Cyber attacks can come from any number of actors: criminals, terrorists, hacktivists (activist hackers) — but foreign nations are at the "very top" of the US' threat list. And at the top of that list lies the US' usual suspects: Russia, China, Iran and North Korea.
The inclusion of North Korea comes amid the country's warming relations with the US. That's because "diplomacy isn't going to impact their ability or desire to continue in this activity," Mahairas told Business Insider. "What they're looking for is information, access, and advantage. Whether it's in the cyber universe or not, those are the objectives."
In December of 2017, the Trump administration blamed North Korea for the WannaCry cyber attack against hospitals, schools, business and other institutions across 150 countries that previous May. However, North Korea roundly rejected responsibility for the ransomware attack.
Mahairas' team led the investigation into Behzad Mesri, accused of hacking the premium television network HBO and leaking scripts of the show "Game of Thrones" between May and August 2017 and demanding a bitcoin ransom for the scripts and other items he allegedly obtained. The investigation resulted in an indictment of Mesri, who was then also accused of hacking into military systems at the behest of Iran's military.
The agent told Business Insider there has been a "noticeable uptick in activity" from Iranian hackers in recent years.
Mahairas pointed to the 2007 hack of American defense contractor Lockheed Martin, part of a series of hacks codenamed "Byzantine Hades" by US investigators, presumably as a reason for China's inclusion on the list. NSA documents leaked by Edward Snowden and diplomatic cables published by WikiLeaks pointed to China as the culprit. Some of the information targeted was classified material about the fifth-generation F-35 fighter jet.
Russia, for its part, is "the most sophisticated and technically capable. They are really good at hiding the digital breadcrumbs that lead back to them," the agent said, pointing to Canadian hacker Karim Baratov, who was sentenced to five years in US prison in late May after pleading guilty to conducting the 2013 Yahoo hack which compromised all 3 billion accounts on the website. Baratov, who was a juvenile at the time, is accused by the US Justice Department of having worked under the guidance of two FSB agents, Moscow's state security bureau.
Mahairas spoke to Business Insider at length about a different kind of threat from Russia, namely from the Internet Research Agency, an alleged troll farm in St. Petersburg accused of trying to swing the 2016 election in favor of Donald Trump by using social media accounts to promote a number of views ranging from Christian memes to coloring books featuring a muscular Bernie Sanders.
— Alex Rubinstein (@RealAlexRubi) November 1, 2017
Mahairas' assessment of who poses the greatest danger to the US in the realm of cyber echoes warnings by NATO Secretary General Jens Stoltenberg made in Paris in May, when he highlighted the WannaCry and Fancy Bear attacks.
"Nowhere is the ‘Fog of War' thicker than it is in cyberspace," Stoltenberg said, calling "software" an instrument of "soft war." Cyber security will be a theme at NATO's Alliance Summit in July. In July 2016, NATO pledged to heighten its cyber threat deterrence capabilities with the Cyber Defense Pledge.
Russia, China, Iran and North Korea are far from the only countries accused of hacking American political campaigns. For example, the Turkish nationalist hacker group Ayyıldız Tim took over the Twitter accounts of former Fox News hosts Eric Bolling and Greta Van Susteren along with India's top diplomat to the United Nations, Syed Akbaruddin, posting pro-Erdogan messages in January. The group claimed responsibility for the attacks on the Twitter accounts they took over. They also hacked Israel's Iron Dome air defense system, according to the Turkish Daily Sabah newspaper. While Ayyıldız Tim claims to not be connected to the Turkish government, which is a member of NATO, it is difficult to imagine a state-sponsored hacking group that would admit to its backers.