Wednesday, October 19, 2022

Top spy agency is hiring 1900 workers. Here’s what it takes

 

Top spy agency is hiring 1900 workers. Here’s what it takes

The Australian Signals Directorate is on the hunt for 1900 recruits, with some of those positions reserved for cyber spies. Here’s what they actually do.

Campbell KwanBreaking news reporter
Share

Espionage is on track to supplant terrorism as Australia’s biggest security threat over the next five years.

Two of Australia’s top spy agencies, ASIO and the Australian Signals Directorate (ASD), say espionage attempts by multiple countries remain “unacceptably high”.

It’s not just physical espionage that is increasing. Online attacks are rising, which is why cyberspace has become the new playground for many spies.

The recent Optus hack and a string of other recent cyberattacks have shown how data breaches are becoming the new norm, and have reinforced how important it is to have a large cohort of well-trained cyber spies ready to attack back.



In fact, the secretive ASD, which plays a key role in cyber warfare, announced earlier this year that it would recruit to fill an extra 1900 roles, with a $10 billion boost in this year’s federal budget to expand its capabilities.

What does a cyber spy actually do?

Former FBI cyber agent Dennis Desmond says most cyber intelligence collection uses a lot of the same techniques as in-person spies.

“The advantage of working online is you can actually craft multiple identities to operate online, whereas in the physical world, it’s a lot more difficult to be different things to different people,” Desmond says.

Cyber espionage operations come in many forms, but one example is “persona operations”, ASD director-general Rachel Noble tells The Australian Financial Review.

This is about crafting an identity on dating apps and sites to schmooze information out of a target.

These operations are done as a team sport, the spy chief says.

In that team, there’s the “cyber spy” – a technical specialist – who would have the expertise to get close to a target digitally and collect the information.

There are also operational psychologists who help the spies shape a convincing fake identity – crafting an identity of an attractive woman around the target’s age, for example. Third, there are international relations experts who add their expertise in cultural nuances (for example, the ideal tone and language to use when befriending an American as opposed to a German person).

Analysts then help to trace the footsteps of the target.

Cyber spies could be involved in anything from uncovering paedophile rings and drug cartels to trying to hack government networks, as a preventive measure, to make sure sensitive data is as secure as it can be.

Do cyber spies track down data hackers?

As for cyberattacks, such as the one that recently hit Optus, ASD works with law enforcement to identify the hackers and disrupt cyber criminals.

UNSW Canberra cyber director of enterprise Nigel Phair, who spent 21 years with the AFP, says cyber spies might go on the offensive by “purporting to be a criminal to be disruptive” online.

The more that [the ASD] can put sand in the gears of criminals through a range of online shenanigans, both offensive and defensive, and disrupt them – that’s where cyber intelligence is succeeding.”

ASD cyber intelligence analysts, meanwhile, would be trying to uncover the country where the hacker is based, to find their online communications, how they’re moving data, where the data is, how the data is being stored, and whether it is being shared with anyone.

Analysts would also be tracking the data flow and where it has ended up, and validating whether it had been deleted. 

What role do cyber spies play in actual wars?

Cyber spies are also increasingly being used in physical warfare, Noble says.

“We have actually seen in the Russia-Ukraine conflict the integration of cyber activities into warfare, which I think really prior to that conflict was a somewhat hypothetical proposition.”

Desmond, who has been following the cyber espionage activity in Ukraine closely, says cyber spies are taking down networks and making distributed denial-of-service (DDoS) attacks, where a hacker makes a machine or system unavailable to its intended users. This activity has led to access to drones, weapons systems and important databases being denied.

“The collection of information countrywide and the aggregation of that information – plus the stuff that others are providing – really allows Ukraine to leverage what they have and [to] operate on a really shoestring budget,” he says.

For example, foreign cyber espionage experts have shared their technical capabilities with Ukrainian battlefield commanders who have used drones to drop munitions, target individual troops and collect information.

Cyber spies, from the Ukrainian and Russian sides, have also hacked CCTV systems to overlay video with facial recognition software to identify battlefield operators, as well as their prisoners, then used it for propaganda and influence campaigns.

What skills do you need to become a cyber spy?

Noble says the ASD does not recruit with a specific set of skills in mind, although a premium is placed on those who can speak languages other than English.

One of her agency’s “stars” was a barber in their former life, she adds.

“When I say it’s a team sport, we actually mean that. Our recruitment is open to people of all ages and backgrounds to join ASD,” Noble says. 

But Desmond says those chosen to become the actual “cyber spy”, rather than the cyber intelligence analyst or expertise support, usually need a minimum of a bachelor’s degree in some technology-related field.

“I would focus on ICT [information and communications technology] and cybersecurity [degrees], obviously, but also, if you find courses that teach open-source intelligence collection or cyber intelligence collection, then try to take those as well.”

The former FBI special agent says spy agencies such as ASD are looking for those who can speak languages other than English, perform investigations and navigate the dark web.

“Obviously, native Russian, Chinese, Farsi, Arabic would be huge – being able to identify people with technical skills as well as language. In my case, I have 15 years of Russian and I had cyber training in operations plus I was a federally trained agent,” Desmond says.

Do you need to be able to keep a secret?

Beyond having the hard skills to be a cyber spy, the ability to be discreet sits high on the list of qualities a spy has to have.

Noble says a tip for those interested in working in cyber intelligence is to ask themselves a question she asks her children: “Can you act like you don’t have a secret?”

It sounds simple, but Noble says people love to share.

“We look for people who have a psychological profile which would indicate to us that there’s a good chance that they will be a great patriot to their country, and be capable of keeping the secrets that they become privy to during the course of their work.”

Desmond says the vetting process for spooks varies across organisations and countries. In the US, spy agencies primarily use background investigations, polygraphs and psychological interviews to find people who are good at keeping secrets.

In Australia, spy agencies consistently rely on psychological evaluations and background investigations. ASD says applicants can also expect to undergo psychometric testing, technical skills testing, writing assessments and assessment-centred activities.

Read more AFR explainers


The Verge: “Hackers commandeer online accounts at industrial scale. Here’s how to restore and protect your access to Apple, Facebook, Google, Instagram, Snapchat, Spotify, TikTok, and Twitter. Nearly 2 out of 5 Americans say that hackers have taken over their social media accounts. And those numbers are likely to rise as more and more account information gets leaked in breaches of big corporations. 

“[Hackers are] taking those credentials and, in an automated fashion, they’re gonna bounce those up against every other account out there on the web,” says Lisa Plaggemier, executive director of the National Cybersecurity Alliance. Even if you don’t reuse the exact same password on other accounts, hacker software can easily generate iterations until they get a hit.

(Chances are, you’ve been involved in multiple data breaches. To find out, visit the site have i been pwned?, enter your email address, and see how you’ve been affected.) Other times, people hand their logins to crooks by responding to scam emails saying, for instance, that your Facebook page has been scheduled for deletion and you must log in immediately (at the bogus link below) to appeal the action….The steps for regaining access to your account vary from online service to service—sometimes by a little and sometimes by a lot. But they follow a general pattern — escalating from easy password resets and proving your identity to (sometimes) getting help from actual humans. Unfortunately, if hackers have manipulated your account too much, such as changing your username, password, and contact info, you may not be able to recover your account…”

How to rescue your hacked account: Facebook, Instagram, Snapchat, and more The Verge