., Baltazar, J.: Hidden lynx-professional hackers for hire. In: Symantec Security Response Blog (2013). www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/hidden_lynx.pdf. Zitiert am 23.08.2017

  4. Mattis, P.: Three scenarios for understanding changing PLA activity in cyberspace. In: China Brief 15(23) (2015). https://jamestown.org/program/three-scenarios-for-understanding-changing-pla-activity-in-cyberspace/. Zitiert am 17.08.2017

  5. Coopers, P.: Operation cloud hopper. In: PwC UK Cyber Security and Data Privacy (2017). https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf. Zitiert am 26.07.2017

  6. Mandiant: APT1-Exposing One of China’s Cyber Espionage Units (2013). https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf. Zitiert am 21.07.2017

  7. Tien-pin, L., Pan, J.: PLA cyberunit targeting Taiwan named. In: Taipei Times (2015). http://web.archive.org/web/20150311141017/http://www.taipeitimes.com/News/taiwan/archives/2015/03/10/2003613206. Zitiert am 04.09.2017

  8. Security Response: Regin-top-tier espionage tool enables stealthy surveillance. In: Symantec Blog (2015). https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/regin-top-tier-espionage-tool-15-en.pdf. Zitiert am 09.09.2017

  9. GReAT: ProjectSauron-top level cyber-espionage platform covertly extracts encrypted government comms. In: Securelist (2016). https://securelist.com/faq-the-projectsauron-apt/75533/. Zitiert am 09.09.2017

  10. Park, J., Pearson, J.: North Korea’s Unit 180, the cyber warfare cell that worries the West. In: Reuters (2017). http://uk.reuters.com/article/us-cyber-northkorea-exclusive/exclusive-north-koreas-unit-180-the-cyber-warfare-cell-that-worries-the-west-idUKKCN18H020. Zitiert am 09.09.2017

  11. Tosi, S.J.: North Korean cyber support to combat operations. In: Military Review, July–August 2017. http://www.armyupress.army.mil/Portals/7/military-review/Archives/English/MilitaryReview_20170831_TOSI_North_Korean_Cyber.pdf. Zitiert am 11.09.2017

  12. Al-Thani, R.: Khyber security station and the activities of the cyber armed forces of Iran. In: Al-Arabiya.net (2017). http://farsi.alarabiya.net/fa/iran/2017/01/15/%D9%82%D8%B1%D8%A7%D8%B1-%DA%AF%D8%A7%D9%87-%D8%A7%D9%85%D9%86%D9%8A%D8%AA%D9%89-%D8%AE%D9%8A%D8%A8%D8%B1-%D9%88-%D9%81%D8%B9%D8%A7%D9%84%D9%8A%D8%AA-%D9%87%D8%A7%D9%89-%D8%A7%D8%B1%D8%AA%D8%B4-%D8%B3%D8%A7%D9%8A%D8%A8%D8%B1%D9%89-%D8%A7%D9%8A%D8%B1%D8%A7%D9%86.html. Zitiert am 11.09.2017, Google-Ãœbersetzung aus Farsi

  13. Greenberg, A.: A mystery agent is Doxing Iran’s hackers and dum** their code. In: Wired (2019). https://www.wired.com/story/iran-hackers-oilrig-read-my-lips/. Accessed 1 Jan 2020

  14. Flynn, M.T., Pottinger, M., Batchelor, P.D.: Fixing intel-a blueprint for making intelligence relevant in Afghanistan. In: Voices from the Field (2010). https://online.wsj.com/public/resources/documents/AfghanistanMGFlynn_Jan2010.pdf. Accessed 1 Jan 2020

  15. Sciutto, J.: US extracted top spy from inside Russia in 2017. In: CNN (2019). https://edition.cnn.com/2019/09/09/politics/russia-us-spy-extracted/index.html. Accessed 2 Jan 2020

