Cyber threats are relocating to enemy countries – and no expert can stop them

As part of Defence Online’s focus on cyber security, Ariel Hochstadt from vpnMentor, at the recruitment of veteran cyber experts by enemy countries to help develop their cyber threat.

Imagine other countries could get access to your country’s most guarded cyber weapons, and even use them against you, without you ever selling them a single line of code. Well, that’s what’s happening right under our noses – the most dangerous cyber threat is relocating to enemy countries, and by choice. You don’t have to be a cyber wiz to understand how it happens; all you need is a basic understanding of economics and human psychology. 

In recent years, both governments and private-sector corporations are starting to realise that the most valuable cyber weapon they can acquire is not software or code, but people and the knowledge they bring with them. It’s happening all over the world. Veterans of highly classified intelligence units are being recruited by rich enemy countries to develop the next cyber weapons, that might later be used to attack those veterans’ own country.   

In January 2019, Reuters revealed a large-scale operation called Project Raven that belonged to the United Arab Emirates government. The operation started in 2009, and begun recruiting former US NSA analysts to take part in developing advanced cyber technologies under a company named CyberPoint. What was initially declared as a purely defensive cyber project, was actually an offensive cyber operation. Besides tracking and attacking extremists within the UAE, it was also used to spy on Americans. After discovering that fact, Lori Stroud, a lead analyst in Project Raven, started raising the questions that ultimately got her fired and sent back to the States, where she helped the FBI crack the case.   

Israel is another country currently dealing with this phenomenon. In October 2019, two major Israeli news sources, Yedioth Ahronoth and The Marker, revealed the extent of this catastrophe: DarkMatter, the company that replaced CyberPoint as a contractor of Project Raven, has been recruiting Israeli veterans from the special intelligence unit known as 8200 to develop its offensive cyber technologies. This threat is larger than any danger a single data breach or under-the-table business deal might cause. When hostile countries can get their hands on this kind of knowledge, the country it originated from may end up being the target.  

But why would anyone agree to put their own country in danger? The reason is simpler than you’d think. Imagine you’re a 21-year-old, just discharged after 3 years of compulsory service in the Israeli Defence Forces, where you earned less than $300 a month. This is the position most Israelis find themselves in at this age. Only that for some, their service included the best cyber training the country could provide, along with access to all the most advanced cyber technologies. With that knowledge, these young adults become the most desirable candidates the minute they hit the civilian workforce. They’re offered salaries that their peers, that will probably find themselves waitering their way through university for the next few years, may not ever be able to even dream of. And that’s when the “talent scouts” reach out. 

This is how it goes: you get a WhatsApp message from an unfamiliar number, in Hebrew, from someone who knows exactly what your top-secret role was, who else was on your team, and what your accomplishments were. You get an offer that can range from $10,000 a month to as much as $100,000. If you agree to talk over the phone, the voice on the other end of the line assures you that you’ll be working with other Israelis, some were commanders in the same unit you just left, and that you can bring your entire team along to work with you, if you’d like. Oh, and on top of all that, you’ll get relocated to a suite on the beach in Cyprus or Thailand. Who would say no to that? Some do, but not everyone can – or will. 

So, how do you stop knowledge from leaking out of your country’s borders? These issues raise questions around the scale of regulations that a country can impose on its citizens in general, and on veterans in particular. If working in the private sector inside one’s country requires a 2-year cooling-off period, there’s nothing preventing another government from recruiting them to their lines, sometimes at double or triple the rate any company in the private sector could offer to begin with. 

These young adults may very well understand the implications of working for an enemy country, especially after years of having access to highly classified information, working to improve cyber defence against these exact countries. But at this age and stage in life, the temptation is so high that many can’t – or won’t – refuse. Israeli laws might restrict these ambitious young cyber experts rights to occupy roles related to the ones they served in, but as long as the job is given a different title and description, and the young talents are willing to expatriate for salaries higher than their wildest dreams, there’s not a lot the government can do to stop this from happening.  

Chinese companies are doing the same with US army veterans, offering salaries as high as $25,000 for two months of work that includes providing sensitive information. These veterans, while typically older than the Israeli ex-soldiers, often find themselves unemployed and in debt, without much support from their country. When they receive these offers, they are just as vulnerable, willing to do almost anything, including betraying the country that they feel betrayed them.  

As cybersecurity experts, we believe in educating the public on cyber threats and the various methods of staying safe. This requires, first and foremost, an awareness of all the potential dangers the web imposes on everyone who uses it. But in this case, awareness is not enough. We need to start a wider discussion, both inside each individual country and globally, on what intelligence and espionage look like in a world where our brains are our biggest assets. It could take some brainwork to figure out how to combine legislation and education to prevent the type of brain-drain that not only could lead to a loss of national resources, but also poses real danger to national security.  

To learn more about cyber security and how your business can stay protected from threats, visit the Cyber Essentials Online website.

If you would like to join our community and read more articles like this then please click here.

The post Cyber threats are relocating to enemy countries – and no expert can stop them appeared first on Defence Online.