employ persistent and sophisticated tactics against specific assets, whereas a disgruntled
employee may leverage confidential knowledge to cause a disruption in service or loss of pro-
prietary information. The following sections contain examples of popular threat agents.
Nation-States, Including the NSA
Nation-state attackers are groups of highly sophisticated attackers that are funded by their gov-
ernments. Given the amount of financial backing and support available to them, they are
highly persistent and will continuously attempt to penetrate their target until they are success-
ful. They employ tactics that are difficult to detect, and they are determined to maintain access
to the compromised infrastructure for long periods of time. This type of threat agent came to
mainstream attention after the set of attacks carried out against major corporations in late
2009 that came to be named Operation Aurora. The targets included major organizations
such as Google, Adobe Systems, Juniper Networks, Rackspace, Yahoo!, Symantec, Northrop
Grumman, Morgan Stanley, and Dow Chemical. The Chinese government was blamed for the
attack, while the Chinese government in turn blamed the US for indulging in conspiracy.
The US National Security Agency (NSA) is also a candidate for this category of threat
agent. Classified information leaked by the famous whistleblower Edward Snowden demon-
strated extensive efforts by the NSA to spy on US citizens as well as to launch targeted attacks
against foreign targets. The ethical implications of Snowden leaking the information may be
debatable, but the information he leaked helped the world realize the lengths to which a gov-
ernment agency can go to spy on citizens and launch cyberattacks.
Snowden confirmed that the NSA had worked with the government of Israel to write the
famous Stuxnet worm. Stuxnet targeted the Iranian nuclear program by infecting computers
and destroying roughly a fifth of Iran’s nuclear centrifuges by causing them to spin out of
control. This is one of the most famous cyberweapons and is an example of how malware can
cause physical damage to affect critical systems.
In February 2015, researchers from Kaspersky Labs disclosed a powerful strain of mal-
ware that could install a backdoor on the firmware of hard drives manufactured by companies
like Seagate, Toshiba, and Western Digital. This backdoor is hard to detect since it intercepts
every attempt to read the hard drive to find the malicious code. The researchers noted that
portions of the code in the backdoor are similar to modules found in the design of Stuxnet.
They further noted that infected machines were found in countries that are common US spy-
ing targets, such as China, Iran, Pakistan, and Russia.
The increased popularity of IoT devices will definitely be an area of interest to the organi-
zations funded by nation-states. They are known to want to steal trade secrets and obtain
access to critical facilities. They are likely to attempt to compromise entire platforms support-
ing IoT infrastructure by targeting supply chains to inject malicious code in hardware or soft-
ware, or by remotely targeting the devices that offer Internet connectivity.
ABUSE CASES IN THE CONTEXT OF THREAT AGENTS 217