Digital Footprints Offer a Window Into Covert Actions
When recent reports emerged of widespread, yearslong cyberattacks by Chinese hackers on Kenya’s government, China was quick to offer a boilerplate denial. But, experts say, in the digital environment, it is harder than ever for attackers to cover their tracks.
Writing for Chatham House, Dr. James Shires, senior research fellow in the International Security Program, said strategies for covert action have evolved.
“The digital age has created many new opportunities for covert action but has also made traditional strategies much harder to conceal,” he wrote. One is to “use distraction and disinformation, hiding embarrassing or sensitive facts in a forest of false counterclaims.”
Russia and China have lengthy histories of covert operations and disinformation campaigns on the continent. Shires examined Iran’s activities as a case study.
“Iran’s use of its state airline and small boats to supply drones for Russia’s war in Ukraine, as well as its ongoing support for actors in several destabilizing regional conflicts, has brought the issue of covert action into the foreground,” Shires wrote.
Iran reportedly has conducted cyber-enabled influence operations around the world. At home, it has limited internet access and imposed censorship in order to quell dissent. But digital evidence of covert actions has grown as a method of countering these operations.
“There are pieces that will distinguish the operator or their sponsor,” cybersecurity expert John Hultquist told MIT Technology Review magazine. “They will bleed through multiple operations regardless of deception.
“Once you start tying it to other incidents, the deception loses its effectiveness. It’s very hard to keep the deception going over multiple operations.”
Hultquist pointed to a recent example in which cursory evidence of a cyberattack suggested that Iran bore responsibility. The hackers used tools typically associated with Iranians and wrote in the Farsi language.
But further investigation and information gathered from other internet espionage cases across the Middle East revealed that it was not an Iranian operation but was conducted by Chinese operatives posing as hackers from Tehran.
Shires is urging countries to develop tools and strategies to counter these covert actions.
Malign state and non-state actors expect their operations to be outed, he said. They already have plans to sow confusion with denials and distraction.
“Countering these changing strategies requires transparency, persistence and international cooperation,” he said.
“While narratives of attribution will always be contested, especially in an online world with an overload of misinformation and disinformation, the incremental weight of such reporting should not be underestimated.”