11 min read

News about Russian hackers creating chaos in the European Union or Chinese infiltration of a US company has almost become routine. In March 2019, a Russian hacking group was discovered operating on Czech soil by Czech intelligence agencies. Details are still unclear, however, speculations state that the group is part of a wider international network based out of multiple EU countries and was operating under Russian diplomatic cover.

The cybercriminal underground is complex, multifaceted, and by its nature, difficult to detect. On top of this, hackers are incentivized not to put their best foot forward in order to evade detection. One of the most common tactics is to disguise an attack so that it looks like the work of another group. These hackers frequently prefer to use the most basic hacking software available because it avoids the unique touches of more sophisticated software. Both of these processes make it more difficult to trace a hack back to its source.

Tracing high-level hacking is not impossible; however, there are some clear signs investigators use to determine the origin of a hacking group. Different hacker groups have distinct motivations, codes of conduct, tactics, and payment methods.

Though we will be using Russian and Chinese hacking as our main examples, the tips we give can be applied to protecting yourself from any state-sponsored attack.


Chinese and Russian hacking – knowing the difference

Russian speaking hacker forums are being exposed with increasing frequency, revealing not just the content shared in their underground network, but the culture that members have built up. They first gained notoriety during the 90s when massive economic changes saw the emergence of vast criminal networks – online and offline. These days, Russian hacks typically have two different motivations: geopolitical and financial.

Geopolitical attacks are generally designed to create confusion. The role of Russian hackers in the 2016 US election was one of the most covered stories by international media. However, these attacks are most effective and most common in countries with weak government institutions.

Many of them are also former Soviet territories where Russia has a pre-existing geopolitical interest. For example, the Caucasus region and the Baltic states have long been targeted by state-sponsored hackers. The tactics of these “active measures” are multivariate and highly complex. Hacking and other digital attacks are just one arm of this hybrid war.

However, the hacks that affect average web users the most, tend to be financially motivated. Russian language forums on the dark web have vast sections devoted to “carder” communities. Carder forums are where hackers go to buy and sell everything from identity details, credit card details, data dumps, or any other information that has been stolen.

For hackers looking to make a quick buck, carder forums are bread and butter. These forums and subforums include detailed tutorials on how to spoof a credit card number. The easiest way to steal from unsuspecting people is to buy a fake card. However, card scanners that steal a person’s credit card number and credentials are becoming increasingly popular. Unlike geopolitical hacks, financial attacks are not necessarily state-sponsored.

Though individual Western hackers may be more skilled when it comes to infiltrating more complex system, Russian hackers have several distinct advantages. Unlike in Western countries, Russian authorities tend to turn a blind eye to hacking that targets either Western countries or former Soviet states.

This allows hackers to work together in groups, something they’re discouraged from doing in countries that crack down on cyber attacks. This means Russian hackers can target more people at a greater speed than individual bad actors working in other countries.

Why the Chinese do it?

There are a number of distinct differences when it comes to Chinese hacking projects. The goal of state-sponsored Chinese attacks is to catch up to the US and European level of technological expertise in fields ranging from AI, biomedicine, alternative energy to robotics, and space technology. These goals were outlined in Xi Jinping’s Made in China 2025 announcement. This means, the main target for Chinese hackers is economic and intellectual property, which can be corporate or government. In the public sector, targeting US defense forces yields profitable designs for state-of-the-art technology. The F-22 and F-35, two fighter aircraft developed for the US military, were copied and produced almost identically by China’s People’s Liberation Army.

In the private sector, Chinese agents target large scale industries that use and develop innovative technology, like oil and gas companies. For example, a group might attack an oil firm to get details about exploration and steal geological assessments. This information would then be used to underbid their US competitor.

After a bilateral no-hacking agreement between the US and Chinese leaders was signed in 2016, attacks dropped significantly. However, since mid-2018, these attacks have begun to increase again. The impact of these new Chinese-sponsored cyber attacks has been farther reaching than initially expected.

Chinese hacking groups aren’t simply taking advantage of system vulnerabilities in order to steal corporate secrets. Many top tech companies believed they were compromised by a possible supply chain attack that saw Chinese microchips secretly inserted into servers.

Though Chinese and Russian hackers may have different motivations, one thing is certain: they have the numbers on their side. So how can you protect yourself from these specific hacking schemes?

How to stay safe – tips for everyday online security

Cyber threats are a part of life connected to the internet. While there’s not a lot you can do to stop someone else from launching an attack, there are steps you can take to protect yourself as much as possible.  Of course, no method is 100% foolproof, but it’s likely that you can be protected.

Hackers look for vulnerabilities and flaws to exploit. Unless you are the sole gatekeeper of a top-secret and lucrative information package that you’ve placed under heavy security, you may find yourself the target of a hacking scheme at some point or another.  Nevertheless, if a hacker tries to infiltrate your network or device and finds it too difficult, they will probably move onto an easier target.

There are some easy steps you can take to bolster your safety online. This is not an exhaustive list. Rather, it’s a round-up of some of the best tools available to bolster your security and make yourself a difficult – and therefore unattractive – target.

