recommended reading

Creative, Audacious or Destructive: The Different Personalities of Nation-State Hackers


What are the various styles of different nation-state hackers?

Well, you're not going to find the answers in an online personality quiz, but an IT researcher recently took a stab at explaining the personas you might find among cyber adversaries backed by countries.

So what sets a Russian hacker apart? Creativity. And China? Mass and audacity, "meaning they don’t care if they’re seen for the most part . . . and they throw a lot of people at their problems,” said Richard Bejtlich, chief security strategist at FireEye, who acknowledges his statements are “broad generalizations.”

Bejtlich spoke Nov. 2 at a defense summit in Washington, organized by Nextgov’s sister publication Defense One.

Bejtlich described Iran as “still learning” but “willing to be destructive.” And North Korea, who allegedly hacked Sony Pictures last year, is “also willing to be destructive but they’re criminals and thugs."

North Korea is a “criminal state, and I was not surprised by that at all,” Bejtlich said, referring to the crippling hack that became a public relations nightmare and exposed the entertainment giant’s internal emails and information.

Being a hacker doesn't always involve effecting the mini-implosion of a multibillion company -- you know, fun and games.

Fellow panelist Jeff Coburn, FBI’s chief of the Major Cyber Crimes division, pointed out that hackers also have to juggle their own interests while working for someone else.

“A lot of these state-sponsored hackers are not just state-sponsored hackers; they have a private life, they have their own interests that they do on the side and so those kind of mesh . . . working for the state and also working for yourself," Coburn said.

A Chinese cyberespionage unit’s workday may not differ much from the regular 9-5 grind of a regular working Joe, according to a 2013 Mandiant report. Some hackers “do go to work and hold business hours,” and “sometimes, they work shift work,” Bejtlich said.

“Every once in awhile, you get glimpses into who these people are,” he added.

After Mandiant published that 2013 report, a news outlet in China wrote about how someone had tracked down a blog written by one of those hackers. The writer “sounded like your average, bored 20-something-year-old enlisted troop; he didn’t like where he was working, he missed his girlfriend, he was looking forward to his next vacation, he didn’t like his apartment,” Bejtlich said.

Hackers, they’re just like us.

(Image via Tammy54/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.