“Hack and Hype:” How Old Tradecraft has been Weaponized in Cyberspace by c-Watch Intern 2020-002

“Hack and Hype:” How Old Tradecraft has been Weaponized in Cyberspace by c-Watch Intern 2020-002

Sports-ISAO sponsors c-Watch, which trains and deploys cyber threat analysts. A c-Watch intern offers this review of “Hack and Hype” as it evolved from its initial sports application to its Covid-19 incarnation.

As the global leader in correlating cyberattacks in athletic events, Sports-ISAO is uniquely positioned to observe various hacking strategies employed by governments the world over. Different combinations of cyberattacks, data theft and disinformation have been a common tactical feature of illiberal nations’ influence operations. One technique is particularly salient in athletics – we call it “Hack and Hype,” when data is stolen for use in a disinformation campaign.

Russia is the globe’s reigning World Champion of Hack and Hype; however, the technique has been adopted by other rising stars: China, Iran, and North Korea, among others.

Hack and Hype in Sport

For some background on Hack and Hype in sport, Fancy Bear, the outed Russian GRU hacking group, published stolen from the World Anti-Doping Agency (WADA) several years ago. The theft and publication included US Gymnast Simone Biles’ medical records in an attempt to smear her reputation. Though Biles’ records showed a prescription for ADHD medication that is ordinarily banned by WADA, her prescription was approved for use during the 2016 Summer Olympics. Other Fancy Bear attacks include a 2018 attack of the International Olympic Committee after Russian athletes were banned from the Winter Olympics that year. https://www.wired.com/story/fancy-bear-antidoping-olympics-hacks/. One can see the appeal of Hack and Hype, as stolen data provides a grain of truth that makes deception all the more effective.

Stealing and buying private data is relatively easy in illiberal regimes. In Russia, the black market provides easy access to private data, often procured by people able to access this data by virtue of job and position, and who are trying to make ends meet on meager salaries in a stagnant economy. Phone records, passport information, and almost any other private data can be had within hours of a black market purchase. https://www.bbc.com/news/world-europe-48348307

Black market economics aside, no one’s personal data is safe. In October 2018, seven GRU agents were indicted by the US Department of Justice for hacking into computer networks operated by anti-doping and sporting organizations. The DoJ press release lays bare Russia’s Hack and Hype strategy:

“Among the goals of the conspiracy was to publicize stolen information as part of an influence and disinformation campaign designed to undermine, retaliate against, and otherwise delegitimize the efforts of international anti-doping organizations and officials who had publicly exposed a Russian state-sponsored athlete doping program and to damage the reputations of athletes around the world by falsely claiming that such athletes were using banned or performance-enhancing drugs.” https://www.justice.gov/opa/pr/us-charges-russian-gru-officers-international-hacking-and-related-influence-and

Hack and Hype is manifestly a favored Russian technique of exploiting sport to advance disinformation and to foment distrust.  Indeed, Hack and Hype is so favored, it and other illiberal nations have begun expertly tailoring it for other applications.

Hack and Hype Evolved

US voters understand full well the effects of Hack and Hype tactics unleashed by Russia during the 2016 election season. Sports-ISAO’s cyber threat collection operators observe a parallel today during the novel coronavirus pandemic with these past Kremlin tactics.  Yet, it would not be fair to focus solely on Moscow when it comes to Covid-19 cyberattacks and disinformation. 

The British National Cyber Security Centre and the Cybersecurity and Infrastructure Security Agency within the US Department of Homeland Security have published a joint statement that state-backed hackers in Iran, China and Russia have targeted British and American pharmaceutical companies, research organizations and local governments. In general, the state hacking groups seek bulk personal information, intellectual property and national intelligence collection priorities, such as healthcare policy or sensitive data on Covid-19 research… all of which can be useful in a Hack and Hype campaign. https://www.reuters.com/article/us-health-coronavirus-cyber/state-backed-hackers-targeting-coronavirus-responders-u-s-and-uk-warn-idUSKBN22H1UG

Hack and Hype, a Sports-ISAO tagline that encapsulates illiberal nations’ manipulation of cyberspace for soft power projection through sport, must be understood to adequately combat attacks in the Covid-19 environment.  Defending against cyberattacks alone is too narrow when nations are pursuing national strategic objectives through the use of social media and disinformation campaigns.    Western analysts have observed, for example, that diplomatic and social media messaging emanating from Russian, Chinese and Iranian sources have historically converged upon two anti-US themes: They typically defended President Nicolás Maduro’s murderous regime in Venezuela, and they claimed that the US is a bad-faith partner to international agreements. The similarity of the messaging from these countries is notable.

Remarkably, with the emergence of the global coronavirus pandemic, these three governments have been proclaiming in near-unison: That coronavirus didn’t come from China; that it is an American bioweapon; that US troops spread the disease; that the US is gaining politically from the pandemic; that the Chinese response was exemplar while the US response was lacking; that the US economy will fail because of the pandemic; that US sanctions are killing Iranians; and that the three nations are managing the crisis well. https://www.politico.com/news/2020/04/21/russia-china-iran-disinformation-coronavirus-state-department-193107

Taken together, this represents a strategic game plan to influence other nations to believe that a change in the global order is necessary. This is an evolution of Hack and Hype, the fruits of which we are yet to behold, in which proven instances of Covid-19-related hacking aren’t yet tied to the coordinated Covid-19 hype campaign currently underway.

The Strategy

Indeed, online influence extends beyond crafting a favorable narrative for any particular illiberal nation. Observers are seeing increased interest from Hindi- and Persian-language internet users concerning content that exalts energy therapies and questionable supplements while debasing Western medicine. Additionally, Western European Internet traffic increasingly favors medical conspiracies and anti-vaccination topics. https://www.politico.com/news/2020/04/21/russia-china-iran-disinformation-coronavirus-state-department-193107

The emergence of Hack and Hype within the Covid-19 environment indicates that illiberal nations view the global pandemic as an opportunity for soft power projection. Moreover, it signals that cyberattacks are likely the outputs of national strategy, and that victims are specifically selected to advance the strategy. While ransomware and cybercrime attacks are opportunistically using telework platforms as an attack vector, Covid-19 research by universities, pharmaceuticals, and advanced labs are especially high value targets for state actors. Put simply, Hack and Hype attacks imply a national strategy is at play, insofar as cybercriminals often lack the financial incentive to engage in the Hype element of this irregular warfare strategy. 

Accordingly, we expect to see more advanced cyber tradecraft over the coming months pertaining to Covid-19. Moscow has been perfecting all the setups in the Kremlin playbook since the Soviet era, and other illiberal nations seek to emulate their success. Where propaganda was once a cudgel to control populations behind the Iron Curtain and other totalitarian regimes, now disinformation has become expertly tailored towards the modern, borderless information landscape and its myriad inexpert consumers across the globe. Worse still, Western liberal governments are more sensitive and beholden to the court of public opinion than any time in history. Elected leaders increasingly make decisions that take evermore consideration of the potential for applause or condemnation from the Twitter mob, a feature and vulnerability of modern democratic governance that national rivals are exploiting without pause. Whether it’s sport or Covid-19, it’s never fair play, and Hack and Hype is particularly suited towards advancing an illiberal agenda while also fomenting unmitigated disorder in the liberal West.

2 Responses to "“Hack and Hype:” How Old Tradecraft has been Weaponized in Cyberspace by c-Watch Intern 2020-002"

  1. Pingback: Unsung heroes in Russia’s sports doping scheme – The Cyber Resilience Institute

  2. Pingback: A call to action – The Cyber Resilience Institute

You must be logged in to post a comment Login