When a Hack Occurs, Is It a True Cyber Attack or Cyberespionage?

Published with Permission by:
Lint, James R., “When a Hack Occurs, Is It a True Cyber Attack or Cyberespionage?”, In Cyber Defense, 20 March 2018, Web,

By James Lint
Senior Editor for InCyberDefense and Contributor, In Homeland Security

The cyber community needs to get its nomenclature settled with regard to the word “cyber attack.” The term “cyber attack” is popular; it creates good headlines and gets good clicks on search engines.

Cyber professionals, however, need to agree on what a cyber attack actually is. That will help cyber defenders to identify priorities and focus on actual problems.

Lists Such as the ‘Biggest Cyber Attacks’ Need to Be More Precise

Some of the more famous “Biggest Cyber Attacks in 2017” lists can be found on Google and other search engines. But these lists often describe events, not actual attacks.

The lists compiled by CNN, Calyptix, TechRepublic and others mostly include the same cyber events. But are these events really attacks? None of the articles mention permanently damaged systems.

Equifax Hack Was a Theft, Not an Attack

CNN Tech states, “Cybercriminals penetrated Equifax (EFX), one of the largest credit bureaus, in July [2017] and stole the personal data of 145 million people. It was considered among the worst breaches of all time because of the amount of sensitive information exposed, including Social Security numbers.”

CNN used a more accurate description: “Cybercriminals penetrated Equifax.” But other media sources put this event on their list of attacks.

Equifax stock is still listed on the New York Stock Exchange and doing business. The company had to upgrade some of its computers, but it did not appear to suffer permanent damage.

Calyptix said that this cyber event could have been prevented by applying an available software patch months before the attack. But the Equifax hack was probably a robbery of opportunity because the unpatched system was vulnerable to hackers. It’s safe to say the Equifax crime happened because hackers wanted to steal information that could be resold.

Office of Personnel Management Database Hack Was Espionage

On June 15, 2015, the Office of Personnel Management (OPM) reported that it had suffered a data breach. Hackers were able to penetrate an OPM database that contained decades of security clearance information and files. The theft of this data affected 21 million current and former government employees and contractors.

Beth Cobert, Acting Director of the Office of Personnel Management, said, “Millions of individuals, through no fault of their own, had their personal information stolen and we’re committed to standing by them, supporting them, and protecting them against further victimization. And as someone whose own information was stolen, I completely understand the concern and frustration people are feeling.”

Writing on the Rand Blog, international policy analyst Larry Hanauer said, “The theft of personal information regarding millions of government employees and their associates from an Office of Personnel Management database — which cybersecurity experts have attributed to China — represents an enormous intelligence threat that is still not fully understood.”

Hanauer said the real threat is that “China’s intelligence services could use the data to identify people with financial difficulties, learn potentially embarrassing personal information (such as drug use or mental health issues), or tap into lists of contacts and organizational affiliations to develop seemingly innocuous communications designed to elicit information.”

The OPM hack was clearly espionage. It is definitely a different type of espionage from the days of dead drops and spies grabbing information captured by miniature cameras.

However, today’s counterintelligence workforce may not need photography skills. Instead. cyber skills will be increasingly in demand to prevent events such as the OPM hack from occurring again.

Titan Rain: A Continuing Cyberespionage Effort to Target US Government Secrets

Since 2003, Chinese hackers have been targeting U.S. computer systems in an attempt to gain U.S. secrets. These hackers are part of a wider espionage ring called “Titan Rain.” In 2005, Time magazine described this Chinese cyberespionage conducted against the U.S. government.

ZDnet reported, “The hackers…are thought to have stolen U.S. military secrets, including aviation specifications and flight-planning software. The U.S. government has coined the term ‘Titan Rain’ to describe the hackers.”

The attackers allegedly grabbed specs from the Redstone Arsenal for the mission-planning system for Army helicopters. Unfortunately, the problem with cyberespionage is you often never know what was stolen until much later.

Cyberespionage Is a Better Term Than Cyber Attack

The proper word we should use to better describe some of these hacks is “cyberespionage.” The Oxford English Dictionary defines cyberespionage as “The use of computer networks to gain illicit access to confidential information, typically that held by a government or other organization.”

To avoid further confusion, cyberespionage is the word that should be taught to future cyber defenders and espionage professionals.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 49th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”