  16. Sanger, D.E.: Trump, mocking claim that Russia hacked election, at odds with G.O.P.. In: New York Times (2016). http://web.archive.org/web/20170831041630/https://www.nytimes.com/2016/12/10/us/politics/trump-mocking-claim-that-russia-hacked-election-at-odds-with-gop.html. Zitiert am 12.09.2017

  17. United States District Court Southern District of California: Case 3:17-mj-02970-BGS. https://assets.documentcloud.org/documents/3955509/Yu**anComplaint.pdf. Zitiert am 12.09.2017

  18. The US Department of Justice: Chinese National Pleads Guilty to Conspiring to Hack into U.S. Defense Contractors’ Systems to Steal Sensitive Military Information. In: Justice News (2016). http://web.archive.org/web/20160401055017/https://www.justice.gov/opa/pr/chinese-national-pleads-guilty-conspiring-hack-us-defense-contractors-systems-steal-sensitive. Zitiert am 12.09.2017

  19. United States District Court Northern District of Illinois Eastern Division: United States of America v. Jichaoqun (2018). https://www.justice.gov/opa/press-release/file/1096411/download. Accessed 4 Jan 2020

  20. Hosenball, M., Menn, J.: FBI trying to build legal cases against Russian hackers-sources. In: Reuters (2016). http://in.reuters.com/article/usa-cyber-russia/fbi-trying-to-build-legal-cases-against-russian-hackers-sources-idINKCN11M07U. Zitiert am 12.09.2017

  21. Reissmann, O.: Flucht von Edward Snowden. In: Spiegel Online (2013). http://web.archive.org/web/20130626093238/http://www.spiegel.de/netzwelt/netzpolitik/edward-snowdens-flucht-rekonstruktion-a-907709.html. Accessed 13 Nov 2017

  22. Greenwald, G., MacAskill, E.: Boundless informant: the NSA’s secret tool to track global surveillance data. In: The Guardian (2013). http://web.archive.org/web/20130731051147/https://www.theguardian.com/world/2013/jun/08/nsa-boundless-informant-global-datamining. Accessed 13 Nov 2017

  23. Spiegel Online: Britischer Geheimdienst hackte belgische Telefongesellschaft. In: Spiegel Online Netzwelt (2013). http://web.archive.org/web/20130921055633/http://www.spiegel.de/netzwelt/web/belgacom-geheimdienst-gchq-hackte-belgische-telefongesellschaft-a-923224.html. Accessed 12 Sept 2017

  24. Marquis-Boire, M., Guarnieri, C., Gallagherm, R.: Secret malware in European union attack linked to U.S. and British intelligence. In: The Intercept (2014). http://web.archive.org/web/20170719231033/https://theintercept.com/2014/11/24/secret-regin-malware-belgacom-nsa-gchq/. Accessed 28 July 2017

  25. GReAT: Regin-nation-state ownage of GSM networks. In: SecureList (2014). http://web.archive.org/web/20170802165138/https://securelist.com/regin-nation-state-ownage-of-gsm-networks/67741/. Accessed 10 Aug 2017

  26. Spiegel Online: Ein deutsches Unternehmen erfährt, dass es gehackt wurde. In: Spiegel Online Netzwelt (2014). http://web.archive.org/web/20140915180305/http://www.spiegel.de/netzwelt/netzpolitik/stellar-gchq-hackte-rechnersystem-eines-deutschen-unternehmens-a-991486.html. Accessed 12 Sept 2017

  27. Biddle, S.: White house says Russia’s hackers are too good to be caught but NSA partner called them ‘Morons’. In: The Intercept (2017). https://theintercept.com/2017/08/02/white-house-says-russias-hackers-are-too-good-to-be-caught-but-nsa-partner-called-them-morons/. Accessed 5 Aug 2017

  28. NSA: Byzantine Hades-an evolution of collection. In: Spiegel Online (2015). http://web.archive.org/web/20150117190714/http://www.spiegel.de/media/media-35686.pdf. Accessed 14 Sept 2017

