The protracted SolarWinds hack by suspected Russian state-backed hackers is the latest sign of Moscow’s increasing intent and improved technical capability to cause disruption and spying on a global scale in cyberspace.
The hack, which threatens parts of the U.S. government as well as technology businesses, a hospital and a university, contributes to a series of increasingly sophisticated and increasingly shameless online intrusions, showing cyber operations as an important plan became in the Russian confrontation with the West, say analysts and officials.
Moscow’s relations with the West are still deteriorating, and the Kremlin sees cyber operations as a cheap and effective way to achieve its geopolitical goals, analysts say. According to them, it is therefore unlikely that Russia will withdraw from such tactics, not even before US sanctions or countermeasures.
“For a country that already considers itself in every domain in conflict with the West, except in an open military clash, there is no incentive to leave any field that can offer an advantage,” said Keir Giles, senior adviser. at Chatham House, said. tank.
Russia’s cyber operations have grown in line with Moscow’s global ambitions: from cyber attacks on neighboring Estonia in 2007 to election interference in the US and France a decade later, to SolarWinds, which is seen as one of the worst known heels of federal computer systems.
“We can certainly see Russia taking the gas on cyber operations,” said Sven Herpig, a former German government cyber security officer and expert on the German independent public policy think tank, Stiftung Neue Verantwortung. “The development of new tools, the division of labor, the creation of attack platforms, has increased in sophistication over the years,” he said.
Jamil Jaffer, a former White House and Justice official, said cyber operations were an important part of [Russia’s] play. ”
“It enabled them to rise,” he said. Jaffer, senior vice president at IronNet Cybersecurity, said.
A suspected Russian cyber attack by the federal government has violated at least six departments on the cabinet. Gerald F. Seib, WSJ, explains what the hack means for President-elect Joe Biden’s national security efforts. Photo illustration: Laura Kammermann
Russia has consistently denied participating in state-sponsored burglary campaigns, including SolarWinds,
claims that the country does not carry out offensive cyber operations. In September, Russian President Vladimir Putin proposed restoring US-Russia information and security relations.
Russia is not involved in such attacks, especially not in Russia [SolarWinds]. We make it official and determined, “Kremlin spokesman Dmitry Peskov said recently. “Any allegations that Russia was involved are absolutely unfounded and appear to be the continuation of a kind of blind Russophobia,” he said.
But analysts say Moscow has added hacking to its arsenal of so-called gray area activities – a kind of warfare that shoots from actual shootings – along with disinformation campaigns and the use of ‘green green males’, the masked soldiers in green uniforms. which appeared in 2014 with Russian weapons on Ukrainian territory.
Jeffrey Edmonds, a former White House and Central Intelligence Agency official who studies Russia at CNA, a nonprofit research organization that advises the Pentagon, said the Russian cyber operations have numerous simultaneous objectives, including gathering intelligence, testing capabilities, preparing for potential conflict by mapping opponents’ critical infrastructure and the basis for cyber negotiations.
Such operations are a relatively inexpensive and effective way of conducting geopolitics, said Bilyana Lilly, a researcher at the Rand Corp think tank. This is crucial for Russia, which faces significant economic and demographic challenges and whose economy is smaller than that of Italy. A 2012 article in an official Russian military magazine states that the ‘complete destruction of the information infrastructure’ of the USA or Russia could have been carried out by only one battalion of 600 ‘information warriors’ at a cost of $ 100 million word.
Responding to Moscow’s increased cyber activity was a challenge. Washington’s retaliatory measures – sanctions, seizure of property, diplomatic evictions, even the cyber equivalent of warning shots – have apparently done little to deter hacks.
“Russia does not view sanctions as an instrument of pressure, but as an instrument of punishment,” said Pavel Sharikov, a senior fellow at the Institute for US and Canadian Studies at the Russian Academy of Sciences. “The Russian government says, ‘Yes, we understand that you do not like what we do, but we do not really care.'”
U.S. authorities and technology companies have reported several cases of Russian cyberattacks and interference efforts ahead of the 2020 election. WSJ investigates how Russian hackers and trolls expanded their toolkit for 2016 with new tactics.
In recent years, the so-called information confrontation has become an established part of the Russian military doctrine, according to an article co-written by Lil Lil, Rand. In 2019, General Valery Gerasimov, Chief of the Russian General Staff, said that in modern warfare, cyberspace “not only provides opportunities for remote, secretive influence on critical information infrastructures, but also on the country’s population, which directly affects national security. . “
The use of hackers by Russia to advance its geopolitical agenda initially focused primarily on targets in former Soviet countries. A cyber attack in Estonia in 2007 blocked government websites, banks and newspapers. Subsequent attacks in Ukraine and Georgia disrupted power supplies, disrupted media sales and targeted electoral infrastructure, officials said.
More recently, Russian state-backed hackers have targeted the West. In 2014, they broke into the State Department’s unclassified e-mail system and stole a White House computer and President Barack Obama’s unclassified schedule, U.S. officials said. In 2015, according to German officials, they ended up in the German parliament in what experts consider the most important hack in the country’s history.
Since its intervention in the US election in 2016, Russia has been accused of attacks on the French election and the Olympic Games in Pyeongchang and the costly NotPetya malware attacks on corporate networks. This year, Western governments accused Russia of cyber-spying on targets associated with coronavirus vaccines. Russia denies involvement.
As the operations expanded, Russian hackers’ technical capabilities improved, experts say.
In the attack on Estonia in 2007, hackers used a relatively crude tool called ‘distributed denial-of-service’, which hacked websites offline by flooding them with data, and did little to hide their trail, with some of their IP addresses in Russia.
More recent operations have used new reconnaissance tools and methods to cover up operations, including false flag tactics, to show that another country is responsible.
In 2018, federal officials said Russian-sponsored Russian hackers had broken into so-called safe, “air-barred” or isolated networks owned by U.S. electric utilities. In the SolarWinds hack, intruders fraudulently used a routine software update to gain access to hundreds of U.S. government and corporate systems that had not been detected for months.
Some former US officials have said that Russia is far from being flawless in the cyber sphere.
“They are not 10 feet tall. They are traceable, “said former senior CIA official Steven Hall, who oversaw US intelligence operations in the former Soviet Union and Eastern Europe.
Ultimately, it remains to be seen how advanced Russia is in the cyber empire, said Bruce Potter, chief information security officer at the cyber security firm Expel. Nations are reluctant to use their best cyber tools because countries and companies can quickly spot a vulnerability.
“They put in just enough to do the job,” he said. “And they get the job done.”
Write to Georgi Kantchev at [email protected] and Warren P. Strobel at [email protected]
Copyright © 2020 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8