Cyberspace: a dark and dangerous realm—a “Wild West” full of aggressive, state-sponsored trolls—where Russian hackers meddle in elections, ready and willing to undermine Western democracy at the Kremlin’s behest. Governments of the free world: fear for your lives.
At least, that’s how most people seem to be talking about it these days. Almost every week, hackers—particularly Russian ones—seem to dominate cyber news. And now, cyber security is on the national agenda for all governments of the “Five Eyes”—the name of the intelligence alliance between the U.S., Canada, the U.K., Australia, and New Zealand.
But in the rush to classify “cyber” as a threat, especially in the wake of U.S. President Trump’s alleged collusion with “the Russians,” cyber has become a black and white story. And this lack of nuance is hindering efforts to effectively address what has become a modern form of both warfare and crime.
Here are three key myths dominating discussions about cyber threat.
Myth 1: State-sponsored hackers are the primary threat.
State-linked and state-sponsored cybercrime—generally referred to as the “cyber warfare” threat—is prevalent. This category includes attacks such as the alleged North Korean Sony hack, or the WannaCry attack that, amongst other entities, targeted the NHS, the U.K.’s public health system. In November 2016, U.S hackers allegedly implanted themselves into Russia’s electrical grids and infrastructure. Putin-approved hackers allegedly penetrated the U.S. Democratic National Convention’s servers and attempted to do so with the Republican servers as well.
But the opacity of cyberspace means that attribution is incredibly hard to determine. And instead of politically motivated state-sponsored hacking, it appears that the bulk of cyber crime is financially driven. Its perpetrators are criminals not aligned with any particular political ideology. They are opportunistic, looking to gain access to data or financial information that could be exploited or sold.
Myth 2: Hackers are brilliant, lone wolves.
The idea that hackers are highly intelligent young men is not new. This stereotype particularly applies to Russian hackers: brilliant, lone mathematicians who succumb to the financial temptations of black-hat hacking.
The reality appears more that the strength of cyber criminality lies in the dynamism and strength of hacker networks. There are endless online forums where hackers can learn the trade and other forums where cyber criminals can sell their services. The Russian-speaking cyber criminal network has been likened to a professional business: hacking services come with maintenance services, guarantees and agreements. Cyber actors also connect to peers all over the world, sharing information on an international scale. It is a live, flexible community relying on much more than some romanticized lone wolves.
Myth 3: Hackers are mostly Russian.
The Russian language is prevalent in the cyber criminal community. In fact, Russian is among the top three languages of the internet (English and Mandarin Chinese being the first two). There is a distinct reason for this. The fall of the Soviet Union allowed Russian-speaking people in the ex-Soviet space to develop and work on cyber criminality at a rate, pace and level not possible in the Western world. Unmonitored internet forums flourished, tinged with a criminality that characterized the 1990s in that part of the world. Non-Russian speakers were not trusted, leading to a saturation of cyber criminals from eastern Europe and central Asia.
Today, Russian remains the lingua operandi for the cyber community. Non-native Russian speakers often learn the language in order to enter the community or obtain services. The majority of hackers are therefore not necessarily ethnically Russian or based in Russia. Instead, the community stretches all over the world.