Zusammenfassung
Die Methode, die bei Analysten ein erstes Bauchgefühl hinsichtlich des Ursprungs von Angriffskampagnen erzeugt, ist überraschenderweise keine technische, sondern eine geopolitische. Das Cui bono , also die Frage, wem der Angriff nützt, wird häufig als erster Fingerzeig genutzt, um die Analyse zu treiben. In welcher Region befindet sich das Opfer? Wer hat dort welche Interessen? Welche politischen Konflikte herrschen dort? Zu welcher Branche gehört die betroffene Organisation und wer interessiert sich für Daten aus dieser Branche? Vielfach sind Cyber-Spionage-Angriffe auch gegen ethnische Minderheiten oder Oppositionelle gerichtet. Um diese Faktoren bewerten zu können, beschäftigen nicht wenige IT-Sicherheitsfirmen und Regierungsstellen Politikwissenschaftler und Länderexperten. In diesem Kapitel werden deren Methoden betrachtet, wie die Analyse von Aufgaben der verdächtigen Nachrichtendienste, die Untersuchung von wirtschaftlichen Interessen und die Erkenntnisse, die aus zwischenstaatlichen und innenpolitischen Konflikten gewonnen werden können. Was unterscheidet die russischen Nachrichtendienste FSB und GRU? Welche Folgen hat die Umorganisation der chinesischen Volksbefreiungsarmee? Was sind die Fünf Gifte und was bedeuten sie für APT-Angriffe?
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Literatur
Sanger, D.E.: Confront and Conceal. Crown Publishers, New York (2012)
Office of the Director of National Intelligence: Background to ,Assessing Russian Activities and Intentions in Recent US Elections‘ – The Analytic Process and Cyber Incident Attribution. https://www.dni.gov/files/documents/ICA_2017_01.pdf (2017). Zugegriffen am 17.08.2017
EFF: Computer Network Operations Genie. https://www.eff.org/files/2015/02/03/20150117-spiegel-excerpt_from_the_secret_nsa_budget_on_computer_network_operations_-_code_word_genie.pdf (2015). Zugegriffen am 17.08.2017
CrowdStrike: Hat-tribution to PLA Unit 61486. In: CrowdStrike Blog. http://web.archive.org/web/20170207031606/https://www.crowdstrike.com/blog/hat-tribution-pla-unit-61486/ (2014). Zugegriffen am 17.08.2017
Solon, O.: Hacking group auctions ,cyber weapons‘ stolen from NSA. In: The Guardian. http://web.archive.org/web/20160817003759/https://www.theguardian.com/technology/2016/aug/16/shadow-brokers-hack-auction-nsa-malware-equation-group (2016). Zugegriffen am 17.08.2017
Galeotti, M.: Putin’s Hydra – Inside Russia’s Intelligence Services. In: European Council on Foreign Relations Publications. http://ecfr.eu/page/-/ECFR_169_-_PUTINS_HYDRA_INSIDE_THE_RUSSIAN_INTELLIGENCE_SERVICES_1513.pdf (2016). Zugegriffen am 18.08.2017
Anderson, C.: Bahamut Revisited, More Cyber Espionage in the Middle East and South Asia. In: Bellingcat. http://web.archive.org/web/20171028201729/https://www.bellingcat.com/resources/case-studies/2017/10/27/bahamut-revisited-cyber-espionage-middle-east-south-asia/ (2017). Zugegriffen am 29.10.2017
Mattis, P.: Three scenarios for understanding changing PLA activity in cyberspace. China Brief 15(23). https://jamestown.org/program/three-scenarios-for-understanding-changing-pla-activity-in-cyberspace/ (2015). Zugegriffen am 17.08.2017
Costello, J.: The strategic support force: update and overview. China Brief 16(19). https://jamestown.org/program/strategic-support-force-update-overview/ (2016). Zugegriffen am 17.08.2017
Recorded Future: North Korea Is Not Crazy. In: The Recorded Future Blog. http://web.archive.org/web/20170817185506/https://www.recordedfuture.com/north-korea-cyber-activity (2017). Zugegriffen am 17.08.2017
Karacs, I.: France spied on commercial rivals. In: Independent. http://web.archive.org/web/20170904162158/http://www.independent.co.uk/news/world/france-spied-on-commercial-rivals-1323422.html (1996). Zugegriffen am 04.09.2017
DGSE: Controles. http://www.defense.gouv.fr/english/dgse/tout-le-site/controles. Zugegriffen am 18.08.2017