  29. Symantec: Waterbug-Espionage group rolls out brand-new toolset in attacks against governments. In: Symantec Blogs (2019). https://www.symantec.com/blogs/threat-intelligence/waterbug-espionage-governments. Accessed 3 Jan 2020

  30. NSA: ‘4th Party Collection’: taking advantage of non-partner computer network exploitation activity. In: Spiegel Online (2015). http://www.spiegel.de/media/media-35680.pdf. Accessed 14 Sept 2017

  31. Netzwerk Recherche: Hacker im Staatsauftrag (?)-Wie sie vorgehen und wie man sie enttarnen kann. In: YouTube (2017). https://www.youtube.com/watch?v=OfRb6hssfu8&feature=youtu.be. Zitiert am. Accessed 13 Sept 2017

  32. Howlett, W.: The rise of China’s hacking culture-defining Chinese hackers. Master’s thesis. California State University (2016). http://scholarworks.lib.csusb.edu/cgi/viewcontent.cgi?article=1413&context=etd. Accessed 13 Sept 2017

  33. Wong, E.: Hackers find China is land of opportunity. In: The New York Times (2013). http://www.nytimes.com/2013/05/23/world/asia/in-china-hacking-has-widespread-acceptance.html. Accessed 13 Sept 2017

  34. Greenberg, A.: Cyberspies target silent victims. In: Forbes (2007). http://web.archive.org/web/20090929182530/https://www.forbes.com/2007/09/11/cyberspies-raytheon-lockheed-tech-cx_ag_0911cyberspies.html. Accessed 14 Sept 2017

  35. Nakashima, E.: New details emerge about 2014 Russian hack of the State Department-It was ‘hand to hand combat’. In: The Washington Post (2017). http://web.archive.org/web/20170912110914/https://www.washingtonpost.com/world/national-security/new-details-emerge-about-2014-russian-hack-of-the-state-department-it-was-hand-to-hand-combat/2017/04/03/d89168e0-124c-11e7-833c-503e1f6394c9_story.html. Zitiert am 12.09.2017

  36. TASS: FSB finds cyber-spying virus in computer networks of 20 state authorities. In: TASS Russian Politics & Diplomacy (2016). http://web.archive.org/web/20170505015138/http://tass.com/politics/891681. Accessed 14 Sept 2017

  37. Guerrero-Saade, J.A., Raiu, C.: Walking in your enemy’s shadow- when fourth-party collection becomes attribution hell. In: Virus Bulletin (2017). https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07170728/Guerrero-Saade-Raiu-VB2017.pdf. Accessed 3 Jan 2020

  38. Attorneys for the United States: United States of America, Plaintiff v. YU PINGAN, a.k.a. ‘GoldSun’, Defendant. In: Politico (2017). https://www.politico.com/f/?id=0000015e-161b-df04-a5df-963f36840001. Accessed 10 Dec 2019

  39. United States District Court for the District of Columbia: United States of America v. Viktor Borisovich Netyksho et al. (2018) https://www.justice.gov/file/1080281/download. Accessed 5 Nov 2019

  40. United States District Court for the Central District of California: United States of America v. Park ** Hyok (2018). https://www.justice.gov/opa/press-release/file/1092091/download. Accessed 10 Dec 2019

Download references

Author information

Authors and Affiliations

  1. Bonn, Germany

    Timo Steffens

Authors
  1. Timo Steffens
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Timo Steffens .

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer-Verlag GmbH Germany, part of Springer Nature

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Steffens, T. (2020). Methods of Intelligence Agencies. In: Attribution of Advanced Persistent Threats. Springer Vieweg, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-61313-9_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-61313-9_8

  • Published:

  • Publisher Name: Springer Vieweg, Berlin, Heidelberg

  • Print ISBN: 978-3-662-61312-2

  • Online ISBN: 978-3-662-61313-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation