Skip to main content
SpringerLink
Log in

Geopolitische Analyse

  • Chapter
  • First Online:
Auf der Spur der Hacker

  • 6348 Accesses

Zusammenfassung

Die Methode, die bei Analysten ein erstes Bauchgefühl hinsichtlich des Ursprungs von Angriffskampagnen erzeugt, ist überraschenderweise keine technische, sondern eine geopolitische. Das Cui bono , also die Frage, wem der Angriff nützt, wird häufig als erster Fingerzeig genutzt, um die Analyse zu treiben. In welcher Region befindet sich das Opfer? Wer hat dort welche Interessen? Welche politischen Konflikte herrschen dort? Zu welcher Branche gehört die betroffene Organisation und wer interessiert sich für Daten aus dieser Branche? Vielfach sind Cyber-Spionage-Angriffe auch gegen ethnische Minderheiten oder Oppositionelle gerichtet. Um diese Faktoren bewerten zu können, beschäftigen nicht wenige IT-Sicherheitsfirmen und Regierungsstellen Politikwissenschaftler und Länderexperten. In diesem Kapitel werden deren Methoden betrachtet, wie die Analyse von Aufgaben der verdächtigen Nachrichtendienste, die Untersuchung von wirtschaftlichen Interessen und die Erkenntnisse, die aus zwischenstaatlichen und innenpolitischen Konflikten gewonnen werden können. Was unterscheidet die russischen Nachrichtendienste FSB und GRU? Welche Folgen hat die Umorganisation der chinesischen Volksbefreiungsarmee? Was sind die Fünf Gifte und was bedeuten sie für APT-Angriffe?

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 69.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Literatur

  1. Sanger, D.E.: Confront and Conceal. Crown Publishers, New York (2012)

    Google Scholar 

  2. Office of the Director of National Intelligence: Background to ,Assessing Russian Activities and Intentions in Recent US Elections‘ – The Analytic Process and Cyber Incident Attribution. https://www.dni.gov/files/documents/ICA_2017_01.pdf (2017). Zugegriffen am 17.08.2017

  3. EFF: Computer Network Operations Genie. https://www.eff.org/files/2015/02/03/20150117-spiegel-excerpt_from_the_secret_nsa_budget_on_computer_network_operations_-_code_word_genie.pdf (2015). Zugegriffen am 17.08.2017

  4. CrowdStrike: Hat-tribution to PLA Unit 61486. In: CrowdStrike Blog. http://web.archive.org/web/20170207031606/https://www.crowdstrike.com/blog/hat-tribution-pla-unit-61486/ (2014). Zugegriffen am 17.08.2017

  5. Solon, O.: Hacking group auctions ,cyber weapons‘ stolen from NSA. In: The Guardian. http://web.archive.org/web/20160817003759/https://www.theguardian.com/technology/2016/aug/16/shadow-brokers-hack-auction-nsa-malware-equation-group (2016). Zugegriffen am 17.08.2017

  6. Galeotti, M.: Putin’s Hydra – Inside Russia’s Intelligence Services. In: European Council on Foreign Relations Publications. http://ecfr.eu/page/-/ECFR_169_-_PUTINS_HYDRA_INSIDE_THE_RUSSIAN_INTELLIGENCE_SERVICES_1513.pdf (2016). Zugegriffen am 18.08.2017

  7. Anderson, C.: Bahamut Revisited, More Cyber Espionage in the Middle East and South Asia. In: Bellingcat. http://web.archive.org/web/20171028201729/https://www.bellingcat.com/resources/case-studies/2017/10/27/bahamut-revisited-cyber-espionage-middle-east-south-asia/ (2017). Zugegriffen am 29.10.2017

  8. Mattis, P.: Three scenarios for understanding changing PLA activity in cyberspace. China Brief 15(23). https://jamestown.org/program/three-scenarios-for-understanding-changing-pla-activity-in-cyberspace/ (2015). Zugegriffen am 17.08.2017

  9. Costello, J.: The strategic support force: update and overview. China Brief 16(19). https://jamestown.org/program/strategic-support-force-update-overview/ (2016). Zugegriffen am 17.08.2017

  10. Recorded Future: North Korea Is Not Crazy. In: The Recorded Future Blog. http://web.archive.org/web/20170817185506/https://www.recordedfuture.com/north-korea-cyber-activity (2017). Zugegriffen am 17.08.2017

  11. Karacs, I.: France spied on commercial rivals. In: Independent. http://web.archive.org/web/20170904162158/http://www.independent.co.uk/news/world/france-spied-on-commercial-rivals-1323422.html (1996). Zugegriffen am 04.09.2017

  12. DGSE: Controles. http://www.defense.gouv.fr/english/dgse/tout-le-site/controles. Zugegriffen am 18.08.2017

  13. Federation of American Scientists (FAS): Tenth Bureau Scientific and Technological Information Bureau. In: Intelligence Resource Program. http://web.archive.org/web/20140719034600/https://fas.org/irp/world/china/mss/org_10.htm Zugegriffen am 18.08.2017

  14. Soldatov, A., Borogan, I.: The New Nobility. Public Affairs, New York (2010)

    Google Scholar 

  15. Soldatov, A., Borogan, I.: The Red Web. Public Affairs, New York (2015)

    Google Scholar 

  16. Weiner, T.: Legacy of Ashes – The History of the CIA Kindle Edition. Penguin, London (2008)

    Google Scholar 

  17. Alperovitch, D.: Bears in the Midst: Intrusion into the Democratic National Committee. In: CrowdStrike Blog. http://web.archive.org/web/20160615025759/https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/ (2016). Zugegriffen am 19.08.2017

  18. Bundesamt für Verfassungsschutz: Verfassungsschutzbericht. https://www.verfassungsschutz.de/download/vsbericht-2016.pdf (2016). Zugegriffen am 19.07.2017

  19. Hacquebord, F.: Pawn Storm’s Domestic Spying Campaign Revealed; Ukraine and US Top Global Targets. In: TrendMicro Blog (2015). http://web.archive.org/web/20150822082002/http://blog.trendmicro.com:80/trendlabs-security-intelligence/pawn-storms-domestic-spying-campaign-revealed-ukraine-and-us-top-global-targets/ Zugegriffen am 15.08.2017

  20. GovCERT.ch: APT Case RUAG – Technical Report. http://web.archive.org/web/20170718174931/https://www.melani.admin.ch/dam/melani/de/dokumente/2016/technicalreportruag.pdf.download.pdf/Report_Ruag-Espionage-Case.pdf (2016). Zugegriffen am 19.08.2017

  21. F-Secure Labs: The Dukes – 7 Years of Espionage. https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf (2015). Zugegriffen am 19.07.2017

  22. Cherepanov, A., Lipovsky, R.: Industroyer – Biggest threat to industrial Control systems since Stuxnet. In: WeLiveSecurity Blog. https://www.welivesecurity.com/2017/06/12/industroyer-biggest-threat-industrial-control-systems-since-stuxnet/ (2017). Zugegriffen am 19.08.2017

  23. Dragos Inc.: CRASHOVERRIDE – Analysis of the Threat to Electric Grid Operations. https://dragos.com/blog/crashoverride/CrashOverride-01.pdf (2017). Zugegriffen am 19.08.2017

  24. Nakashima, E.: U.S. officials say Russian government hackers have penetrated energy and nuclear company business networks. In: The Washington Post. https://www.washingtonpost.com/world/national-security/us-officials-say-russian-government-hackers-have-penetrated-energy-and-nuclear-company-business-networks/2017/07/08/bbfde9a2-638b-11e7-8adc-fea80e32bf47_story.html (2017). Zugegriffen am 19.08.2017

  25. U.S.-China Economic and Security Review Commission. China’s Espionage and Intelligence Operations. https://www.uscc.gov/sites/default/files/transcripts/June%2009%2C%202016%20Hearing%20Transcript.pdf (2016). Zugegriffen am 20.08.2017

  26. Stokes, M.A., Lin, J., Russell Hsiao, L.C.: The Chinese People’s Liberation Army Signals Intelligence and Cyber Reconnaissance Infrastructure. In: Project 2049 Institute. https://project2049.net/documents/pla_third_department_sigint_cyber_stokes_lin_hsiao.pdf (2011). Zugegriffen am 23.07.2017

  27. NSA: BYZANTINE HADES – An Evolution of Collection. In: Spiegel Online. http://web.archive.org/web/20150117190714/http://www.spiegel.de/media/media-35686.pdf (2015). Zugegriffen am 14.09.2017

  28. Tien-pin, L., Pan, J.: PLA cyberunit targeting Taiwan named. In: Taipei Times. http://web.archive.org/web/20150311141017/http://www.taipeitimes.com/News/taiwan/archives/2015/03/10/2003613206 (2015). Zugegriffen am 22.08.2017

  29. Grow, B., Hosenball, M.: Special report – in cyberspy vs. cyberspy, China has the edge. In: Reuters. http://web.archive.org/web/20160421125947/http://www.reuters.com/article/us-china-usa-cyberespionage-idUSTRE73D24220110414 (2011). Zugegriffen am 22.08.2017

  30. Mimoso, M.: Naikon APT Group Tied to China’s PLA Unit 78020. In: ThreatConnect Blog. https://www.threatconnect.com/in-the-news/naikon-apt-group-tied-to-chinas-pla-unit-78020/ (2015). Zugegriffen am 22.08.2017

  31. South China Morning Post: ,Chinese cyberspies‘ hack international court’s website to fish for enemies in South China Sea dispute. http://web.archive.org/web/20151017050922/http://www.scmp.com/news/china/policies-politics/article/1868395/chinese-cyberspies-hack-international-courts-website (2015). Zugegriffen am 20.08.2017

  32. The Guardian: Russia Accused of Series of International Cyber-Attacks. http://web.archive.org/web/20160513174121/https://www.theguardian.com/technology/2016/may/13/russia-accused-international-cyber-attacks-apt-28-sofacy-sandworm (2016). Zugegriffen am 20.08.2017

  33. ESET: BlackEnergy and the Ukrainian power outage – what we really know. In: welivesecurity Blog. http://web.archive.org/web/20160114015324/https://www.welivesecurity.com/2016/01/11/blackenergy-and-the-ukrainian-power-outage-what-we-really-know/ Zugegriffen am 20.08.2017

  34. Meyers, A.: Danger Close – Fancy Bear Tracking of Ukrainian Field Artillery Units. In: CrowdStrike Blog. http://web.archive.org/web/20170820103928/https://www.crowdstrike.com/blog/danger-close-fancy-bear-tracking-ukrainian-field-artillery-units/ (2016). Zugegriffen am 20.08.2017

  35. Villeneuve, N.: Tracking GhostNet – Investigating a Cyber Espionage Network. www.nartv.org/mirror/ghostnet.pdf (2009). Zugegriffen am 13.08.2017

  36. Baumgartner, K., Raiu, C., Maslennikov, D.: Android Trojan Found in Targeted Attack. In: SecureList. http://web.archive.org/web/20170813125606/https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/ (2013). Zugegriffen am 13.08.2017

  37. Kozy, A.: Occupy Central – The Umbrella Revolution and Chinese Intelligence. In: CrowdStrike Blog. http://web.archive.org/web/20160419233041/https://www.crowdstrike.com/blog/occupy-central-the-umbrella-revolution-and-chinese-intelligence/ (2014). Zugegriffen am 20.08.2017

  38. Van Horenbeeck, M.: JavaScript/HTML droppers as a targeted attack vector. In: Internet Storm Center Diary. http://web.archive.org/web/20170820111504/https://isc.sans.edu/diary/JavaScriptHTML+droppers+as+a+targeted+attack+vector/3400 (2007). Zugegriffen am 20.08.2017

  39. Central Committee of the Communist Party of China: The 13th Five-Year Plan for Economic and Social Development of the People’s Republic of China. In: National Development and Reform Commission (NDRC). http://en.ndrc.gov.cn/newsrelease/201612/P020161207645765233498.pdf (2015). Zugegriffen am 23.08.2017

  40. Huotari, M., Hanemann, T.: Chinese investment in Europe – record flows and growing imbalances. In: Mercator Insitute for China Studies. http://web.archive.org/web/20170823182222/https://www.merics.org/en/merics-analysis/papers-on-china/cofdi/cofdi2017/ (2017). Zugegriffen am 23.07.2017

  41. Kania, E.: Beyond CFIUS – The Strategic Challenge of China’s Rise in Artificial Intelligence. In: Lawfare Blog. http://web.archive.org/web/20170823182426/https://lawfareblog.com/beyond-cfius-strategic-challenge-chinas-rise-artificial-intelligence (2017). Zugegriffen am 23.08.2017

  42. Mohsin, S.: Mnuchin Seeks Greater Scrutiny of Chinese Investments in U.S.. In: Bloomberg. https://www.bloomberg.com/news/articles/2017-06-14/mnuchin-seeks-greater-scrutiny-of-chinese-investments-in-u-s (2017). Zugegriffen am 23.08.2017

  43. Doherty, S., Gegeny, J., Spasojevic, B., Baltazar, J.: Hidden Lynx – Professional Hackers for Hire. In: Symantec Security Response Blog. www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/hidden_lynx.pdf (2013). Zugegriffen am 23.08.2017

  44. GReAT: Winnti. More than just a game. In: SecureList. http://web.archive.org/web/20170705150702/https://securelist.com/winnti-more-than-just-a-game/37029/ (2013). Zugegriffen am 23.08.2017

Download references

Author information

Authors and Affiliations

  1. Bonn, Deutschland

    Timo Steffens

Authors
  1. Timo Steffens
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer-Verlag GmbH Deutschland

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Steffens, T. (2018). Geopolitische Analyse. In: Auf der Spur der Hacker. Springer Vieweg, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-55954-3_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-55954-3_6

  • Published:

  • Publisher Name: Springer Vieweg, Berlin, Heidelberg

  • Print ISBN: 978-3-662-55953-6

  • Online ISBN: 978-3-662-55954-3

  • eBook Packages: Computer Science and Engineering (German Language)

Publish with us

Policies and ethics

Search

Navigation