How Russian hackers let the Kremlin play geopolitics on the cheap

The sprawling SolarWinds hack by suspected Russian state-backed hackers is the latest sign of Moscow’s growing resolve and improved technical capability to cause disruption and conduct global espionage in the world. cyberspace.

The hack, which has compromised parts of the U.S. government as well as tech companies, a hospital and a university, adds to a series of increasingly sophisticated and brazen online intrusions, demonstrating just how cyber operations have become a key part of Russia’s confrontation with the West, analysts and officials say.

Moscow’s relations with the West continue to deteriorate and the Kremlin views cyber operations as a cheap and efficient way to achieve its geopolitical goals, analysts say. Russia is therefore unlikely, they say, to back down in the face of such tactics, even in the face of US sanctions or countermeasures.

“For a country that already perceives itself as being in conflict with the West in virtually every area except open military clashes, there is no incentive to leave any area that may offer an advantage,” he said. said Keir Giles, senior consultant at Chatham House. tank.

The reach of Russia’s cyber operations grew alongside Moscow’s global ambitions: from cyberattacks on neighboring Estonia in 2007 to electoral interference in the United States and France a decade later, to SolarWinds, considered the l one of the worst hacks known to federal computer systems.

SOLARWINDS HACKERS CONSULTED MICROSOFT SOURCE CODE

“We can certainly see that Russia is entering the cyber operations market,” said Sven Herpig, former head of German government cybersecurity and expert at the independent German policy think tank Stiftung Neue Verantwortung. “The development of new tools, the division of labor, the creation of attack platforms, have all grown in sophistication over the years,” he said.

Jamil Jaffer, a former White House and Justice Department official, said cyber operations have become “an important part of [Russia’s] to play.”

“It took them to the next level,” said Mr. Jaffer, senior vice president of IronNet Cybersecurity.

Russia has consistently denied engaging in state-sponsored hacking campaigns, including SolarWinds, saying the country does not conduct offensive cyber operations. In September, Russian President Vladimir Putin proposed a reset in the relationship between the United States and Russia on information security.

“Russia is not involved in such attacks, in particular [SolarWinds]. We declare it officially and resolutely, “Kremlin spokesman Dmitry Peskov recently said.” Any claim of Russian involvement is absolutely baseless and appears to be a continuation of a kind of blind Russophobia, ”he said.

But analysts say Moscow has added hacking to its arsenal of so-called gray zone activities – a type of warfare that stops before live fire – alongside disinformation campaigns and the use of “little green men.” ”, The masked soldiers in green uniforms appeared with Russian weapons on Ukrainian territory in 2014.

U.S. CYBER AGENCY SAYS SOLARWINDS HACKERS ‘IMPACTING’ STATE AND LOCAL GOVERNMENTS

Jeffrey Edmonds, a former White House and Central Intelligence Agency official who studies Russia at the CNA, a nonprofit research organization that advises the Pentagon, said Russia’s cyber operations have many simultaneous goals, including intelligence gathering, capacity testing, preparation for potential conflict by mapping critical infrastructure of adversaries and laying the groundwork for cyber negotiations.

Such operations are a relatively inexpensive and efficient way to conduct geopolitics, said Bilyana Lilly, a researcher at the Rand Corp. think tank. It is crucial for Russia, which faces significant economic and demographic challenges and whose he economy is smaller than that of Italy. A 2012 article in an official Russian military newspaper said that the “complete destruction of the information infrastructure” of the United States or Russia could be carried out by a single battalion of 600 “information warriors” at the cost of 100. millions of dollars.

Responding to Moscow’s increased cyber activity has been a challenge. Washington’s retaliatory measures – sanctions, property seizures, diplomatic expulsions, even the cybernetic equivalent of warning shots – appear to have done little to deter hacks.

“Russia does not see sanctions as an instrument of pressure but as an instrument of punishment,” said Pavel Sharikov, senior researcher at the Institute of American and Canadian Studies at the Russian Academy of Sciences. “The Russian government says, ‘Yes, we understand that you don’t like what we’re doing, but we don’t really care. “”

In recent years, the so-called confrontation of information has become an integral part of Russian military doctrine, according to an article co-authored by Ms. Lilly de Rand. In 2019, General Valery Gerasimov, Chief of Staff of Russia, declared that in modern warfare cyberspace “offers opportunities for remote and covert influence not only over critical information infrastructures, but also on the population of the country, directly influencing national security “.

SOLARWINDS HACK VICTIMS: FROM TECHNOLOGY COMPANIES TO HOSPITAL AND UNIVERSITY

Russia’s use of hacking to advance its geopolitical agenda initially focused primarily on targets in ex-Soviet countries. A 2007 cyberattack in Estonia disabled government, bank and newspaper websites. Subsequent attacks in Ukraine and Georgia destroyed power supplies, disrupted media and targeted electoral infrastructure, officials said.

More recently, Russian state-backed hackers have set their sights on the West. In 2014, they broke into the State Department’s unclassified email system and a White House computer server and stole President Barack Obama’s unclassified calendar, U.S. officials said. In 2015, they entered the German parliament, according to German officials, in what experts consider the largest hack in the country’s history.

Since its meddling in the 2016 US election, Russia has been accused of attacks on the French elections and the Pyeongchang Winter Olympics and the costly NotPetya malware attacks on corporate networks. This year, Western governments have accused Russia of cyber espionage against targets related to coronavirus vaccines. Russia has denied any involvement.

As the operations have grown, the technical capabilities of Russian hackers have improved, experts say.

In the 2007 attack in Estonia, hackers used a relatively rudimentary tool called “distributed denial of service” which took websites offline by flooding them with data, and did little to hide their trace, some of their IP addresses being located in Russia.

GET FOX BUSINESS ON THE ROAD BY CLICKING HERE

More recent operations have used new reconnaissance tools and methods to mask operations, including false flag tactics, to make it appear that another country was responsible.

In 2018, federal officials said state-sponsored Russian hackers broke into allegedly secure, “idle” or isolated grids owned by US electric utilities. In the SolarWinds hack, intruders stealthily used a routine software update to gain access to hundreds of undetected U.S. government and corporate systems for months.

Still, some former U.S. officials have said Russia is far from perfect in the cybersphere.

“They are not three meters tall. They are detectable,” said former senior CIA official Steven Hall, who oversaw US intelligence operations in the former Soviet Union and Eastern Europe. .

Ultimately, it remains to be seen how sophisticated Russia is when it comes to cybernetics, said Bruce Potter, chief information security officer at cybersecurity firm Expel. Countries are reluctant to deploy their best cyber tools, as this would lead countries and businesses to patch a vulnerability quickly.

“They just put in enough money to do the job,” he said. “And they do the job.”