Certain countries stand out as aggressors in the public debate, for example Russia, China, North Korea and Iran. From the victim’s point of view, the country of origin rarely matters, Eronen reflects.
Jussi Eronen, data security expert
I have been answering questions about cyber attacks for almost twenty years. For some reason, I almost always get asked what country the attackers come from.
to use the Internet according to the latest statistics almost five and a half billion people from almost every country in the world. According to the UN estimate however, one fifth of the countries do not have legislation on cybercrime.
The Council of Europe evaluates a year ago, that only half of the world’s countries had sufficient capabilities to investigate cybercrimes and convict their perpetrators. As the old saying goes, opportunity makes a thief, and in today’s world there is certainly no shortage of opportunities.
So why do the same countries often appear in the headlines? One reason is that the countries that otherwise practice espionage, i.e. illegal intelligence in their target country, also do it via the Internet.
The average web user ends up however, much more likely to be a victim of crime than espionage, so let’s focus on crime now.
Experts largely agree that some authoritarian countries, such as the previously mentioned China and Russia, have a permissive attitude towards cybercrime, as long as it is directed exclusively abroad.
Suspicions have been raised in the international community about using criminals to advance state goals.
Many of the most significant attacks and advanced attack arsenals of recent times involve ransomware. They are again in several in reports connected to criminals operating from Russia.
It is often stated that the state actors of the mentioned authoritarian countries, in addition to tolerating them, actually encourage cyber attacks abroad. The international community has presented doubts from using criminals to advance state goals. The US Department of Justice has charged North Korea’s state actors even for online crimes aimed at financial gain abroad. I don’t have any better information about the situations or aspirations of the authoritarian countries mentioned above.
So why don’t I consider the source country of the attacks to be such a significant piece of information?
Mainly because it doesn’t matter to the victim whether the successful attack came from Russia, Venezuela or Cambodia. Regardless of the perpetrator, the effects are the same, information is stolen or operations are stopped, and bringing criminals to justice is just as difficult.
The best developed attack methods are sold or distributed for free online. It is easy for new entrepreneurs to use them in their attacks. The basic level of attacks improves with each method developed.
The importance of the attacker’s skills, geography and the target’s language will only diminish. And it’s good to remember that an attack doesn’t always have to be technically very advanced to be successful.
Countries with a low risk of being caught by cybercriminals are often with low average incomes. Many of them are haunted organized crime and corruption, which also contribute to cybercrimes. Carrying out many attacks or scams does not require special skills or expensive equipment, but your own work and a spare network connection can be enough.
A cybercriminal can get good hourly wages in his country even with modest earnings. So it’s no wonder that there are enough attacks and attackers everywhere on the internet.
As for the scams, it’s already clear, that the most successful factors can come from Asia, Africa as well as Europe. This also applies to cases targeting Europe. The phenomenon will expand in other forms of online crime as well.
Geopolitics, the feeling of a big international game and highly skilled supercriminals are certainly sexier than large herds of varying levels of voros around the world.
Events and behavior that would not be tolerated in the physical world on a lunar day are accepted online.
Although online crimes are felt easily as a phenomenon like a faceless and undamaged force of nature, there are clear reasons for their growth.
Events and behavior that would never be tolerated in the physical world are accepted online. There are shortcomings in legislation, supervision and attitudes. Cybercrimes will be common as long as there are safe harbors for criminals in the world.
We should no more accept crime online than in the physical world.
Jussi Eronen
The author is a civil servant dedicated to securing the network. He works as a leading expert at the Finnish Transport and Communications Agency Traficom’s Cyber Security Center.