Foreign governments that rely on the services of private criminal hackers leave their operations vulnerable to being exposed and disrupted, creating something of a "silver lining" for U.S. law enforcement investigations of cyberattacks, a top Justice Department official said Monday.
Criminal hackers hired by nations are more likely to travel and expose themselves to the risk of being arrested and prosecuted, and may be less savvy about evading detection than a sworn intelligence officer, Adam Hickey, a deputy assistant attorney general in the Justice Department's national security division, said during a cybersecurity panel discussion at Georgetown University.
"That matters because apprehending them ... can give us the human intelligence into state-sponsored hacking that can be very, very valuable and supplement the technical insight," Hickey said.
The blended model of foreign government official and hired criminal hacker was illustrated in a punishing 2014 hack of Yahoo's network that affected hundreds of thousands of user accounts. The Justice Department last month charged two officers of the Russian Federal Security Service, or FSB, and two criminal hackers in connection with the massive breach.
Similarly, a Chinese businessman with an expertise in aerospace engineering, Su Bin, was sentenced to prison last year for working with Chinese military officials in a hacking scheme aimed at stealing military technical data from U.S. defense contractors. Prosecutors said he directed the Chinese military hackers with whom he was working whom to target and which files to steal.
"Su Bin traveled—the Air Force officers have not so far—and he was arrested in Canada, where he'd spent some time," Hickey said.
Though criminal hackers can benefit from their collaboration with government officials and national security access, and in some cases could be shielded from arrest, the alliance can nonetheless prove beneficial for the Justice Department, Hickey said.
"There's a reason to be concerned about blended threats, but I also think working with criminals or those who travel and those who are not sworn intelligence officers leaves your organization more vulnerable," Hickey said. "Because I'm seeing that we can pick those people up. We can reach those people."
Explore further: Kremlin denies involvement after Yahoo cyberattack charges