Skip to content Skip to footer

Nation-State Hacking: 2017 in Review

2017 is the year government hacking played the Super Bowl halftime show.

If 2016 was the year government hacking went mainstream, 2017 is the year government hacking played the Super Bowl halftime show. It’s not Fancy Bear and Cozy Bear making headlines. This month, the Trump administration publicly attributed the WannaCry ransomware attack to the Lazarus Group, which allegedly works on behalf of the North Korean government. As a Presidential candidate, Donald Trump famously dismissed allegations that the Russian government broke into email accounts belonging to John Podesta and the Democratic National Committee, saying it could easily have been the work of a “400 lb hacker” or China. The public calling-out of North Korean hacking appears to signal a very different attitude towards attribution.

Lazarus Group may be hot right now, but Russian hacking has continued to make headlines. Shortly after the release of WannaCry, there came another wave of ransomware infections, Petya/NotPetya (or, this author’s favorite name for the ransomware, “NyetYa”). Petya was hidden inside of a legitimate update to accounting software made by MeDoc, a Ukrainian company. For this reason and others, Petya was widely attributed to Russian actors and is thought to have primarily targeted Ukrainian companies, where MeDoc is commonly used. The use of ransomware as a wiper, a tool whose purpose is to render the computer unusable rather than to extort money from its owner, appears to be one of this year’s big new innovations in the nation-state actors’ playbook.

WannaCry and Petya both owe their effectiveness to a Microsoft Windows security vulnerability that had been found by the NSA and code named EternalBlue, which was stolen and released by a group calling themselves the Shadow Brokers. US agencies losing control of their hacking tools has been a recurring theme in 2017. First companies, hospitals, and government agencies find themselves targeted by re-purposed NSA exploits that we all rushed to patch, then Wikileaks published Vault 7, a collection of CIA hacking tools that had been leaked to them, following it up with the publication of source code for tools in Vault 8.

This year also saw developments from perennial bad actor Ethiopia. In December, Citizen Lab published a report documenting the Ethiopian government’s ongoing efforts to spy on journalists and dissidents, this time with the help of software provided by Cyberbit, an Israeli company. The report also tracked Cyberbit as their salespeople demonstrated their surveillance product to governments including France, Vietnam, Kazakhstan, Rwanda, Serbia, and Nigeria. Other perennial bad actors also made a splash this year, including Vietnam, whose government was linked to Ocean Lotus, or APT 32 in a report from FireEye. The earliest known samples from this actor were found by EFF in 2014, when they were used to target our activists and researchers.

Any and all original material on the EFF website may be freely distributed at will under the Creative Commons Attribution License, unless otherwise noted. All material that is not original to EFF may require permission from the copyright holder to redistribute.

Defying Trump’s right-wing agenda from Day One

Inauguration Day is coming up soon, and at Truthout, we plan to defy Trump’s right-wing agenda from Day One.

Looking to the first year of Trump’s presidency, we know that the most vulnerable among us will be harmed. Militarized policing in U.S. cities and at the borders will intensify. The climate crisis will deteriorate further. The erosion of free speech has already begun, and we anticipate more attacks on journalism.

It will be a terrifying four years to produce social justice-driven journalism. But we’re not falling to despair, because we know there are reasons to believe in our collective power.

The stories we publish at Truthout are part of the antidote to creeping authoritarianism. And this year, we promise we will kick into an even higher gear to give you truthful news that cuts against the disinformation, vitriol, hate and violence. We promise to publish analyses that will serve the needs of the movements we all rely on to survive the next four years, and even build for the future. We promise to be responsive, to recognize you as members of our community with a vital stake and voice in this work.

Please show your support for Truthout with a tax-deductible donation (either once today or on a monthly basis).