Hackers from the US government are to blame for a cyber-attack that hijacked iPhones at a Russian technology company. Could the attack and Russian government's response change the perception of who the good guys and bad guys are in cyberspace?
These names—Camaro Dragon, Fancy Bear, Static Kitten, and Stardust Chollima—are not those of the newest Marvel superheroes, but rather those of some of the most feared hacker organizations in the world.
These elite cyber teams have been monitored for years as they moved from hack to hack, stealing information and causing trouble ostensibly on the orders of their governments.
Additionally, cartoon representations of them have been made by cybersecurity firms.
These businesses' marketers frequently alert customers to the origins of these "advanced persistent threats" (APTs), which are typically Russia, China, North Korea, and Iran, by placing .s on a map of the world.
However, there are still obvious empty areas on the map.
Why then do we so rarely learn of Western hacking teams or cyber-attacks?
This month's discovery of a significant hack in Russia could hold some answers.
The cyber-security worker watched as strange pings started to appear on the business wi-fi network from his desk that overlooked the Moscow Canal.
Difficult areas of the internet were receiving information from dozens of staff members' mobile phones at once.
But this was no regular business.
The largest cybersecurity firm in Russia at the time was Kaspersky, which was looking into a potential attack on its own personnel.
Although we were initially skeptical, spyware was naturally the first thing that came to mind, according to chief security researcher Igor Kuznetsov.
"Everyone has heard of the potent online tools that can turn mobile phones into spying tools, but I always assumed that this was some sort of urban legend that happened to someone else, somewhere else. ".
Igor came to the conclusion that they had discovered a significant surveillance-hacking campaign against their own employees after painstakingly analyzing "several dozen" infected iPhones.
For online defense professionals, the type of attack they discovered is the stuff of nightmares.
The hackers developed a simple method of infecting iPhones by sending an iMessage that deletes itself once the malicious software is introduced into the device.
You're infected, and you don't even realize it, Igor declares.
The attackers were now periodically receiving pings from the victims' entire phone contents. Sharing of emails, messages, photos, and even access to cameras and microphones occurred.
Igor claims that Kaspersky has a long-standing policy against accusing anyone, so they are not concerned with the origin of this cyber-spying attack.
In his words, "Bites don't have nationalities, and anytime a cyber-attack is attributed to a particular nation, it's done with an agenda.".
However, that is less of a concern to the Russian government.
Russian security services issued an urgent bulletin that same day that claimed they had "uncovered a reconnaissance operation by American intelligence services carried out using Apple mobile devices." Kaspersky had just made the discovery.
While claiming "several thousand telephone sets" belonging to both Russian and foreign diplomats had been infected, the Russian cyber-intelligence service made no mention of Kaspersky.
Apple was even charged in the bulletin with actively participating in the hacking campaign. Apple denies having any involvement.
The accused party, the National Security Agency (NSA) of the United States, informed BBC News that it had nothing further to add.
Igor insists that Kaspersky and the Russian security services did not coordinate, and that the government's announcement caught them off guard.
This will surprise some in the cyber-security community because it appeared that the Russian government and Kaspersky were issuing a joint statement for maximum impact. Western nations are increasingly using this strategy to expose hacking campaigns and publicly blame the perpetrators.
Only last month, the US government issued a joint announcement with Microsoft - Chinese government hackers had been found lurking inside energy networks in US territories.
And the UK, Australia, Canada, and New Zealand, collectively known as the "Five Eyes," quickly and predictably chimed in with their support for this declaration.
China quickly denied the claims, claiming that they were all the product of a "collective disinformation campaign" by the Five Eyes nations.
Mao Ning, a representative of the Chinese Foreign Ministry, added the standard Chinese response, saying, "The United States is the empire of hacking. ".
However, China now appears to be taking a more assertive stance in denouncing Western hacking, similar to Russia.
Hackers supported by foreign governments are now the biggest threat to the nation's cyber security, according to the state-run news outlet China Daily.
A statistic from the Chinese company 360 Security Technology, which had found "51 hacker organizations targeting China," accompanied the warning.
Requests for comment from the company were not answered.
China also charged the US with hacking a government-funded university in charge of aeronautics and space research projects in September of last year.
The head of Rubrik Zero Labs and former cyber intelligence employee Steve Stone claims that China and Russia have gradually realized how successful the Western model for cyber exposure is.
"I'll add that I believe that is a good thing. I have nothing against other nations disclosing what the West is up to. It seems appropriate to me and fair play, in my opinion. " .
Many dismiss the Chinese claim that the US is the "empire of hacking" as being exaggerated, but there is some truth to it.
The US is the only tier-one cyber power in the world, based on attack, defense, and influence, according to the International Institute for Strategic Studies (IISS).
Tier 2 is composed of:.
- China.
- Russian Federation.
- the UK.
- Australia.
- France.
- Israelite nation.
- Canada.
The US is ranked first globally in the National Cyber Power Index, created by researchers at the Belfer Centre for Science and International Affairs.
The annual paper's lead researcher, Julia Voo, has also noticed a shift.
"Espionage is routine for governments and now it's so often in the form of cyber-attacks - but there's a battle of narrative going on and governments are asking who is behaving responsibly and irresponsibly in cyber-space," she says.
And compiling a list of APT hacking groups and pretending there are no Western ones is not a truthful depiction of reality, she says.
"Reading the same reports about hacking attacks from only one side adds to a general ignorance," Mrs Voo says.
"A general education of the public is important, because this is basically where a lot of tensions between states are going to be playing out in the future. " .
And Mrs Voo praises the UK government for publishing its inaugural transparency report into National Cyber Force operations.
"It's not super-detailed but more than other countries," she says.
But the lack of transparency could also stem from cyber-security companies themselves.
Mr Stone calls it a "data bias" - Western cyber-security companies fail to see western hacks, because they have no customers in rival countries. .
But there could also be a conscious decision to put less effort into some investigations.
"I don't doubt that there's likely some companies that may pull the punch and hide what they may know about a Western attack," Mr Stone says.
But he has never been part of a team that deliberately held back.
Lucrative contracts from governments such as the UK or US are a major revenue stream for many cyber-security companies too.
As one Middle Eastern cyber-security researcher says: "The cyber-security intelligence sector is heavily represented by Western vendors and greatly influenced by their customers' interests and needs. ".
The expert, who asked to remain anonymous, is one of more than a dozen volunteers regularly contributing to the APT Google Sheet - a free-to-view online spreadsheet tracking all known instances of threat-actor activities, irrespective of their origins.
It has a tab for "Nato" APTs, with monikers such as Longhorn, Snowglobe and Gossip Girl, but the expert admits it is pretty empty compared with tabs for other regions and countries.
He says another reason for the lack of information on Western cyber-attacks could be because they are often stealthier and cause less collateral damage.
"Western nations tend to conduct their cyber operations in a more precise and strategic manner, contrasting with the more aggressive and broad attacks associated with nations like Iran and Russia," the expert says.
"As a result, Western cyber operations often yield less noise. ".
The other aspect to a lack of reporting could be trust.
It is easy to brush off Russian or Chinese hacking allegations because they often lack evidence.
But Western governments, when they loudly and regularly point the finger, rarely, if ever, provide any evidence either.
