Although the Sony attack was loud, damaging and hugely embarrassing to the company, the bigger threat is from mercenary hacker crews who steal billions of dollars of valuable technology secrets every year from U.S. companies on behalf of paying clients according to Jeffrey Carr, President and CEO of Taia Global.
“These mercenary hacker groups range from small groups with little funding to specialty shops run by ex-government spooks to highly financed criminal groups who use similar if not identical tactics to nation state actors,” according to Carr.
“That they are rarely discovered is due in part to their skill level and in part to being mis-identified as a state actor instead of a non-state actor if they are discovered. The low risk of discovery, frequent misattribution to a nation state, and growing demand of their services ensures that the EaaS threat actor will flourish in the coming 12 to 24 months,” Carr added.
The FBI filed a criminal complaint last summer and a federal grand jury subsequently indicted Su Bin, the President of Lode-Tech. Bin was charged with 5 counts of conspiracy on a cyber espionage campaign that was in operation from at least 2010 until 2014.
The hacker crew that he hired wasn’t named and is presumed to still be active. Stolen technologies included information about the F-35, F-22, and C-17 aircraft, and according to the criminal complaint, the hackers claimed that they were in a position to breach the network of Brahmos Aerospace, a joint venture between the Indian government and a Russian joint stock company.
Mercenary hacker groups are small, skillful, well-paid and have no nation-state affiliation. Instead, they are hackers for hire, whether it’s a Chinese millionaire like Su Bin, a Russian oligarch or a western business competitor of the company being targeted. The aerospace industry is among the hardest hit, but any company who is investing in high value research and development can be a target.