Make use of security and scanning tools

The search tool Have I Been Pwned is a great resource for checking if your accounts have been caught up in a recent data breach. You can enter your email address or your password for any account to see whether either has been exposed. You can also set up notifications on your accounts or domains that will tell you immediately if they are caught in a data breach.

This kind of software can be especially helpful for small business networks, which are more likely to find themselves on the receiving end of a Chinese hack. Hackers know that small businesses have fewer resources than large corporations, which can make their attacks even more devastating.

Read Also: ‘Have I Been Pwned’ up for acquisition; Troy Hunt code names this campaign ‘Project Svalbard’

Manage your passwords

One of the most common security mistakes is also one of the most dangerous. You should use a unique, complicated password for each one of your accounts.

The best way to manage a lot of complicated passwords is with a password manager. There are browser extensions but they have an obvious drawback if you lose your device. It’s best to use a separate application. Use a passphrase, rather than a password, to access your password manager. A passphrase is exactly what it sounds like. Rather than trusting that hackers won’t be able to figure out a single word, using multiple words to create a full phrase is both easier to remember and harder to hack.

If your device offers biometric access (like fingerprint), switch it on. Many financial apps also offer an additional layer of biometric security before you send money.

Use a VPN

A VPN encrypts your traffic, making it unreadable to outsiders. It also spoofs your IP address, which conceals your true location. This prevents sensitive information from falling into the hands of unscrupulous users and prevents your location details being used to identify you.

Some of the premium VPNs integrate advanced security features into their applications. For example, malware blockers will protect your device from malware and spyware. Some also contain ad-blockers.

Read Also: How to protect your VPN from Data Leaks

Keep in mind that free VPNs can themselves be a threat to your online privacy. In fact, some free VPNs have been used by the Chinese government to spy on their citizens. That’s why you should only use a high-quality VPN like CyberGhost to protect yourself from hackers and online trackers. If you’re looking for the fastest VPN on the market, ExpressVPN has consistently been the best competition in speed tests. NordVPN is our pick for best overall VPN when comparing it based on price, security, and speed.

VPNs are an important tool for both individuals and businesses. However, because Russian hackers prefer individual targets, using a VPN while dealing with any sensitive data, such as a bank, will help keep your money in your own account.

Learn to identify and deal with phishing

Phishing for passwords is one of the most common and most effective ways to extract sensitive information from a target. Russian hackers were famously able to sabotage Hillary Clinton’s presidential campaign when they leaked emails from campaign manager John Podesta. Thousands of emails on that server were stolen via a phishing scam.

Phishing scams are an easy way for hackers to infiltrate companies especially. Many times, employee names and email addresses are easy to access online. Hackers then use those names for false email accounts, which tricks their coworkers into open an email that contains a malware file. The malware then opens a direct line into the company’s system.

Crucially, phishing emails will ask for your passwords or sensitive information. Reputable companies would never do that.

One of the best ways to prevent a phishing attack is to properly train yourself, and everyone in your company, on how to detect a phishing email. Typically – but not always – phishing emails use badly translated English with grammatical errors. Logos and icons may also appear ill-defined.

Another good practice is to simply hover your mouse over the email, which will generally reveal the actual sender. Check the hosting platform and the spelling of the company name as these are both techniques used by hackers to confuse unwitting employees.

You can also use a client-based anti-phishing software, like one from avast! or Kaspersky Labs, which will flag suspicious emails. VPNs with an anti-malware feature also offer reliable protection against phishing scams.

Read Also: Using machine learning for phishing domain detection [Tutorial]

Keep your apps and devices up-to-date

Hackers commonly take advantage of flaws in old systems. Usually, when an update is released, it fixes these vulnerabilities. Make a habit of installing each update to keep your devices protected.

Disable Flash

Flash is a famously insecure piece of software that hackers can infiltrate easily. Most websites have moved away from flash, but just to be sure, you should disable it in your browser. If you need it later you can give Flash permission to run for just video at a time.

What to do if you have been hacked

If you do get a notice that your accounts have been breached, don’t panic. Follow the steps given below:

  • Notify your workplace
  • Notify your bank
  • Order credit reports to keep track of any activity
  • Get identity theft insurance
  • Place a credit freeze on your accounts or a fraud alert

Chinese and Russian hackers may seem impossible to avoid, but the truth is, we are probably not protecting ourselves as well as we should be. Though individuals are less likely to find themselves the target of Chinese hacks, most hackers are out for financial gain above all else. That makes it is more crucial to protect our private data. The simple tips provided above are a great baseline to secure your devices and protect your privacy, whether you want to protect against state-sponsored hacking or individual actors.

Author Bio

Ariel Hochstadt is a successful international speaker and author of 3 published books on computers and the internet. He’s an ex-Googler where he was the Global Gmail Marketing Manager and today he is the co-founder of vpnMentor and an advocate of online privacy. He’s also very passionate about traveling around the world with his wife and three kids.  

Read Next

Google’s Protect your Election program: Security policies to defend against state-sponsored phishing attacks, and influence campaigns

How to beat Cyber Interference in an Election process

The most asked questions on Big Data, Privacy, and Democracy in last month’s international hearing by Canada Standing Committee