Federation of American Scientists (FAS): Tenth Bureau Scientific and Technological Information Bureau. In: Intelligence Resource Program. http://web.archive.org/web/20140719034600/https://fas.org/irp/world/china/mss/org_10.htm Zugegriffen am 18.08.2017
Soldatov, A., Borogan, I.: The New Nobility. Public Affairs, New York (2010)
Soldatov, A., Borogan, I.: The Red Web. Public Affairs, New York (2015)
Weiner, T.: Legacy of Ashes – The History of the CIA Kindle Edition. Penguin, London (2008)
Alperovitch, D.: Bears in the Midst: Intrusion into the Democratic National Committee. In: CrowdStrike Blog. http://web.archive.org/web/20160615025759/https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/ (2016). Zugegriffen am 19.08.2017
Bundesamt für Verfassungsschutz: Verfassungsschutzbericht. https://www.verfassungsschutz.de/download/vsbericht-2016.pdf (2016). Zugegriffen am 19.07.2017
Hacquebord, F.: Pawn Storm’s Domestic Spying Campaign Revealed; Ukraine and US Top Global Targets. In: TrendMicro Blog (2015). http://web.archive.org/web/20150822082002/http://blog.trendmicro.com:80/trendlabs-security-intelligence/pawn-storms-domestic-spying-campaign-revealed-ukraine-and-us-top-global-targets/ Zugegriffen am 15.08.2017
GovCERT.ch: APT Case RUAG – Technical Report. http://web.archive.org/web/20170718174931/https://www.melani.admin.ch/dam/melani/de/dokumente/2016/technicalreportruag.pdf.download.pdf/Report_Ruag-Espionage-Case.pdf (2016). Zugegriffen am 19.08.2017
F-Secure Labs: The Dukes – 7 Years of Espionage. https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf (2015). Zugegriffen am 19.07.2017
Cherepanov, A., Lipovsky, R.: Industroyer – Biggest threat to industrial Control systems since Stuxnet. In: WeLiveSecurity Blog. https://www.welivesecurity.com/2017/06/12/industroyer-biggest-threat-industrial-control-systems-since-stuxnet/ (2017). Zugegriffen am 19.08.2017
Dragos Inc.: CRASHOVERRIDE – Analysis of the Threat to Electric Grid Operations. https://dragos.com/blog/crashoverride/CrashOverride-01.pdf (2017). Zugegriffen am 19.08.2017
Nakashima, E.: U.S. officials say Russian government hackers have penetrated energy and nuclear company business networks. In: The Washington Post. https://www.washingtonpost.com/world/national-security/us-officials-say-russian-government-hackers-have-penetrated-energy-and-nuclear-company-business-networks/2017/07/08/bbfde9a2-638b-11e7-8adc-fea80e32bf47_story.html (2017). Zugegriffen am 19.08.2017
U.S.-China Economic and Security Review Commission. China’s Espionage and Intelligence Operations. https://www.uscc.gov/sites/default/files/transcripts/June%2009%2C%202016%20Hearing%20Transcript.pdf (2016). Zugegriffen am 20.08.2017
Stokes, M.A., Lin, J., Russell Hsiao, L.C.: The Chinese People’s Liberation Army Signals Intelligence and Cyber Reconnaissance Infrastructure. In: Project 2049 Institute. https://project2049.net/documents/pla_third_department_sigint_cyber_stokes_lin_hsiao.pdf (2011). Zugegriffen am 23.07.2017
NSA: BYZANTINE HADES – An Evolution of Collection. In: Spiegel Online. http://web.archive.org/web/20150117190714/http://www.spiegel.de/media/media-35686.pdf (2015). Zugegriffen am 14.09.2017
Tien-pin, L., Pan, J.: PLA cyberunit targeting Taiwan named. In: Taipei Times. http://web.archive.org/web/20150311141017/http://www.taipeitimes.com/News/taiwan/archives/2015/03/10/2003613206 (2015). Zugegriffen am 22.08.2017
Grow, B., Hosenball, M.: Special report – in cyberspy vs. cyberspy, China has the edge. In: Reuters. http://web.archive.org/web/20160421125947/http://www.reuters.com/article/us-china-usa-cyberespionage-idUSTRE73D24220110414 (2011). Zugegriffen am 22.08.2017
Mimoso, M.: Naikon APT Group Tied to China’s PLA Unit 78020. In: ThreatConnect Blog. https://www.threatconnect.com/in-the-news/naikon-apt-group-tied-to-chinas-pla-unit-78020/ (2015). Zugegriffen am 22.08.2017
