Quip Pro Quo Hacking: Air-Gapped Attribution

Quip Pro Quo Hacking is when a threat group or subject that is otherwise benign becomes cyber-hostile towards victims based on the promise of reciprocity, position, respect, monetary gain,  favors, or other benefits to obscure the true intent, identity,  TTPs, and/or other identifiers of the requester whom wish to evade legal prohibitions and limits, find facts that can be used to build a parallel investigation to prosecute a subject, gain market or national advantage, or attack an ally.

A notional example of a Quid Pro Quo campaign would be if a notional tech giant like the notional Boogle inc.,  notional Facelook, notional Amazog.calm, or notional Cisgo network gear were to engage Chinese intelligence officials to request the Chinese government gather information about certain competitors and return the tech company would provide the Chinese government with technology and capabilities to increase the surveillance they conduct on their citizens.  The Chinese government might accept the offer and begin producing intelligence on foreign competitors with the returned promise of much tighter control and ease of monitoring its population for dissidents, activists, critics, and otherwise interesting citizens.  

A second notional example would be an intelligence or military agency (let’s use Russia this time) providing law enforcement with access to a secret database of surveillance data with the promise that the law enforcement agencies would add stingrays (the slang for malicious cell-phone tower impersonation gear designed to conduct mass surveillance on the surrounding area) in all of their vehicles.  Russia would be able to collect extremely large amounts of mass surveillance data on its citizens and law enforcement officials could build a case against anyone they decided they didn’t like on any given day then use that case to build a parallel investigation that would mot reveal the use of the secret intelligence database.  The Russian government can circumvent any laws regarding mass collection of citizens’ data or mass surveillance while law enforcement agencies can use the hacked (by way of a man-in-the-middle attack using intelligence agency gear) to build cases against citizens in a way that would otherwise be unlawful or not possible.

Whom engages in Quid Pro Quo hacking can be far ranging such as:

• A lone wolf that engages in campaigns to receive free holidays at reports or other travel
• intelligence agencies to circumvent national laws.
• private industry to form alliances without mergers.
• political staff, appointees, and elected officials to gain political advantage, international advantage or stature, power, and/or money

• government officials to circumvent sanctions while.
• governments whom use an enemy to attack or collect intelligence on a friendly nation and attack or collect intelligence on a friendly nation for the enemy in return.
• judiciary staff, members, or appointees whom want a political advantage (they are elected in a lot of places), want to advance personal or political interests, or want to influence the local, regional, or national legal boundaries or limits.
• Repossession and collection agencies whom want to circumvent laws.
• Tech and advertising agencies whom traffic in data and homeprivacy-invasions.

When it comes to threat groups it is true that law enforcement does catch some organizations and does shutter some campaigns and enterprises; however, there are still some one-hit wonders, groups that seem to be targeting everyone, groups that seen to be targeting unrelated victims, and groups that have constantly changing and evolving infrastructure, tactics, techniques, and procedures (TTPs), and/or whom have fairly isolated incidents of divergence from their normal targeting activities.  These might just indicate a Quip Pro Quo campaign underway to “air-gap attribution” by obscuring the source requestor.   Attribution has never been easy because threat actors mimic others’ TTPs  but it may have just become a little more difficult.