Foreign governments that rely on the services of private criminal hackers leave their operations vulnerable to being exposed and disrupted, creating a "silver living" for U.S. law enforcement investigations of cyberattacks, a top Justice Department official said Monday.
Criminal hackers hired by nations are more likely to travel and expose themselves to the risk of being arrested and prosecuted, and may be less savvy about evading detection, Adam Hickey, a deputy assistant attorney general in the Justice Department's national security division, said during a cybersecurity discussion at Georgetown University.
"That matters because apprehending them ... can give us the human intelligence into state-sponsored hacking that can be very, very valuable," Hickey said.
The blended model of foreign government official and hired criminal hacker was illustrated in a punishing 2014 hack of Yahoo's network that affected hundreds of thousands of user accounts. The Justice Department last month charged two officers of the Russian Federal Security Service, or FSB, and two criminal hackers with the massive breach.
Similarly, a Chinese businessman, Su Bin, was sentenced to prison last year for working with Chinese military officials in a hacking scheme aimed at stealing technical military data from U.S. defense contractors.
Though criminal hackers can benefit from their collaboration with government officials, and in some cases could be shielded from arrest, the alliance can be valuable for the Justice Department, Hickey said.
"There's a reason to be concerned about blended threats, but I also think working with criminals or those who travel and are not sworn intelligence officers leaves your organization more vulnerable," Hickey said. "Because I've seen we can pick those people up."