The rise of state-sponsored hacking is putting top security researchers in an invidious position as state security organisations increasingly target them – while cyber-criminals will resort to threats and blackmail in a bid to silence them.
That is the claim of Juan Andres Guerrero-Saade, who works for anti-virus software vendor Kaspersky Labs in the US.
In a paper published on the company’s website, entitled ‘The Ethics And Perils of APT Research: An Unexpected Transition into Intelligence Brokerage’, he claims: “Information security researchers are increasingly involved in investigating state-sponsored or geopolitically significant threats. As a result, the affable and community-friendly information security researcher has become the misunderstood and often imperilled intelligence broker.”
He continues: “As a result, the affable and community-friendly information security researcher has become the misunderstood and often imperilled intelligence broker.”
However, he adds, security researchers – indeed, the cyber security sector in general – are ill-prepared for the consequences of this “tectonic shift”.
“Both individual researchers and top-tier infosec firms face drastic changes in embodying their new role as intelligence brokers. Necessary areas of improvement beyond dispute include the enhancement of geopolitical analysis skills and analytical frameworks, coordinated operational security, and strategic decision-making based on a political calculus befitting heightened stakes and disproportionately powerful players.”
The rise of cyber-threat intelligence reports and ethically dubious security-flaws-for-sale firms has also put such organisations firmly in crosshairs of security services, as has researchers’ increasing involvement in examining “the malware remnants of espionage campaigns”. There is a risk that they could be the target of blackmail and other measures in a bid to extract knowledge and information from cyber-security specialists, he warns.
He continues: “Researchers in the thick of sensitive research know that they often tussle with truly powerful actors. Where research into cyber-crime stands on solid ground as an informative and welcome extension of law enforcement, espionage research has little precedent and, as previously discussed, flimsy cover for action and questionable legal protection.
“If researchers receive personal insults and death threats for disrupting the operations of Brazilian cyber-criminals, what might nation-state actors of varying scruples be willing to do to stop a loud, boisterous, profiteering public nuisance?”
The risk is especially acute in countries where there is a fine and poorly defined line between the state and organised crime.
Computing’s Enterprise Security and Risk Management Summit comes to London on 26 November. Register now: It’s FREE to qualifying CIOs, CISOs, IT directors, and security researchers