- Browse/Search the Program
Search
Browse By Day
Browse By Time
Browse By Person
Browse By Mini-Conference
Browse By Division
Browse By Session or Event Type
Browse Sessions by Fields of Interest
Browse Papers by Fields of Interest
- Information Menu
Search Tips
Conference
Location
About APSA
- Navigation and Settings Menu
Personal Schedule
Change Preferences / Time Zone
Sign In
- Social Media Menu
Twitter
Facebook
Dark Visitors: Cyberdefense and the Theory of Firm Intelligence Value
Fri, September 6, 4:00 to 5:30pm, Marriott Philadelphia Downtown, Franklin 1Abstract
Why do states sponsor ransomware gangs? Conventional explanations by scholars of International Relations suggest that ransomware generates cash for governments and signals resolve. However, for most states sponsoring ransomware, the monetary payoffs are minimal, the potential for international backlash is significant, and the ability to effectively signal capabilities is questionable. Moreover, ransomware attacks, being revelatory in nature, prompt victims to strengthen their defenses against future attacks, thereby hindering the sponsoring states’ efforts in collecting bargaining-relevant intelligence. This paper presents a game theoretic model of an attacker and defender within a unidirectional supply chain network. The model posits that defenders are unable to distinguish between successfully hacked nodes and those spared from attack, leading to a routine over-defense of already secure nodes. This aspect incentivizes the attacker to target less critical nodes with ransomware – serving as both decoys and cartographers – while clandestinely collecting intelligence on more pivotal nodes. The paper explores this model through case studies of Chinese cyber espionage and ransomware campaigns, including a technical analysis of the methods employed. These studies lend credence to the "Theory of Firm Intelligence Value", demonstrating how firms possess varying levels of intelligence significance and why they might have been selected to begin with.