South China Morning Post: ,Chinese cyberspies‘ hack international court’s website to fish for enemies in South China Sea dispute. http://web.archive.org/web/20151017050922/http://www.scmp.com/news/china/policies-politics/article/1868395/chinese-cyberspies-hack-international-courts-website (2015). Zugegriffen am 20.08.2017
The Guardian: Russia Accused of Series of International Cyber-Attacks. http://web.archive.org/web/20160513174121/https://www.theguardian.com/technology/2016/may/13/russia-accused-international-cyber-attacks-apt-28-sofacy-sandworm (2016). Zugegriffen am 20.08.2017
ESET: BlackEnergy and the Ukrainian power outage – what we really know. In: welivesecurity Blog. http://web.archive.org/web/20160114015324/https://www.welivesecurity.com/2016/01/11/blackenergy-and-the-ukrainian-power-outage-what-we-really-know/ Zugegriffen am 20.08.2017
Meyers, A.: Danger Close – Fancy Bear Tracking of Ukrainian Field Artillery Units. In: CrowdStrike Blog. http://web.archive.org/web/20170820103928/https://www.crowdstrike.com/blog/danger-close-fancy-bear-tracking-ukrainian-field-artillery-units/ (2016). Zugegriffen am 20.08.2017
Villeneuve, N.: Tracking GhostNet – Investigating a Cyber Espionage Network. www.nartv.org/mirror/ghostnet.pdf (2009). Zugegriffen am 13.08.2017
Baumgartner, K., Raiu, C., Maslennikov, D.: Android Trojan Found in Targeted Attack. In: SecureList. http://web.archive.org/web/20170813125606/https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/ (2013). Zugegriffen am 13.08.2017
Kozy, A.: Occupy Central – The Umbrella Revolution and Chinese Intelligence. In: CrowdStrike Blog. http://web.archive.org/web/20160419233041/https://www.crowdstrike.com/blog/occupy-central-the-umbrella-revolution-and-chinese-intelligence/ (2014). Zugegriffen am 20.08.2017
Van Horenbeeck, M.: JavaScript/HTML droppers as a targeted attack vector. In: Internet Storm Center Diary. http://web.archive.org/web/20170820111504/https://isc.sans.edu/diary/JavaScriptHTML+droppers+as+a+targeted+attack+vector/3400 (2007). Zugegriffen am 20.08.2017
Central Committee of the Communist Party of China: The 13th Five-Year Plan for Economic and Social Development of the People’s Republic of China. In: National Development and Reform Commission (NDRC). http://en.ndrc.gov.cn/newsrelease/201612/P020161207645765233498.pdf (2015). Zugegriffen am 23.08.2017
Huotari, M., Hanemann, T.: Chinese investment in Europe – record flows and growing imbalances. In: Mercator Insitute for China Studies. http://web.archive.org/web/20170823182222/https://www.merics.org/en/merics-analysis/papers-on-china/cofdi/cofdi2017/ (2017). Zugegriffen am 23.07.2017
Kania, E.: Beyond CFIUS – The Strategic Challenge of China’s Rise in Artificial Intelligence. In: Lawfare Blog. http://web.archive.org/web/20170823182426/https://lawfareblog.com/beyond-cfius-strategic-challenge-chinas-rise-artificial-intelligence (2017). Zugegriffen am 23.08.2017
Mohsin, S.: Mnuchin Seeks Greater Scrutiny of Chinese Investments in U.S.. In: Bloomberg. https://www.bloomberg.com/news/articles/2017-06-14/mnuchin-seeks-greater-scrutiny-of-chinese-investments-in-u-s (2017). Zugegriffen am 23.08.2017
Doherty, S., Gegeny, J., Spasojevic, B., Baltazar, J.: Hidden Lynx – Professional Hackers for Hire. In: Symantec Security Response Blog. www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/hidden_lynx.pdf (2013). Zugegriffen am 23.08.2017
GReAT: Winnti. More than just a game. In: SecureList. http://web.archive.org/web/20170705150702/https://securelist.com/winnti-more-than-just-a-game/37029/ (2013). Zugegriffen am 23.08.2017
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer-Verlag GmbH Deutschland
About this chapter
Cite this chapter
Steffens, T. (2018). Geopolitische Analyse. In: Auf der Spur der Hacker. Springer Vieweg, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-55954-3_6
Download citation
DOI: https://doi.org/10.1007/978-3-662-55954-3_6
Published:
Publisher Name: Springer Vieweg, Berlin, Heidelberg
Print ISBN: 978-3-662-55953-6
Online ISBN: 978-3-662-55954-3
eBook Packages: Computer Science and Engineering (German Language)