How Russia’s info warrior ‘hackers let Kremlin play cheap geopolitics

The protracted SolarWinds hack by suspected Russian state-backed hackers is the latest sign of Moscow’s increasing intent and improved technical capability to cause disruption and spying on a global scale in cyberspace.

The hack, which threatens parts of the U.S. government as well as technology businesses, a hospital and a university, contributes to a series of increasingly sophisticated and increasingly shameless online intrusions, showing cyber operations as an important plan became in the Russian confrontation with the West, say analysts and officials.

Moscow’s relations with the West are still deteriorating, and the Kremlin sees cyber operations as a cheap and effective way to achieve its geopolitical goals, analysts say. According to them, it is therefore unlikely that Russia will withdraw from such tactics, not even before US sanctions or countermeasures.

“For a country that already considers itself in every domain in conflict with the West, except in an open military clash, there is no incentive to leave any field that can offer an advantage,” said Keir Giles, senior adviser. at Chatham House, said. tank.

Russia’s cyber operations have grown in line with Moscow’s global ambitions: from cyber attacks on neighboring Estonia in 2007 to election interference in the US and France a decade later, to SolarWinds, which is seen as one of the worst known heels of federal computer systems.

SOLARWINDS HACKERS SEE MICROSOFT SOURCE CODE

“We can certainly see Russia taking the gas on cyber operations,” said Sven Herpig, a former German cyber security officer and expert on the German independent think tank Stiftung Neue Verantwortung. “The development of new tools, the division of labor, the creation of attack platforms, has increased in sophistication over the years,” he said.

Jamil Jaffer, a former White House and Justice official, said cyberbullying had become a significant part of [Russia’s] play. “

“It allows them to rise,” he said. Jaffer, senior vice president at IronNet Cybersecurity, said.

Russia has consistently denied participating in state-sponsored hacking campaigns, including SolarWinds, and claims the country does not conduct offensive cyber operations. In September, Russian President Vladimir Putin proposed restoring US-Russia information and security relations.

“Russia is not involved in such attacks, especially not in Russia [SolarWinds]. Kremlin spokesman Dmitry Peskov said this officially and resolutely.

But analysts say Moscow has added hacking to its arsenal of so-called gray area activities – a kind of warfare that does not stop actual shootings – along with disinformation campaigns and the use of ‘green green males’, the masked soldiers in green uniforms who in 2014 with Russian arms appeared on Ukrainian territory.

US CYBER AGENCY SAY SOLARWINDS HACKERS ARE ‘IMPACTIVE’ STATE, LOCAL GOVERNMENTS

Jeffrey Edmonds, a former White House and Central Intelligence Agency official who studies Russia at CNA, a nonprofit research organization that advises the Pentagon, said the Russian cyber operations have numerous simultaneous objectives, including gathering intelligence, testing capabilities, preparing for potential conflict by mapping opponents’ critical infrastructure and the basis for cyber negotiations.

Such operations are a relatively inexpensive and effective way of conducting geopolitics, said Bilyana Lilly, a researcher at the Rand Corp think tank. This is crucial for Russia, which faces significant economic and demographic challenges and whose economy is smaller than that of Italy. A 2012 article in an official Russian military magazine states that the “complete destruction of the information infrastructure” of the USA or Russia by only one battalion of 600 “information warriors” could be accomplished at a cost of $ 100 million .

Responding to Moscow’s increased cyber activity was a challenge. Washington’s retaliatory measures – sanctions, seizures of property, diplomatic evictions, even the cyber equivalent of warning shots – have apparently done little to deter hacks.

“Russia does not view sanctions as an instrument of pressure, but as an instrument of punishment,” said Pavel Sharikov, a senior fellow of the Russian Academy of Sciences’ Institute for American and Canadian Studies. “Yes, we understand that you do not like what we do, but we do not really care.”

In recent years, the so-called information confrontation has become an established part of the Russian military doctrine, according to an article co-written by Lil Lil, Rand. In 2019, General Valery Gerasimov, head of the Russian General Staff, said that cyberspace in modern warfare “provides opportunities for remote, secret influence not only on critical information infrastructures but also on the country’s population, which directly affects national security. . “

SOLARWINDS HACK VICTIMS: FROM TECHNO COMPANIES TO A HOSPITAL AND UNIVERSITY

The use of hackers by Russia to advance its geopolitical agenda initially focused primarily on targets in former Soviet countries. A cyber attack in Estonia in 2007 blocked government websites, banks and newspapers. Subsequent attacks in Ukraine and Georgia disrupted power supplies, disrupted media sales and targeted electoral infrastructure, officials said.

More recently, Russian state-backed hackers have targeted the West. In 2014, they broke into the State Department’s unclassified e-mail system and stole a White House computer and President Barack Obama’s unclassified schedule, U.S. officials said. In 2015, according to German officials, they ended up in the German parliament in what experts consider the most important hack in the country’s history.

Since its intervention in the US election in 2016, Russia has been accused of attacks on the French election and the Olympic Games in Pyeongchang and the costly NotPetya malware attacks on corporate networks. This year, Western governments accused Russia of cyber-spying on targets associated with coronavirus vaccines. Russia denies involvement.

As the operations expanded, Russian hackers’ technical capabilities improved, experts say.

In the attack on Estonia in 2007, hackers used a relatively crude tool called ‘distributed denial-of-service’ that hacked websites offline by flooding them with data, and did little to hide their trail, with some of them IP address in Russia.

GET FOX BUSINESS ON THE GO by clicking here

More recent operations have used new reconnaissance tools and methods to cover up operations, including false flag tactics, to show that another country is responsible.

In 2018, federal officials said Russian-sponsored Russian hackers had broken into so-called safe, “air-torn” or isolated networks owned by U.S. electric utilities. In the SolarWinds hack, intruders fraudulently used a routine software update to gain access to hundreds of U.S. government and corporate systems that had not been detected for months.

Some former US officials have said that Russia is far from being flawless in the cyber sphere.

“They are not ten meters tall. They are traceable,” said former senior CIA official Steven Hall. He oversaw US intelligence operations in the former Soviet Union and Eastern Europe.

Ultimately, it remains to be seen how advanced Russia is in the cyber empire, said Bruce Potter, chief information security officer at the cyber security firm Expel. Nations are reluctant to use their best cyber tools because countries and companies can quickly spot a vulnerability.

“They put in just enough to do the job,” he said. “And they get the job done.”